@sporesec/arcana 2.4.0 → 3.0.0

package/dist/registry.d.ts

@@ -6,4 +6,3 @@ export declare function parseProviderSlug(input: string): {
 };
 export declare function getProvider(name?: string): Provider;
 export declare function getProviders(name?: string): Provider[];
-//# sourceMappingURL=registry.d.ts.map

package/dist/registry.js

@@ -64,8 +64,5 @@ export function getProviders(name) {
     if (name)
         return [getProvider(name)];
     const config = loadConfig();
-    return config.providers
-        .filter((p) => p.enabled)
-        .map((p) => createProvider(p.name, p.type, p.url));
+    return config.providers.filter((p) => p.enabled).map((p) => createProvider(p.name, p.type, p.url));
 }
-//# sourceMappingURL=registry.js.map

package/dist/types.d.ts

@@ -4,6 +4,11 @@ export interface SkillInfo {
     version: string;
     source: string;
     repo?: string;
+    tags?: string[];
+    conflicts?: string[];
+    companions?: string[];
+    verified?: boolean;
+    author?: string;
 }
 export interface SkillFile {
     path: string;
@@ -26,6 +31,11 @@ export interface MarketplacePlugin {
     source: string;
     description: string;
     version: string;
+    tags?: string[];
+    conflicts?: string[];
+    companions?: string[];
+    verified?: boolean;
+    author?: string;
 }
 export interface ProviderConfig {
     name: string;
@@ -64,4 +74,3 @@ export interface DoctorCheck {
     message: string;
     fix?: string;
 }
-//# sourceMappingURL=types.d.ts.map

package/dist/types.js

@@ -1,2 +1 @@
 export {};
-//# sourceMappingURL=types.js.map

package/dist/utils/atomic.d.ts

@@ -1,2 +1 @@
 export declare function atomicWriteSync(filePath: string, content: string, mode?: number): void;
-//# sourceMappingURL=atomic.d.ts.map

package/dist/utils/atomic.js

@@ -13,8 +13,9 @@ export function atomicWriteSync(filePath, content, mode = 0o644) {
         try {
             unlinkSync(tmpPath);
         }
-        catch { /* cleanup best-effort */ }
+        catch {
+            /* cleanup best-effort */
+        }
         throw err;
     }
 }
-//# sourceMappingURL=atomic.js.map

package/dist/utils/cache.d.ts

@@ -1,4 +1,3 @@
 export declare function readCache<T>(key: string, maxAgeMs?: number): T | null;
 export declare function writeCache<T>(key: string, data: T): void;
 export declare function clearCacheFile(key: string): void;
-//# sourceMappingURL=cache.d.ts.map

package/dist/utils/cache.js

@@ -41,7 +41,8 @@ export function clearCacheFile(key) {
         try {
             unlinkSync(file);
         }
-        catch { /* best-effort */ }
+        catch {
+            /* best-effort */
+        }
     }
 }
-//# sourceMappingURL=cache.js.map

package/dist/utils/config.d.ts

@@ -1,6 +1,7 @@
 import type { ArcanaConfig, ProviderConfig } from "../types.js";
+/** Validate config and return warnings for invalid fields. */
+export declare function validateConfig(config: ArcanaConfig): string[];
 export declare function loadConfig(): ArcanaConfig;
 export declare function saveConfig(config: ArcanaConfig): void;
 export declare function addProvider(provider: ProviderConfig): void;
 export declare function removeProvider(name: string): boolean;
-//# sourceMappingURL=config.d.ts.map

package/dist/utils/config.js

@@ -4,6 +4,8 @@ import { homedir } from "node:os";
 import { ui } from "./ui.js";
 import { atomicWriteSync } from "./atomic.js";
 const CONFIG_PATH = join(homedir(), ".arcana", "config.json");
+/** Matches owner/repo slug format (e.g. "medy-gribkov/arcana") */
+const SLUG_RE = /^[a-zA-Z0-9_.-]+\/[a-zA-Z0-9_.-]+$/;
 const DEFAULT_CONFIG = {
     defaultProvider: "arcana",
     installDir: join(homedir(), ".agents", "skills"),
@@ -17,7 +19,27 @@ const DEFAULT_CONFIG = {
     ],
 };
 function cloneConfig(config) {
-    return { ...config, providers: config.providers.map(p => ({ ...p })) };
+    return { ...config, providers: config.providers.map((p) => ({ ...p })) };
+}
+/** Validate config and return warnings for invalid fields. */
+export function validateConfig(config) {
+    const warnings = [];
+    // Validate providers have valid owner/repo slugs
+    for (const p of config.providers) {
+        if (p.type === "github" && !SLUG_RE.test(p.url)) {
+            warnings.push(`Provider "${p.name}" has invalid URL "${p.url}". Expected owner/repo format.`);
+        }
+    }
+    // Validate installDir is absolute
+    if (!isAbsolute(config.installDir)) {
+        warnings.push(`installDir "${config.installDir}" is not an absolute path.`);
+    }
+    // Validate defaultProvider matches a configured provider or valid slug
+    const providerNames = config.providers.map((p) => p.name);
+    if (!providerNames.includes(config.defaultProvider) && !SLUG_RE.test(config.defaultProvider)) {
+        warnings.push(`defaultProvider "${config.defaultProvider}" doesn't match any configured provider and isn't a valid slug.`);
+    }
+    return warnings;
 }
 export function loadConfig() {
     if (!existsSync(CONFIG_PATH)) {
@@ -29,7 +51,7 @@ export function loadConfig() {
         const config = {
             ...DEFAULT_CONFIG,
             ...loaded,
-            providers: loaded.providers ?? DEFAULT_CONFIG.providers.map(p => ({ ...p })),
+            providers: loaded.providers ?? DEFAULT_CONFIG.providers.map((p) => ({ ...p })),
         };
         return applyEnvOverrides(config);
     }
@@ -51,11 +73,15 @@ function applyEnvOverrides(base) {
     }
     const envProvider = process.env.ARCANA_DEFAULT_PROVIDER;
     if (envProvider) {
-        if (envProvider.trim().length === 0) {
+        const trimmed = envProvider.trim();
+        if (trimmed.length === 0) {
             console.error(ui.warn("  Warning: ARCANA_DEFAULT_PROVIDER is empty. Ignoring."));
         }
+        else if (!SLUG_RE.test(trimmed) && !config.providers.some((p) => p.name === trimmed)) {
+            console.error(ui.warn(`  Warning: ARCANA_DEFAULT_PROVIDER "${trimmed}" is not a valid slug. Ignoring.`));
+        }
         else {
-            config.defaultProvider = envProvider.trim();
+            config.defaultProvider = trimmed;
         }
     }
     return config;
@@ -87,4 +113,3 @@ export function removeProvider(name) {
     saveConfig(config);
     return true;
 }
-//# sourceMappingURL=config.js.map

package/dist/utils/conflict-check.d.ts

@@ -0,0 +1,8 @@
+import type { SkillInfo } from "../types.js";
+import type { ProjectContext } from "./project-context.js";
+export interface ConflictWarning {
+    type: "rule-overlap" | "skill-conflict" | "preference-clash";
+    message: string;
+    severity: "warn" | "block";
+}
+export declare function checkConflicts(skillName: string, skillInfo: SkillInfo | null, skillContent: string | null, context: ProjectContext): ConflictWarning[];

package/dist/utils/conflict-check.js

@@ -0,0 +1,72 @@
+/** Known opposing preference pairs. If a skill promotes one, and CLAUDE.md has the other, warn. */
+const OPPOSING_PAIRS = [
+    ["callbacks", "async/await"],
+    ["any", "strict typing"],
+    ["abbreviations", "meaningful names"],
+    ["classes", "functional"],
+    ["oop", "functional programming"],
+    ["semicolons", "no semicolons"],
+    ["tabs", "spaces"],
+];
+export function checkConflicts(skillName, skillInfo, skillContent, context) {
+    const warnings = [];
+    // 1. Explicit skill-level conflicts from marketplace metadata
+    if (skillInfo?.conflicts && skillInfo.conflicts.length > 0) {
+        const installed = context.installedSkills;
+        const conflicting = skillInfo.conflicts.filter((c) => installed.includes(c));
+        for (const c of conflicting) {
+            warnings.push({
+                type: "skill-conflict",
+                message: `"${skillName}" conflicts with installed skill "${c}".`,
+                severity: "block",
+            });
+        }
+    }
+    // 2. Rule overlap: skill name matches existing .claude/rules/*.md filename
+    const ruleBasenames = context.ruleFiles.map((f) => f.replace(/\.md$/, "").toLowerCase());
+    if (ruleBasenames.includes(skillName.toLowerCase())) {
+        warnings.push({
+            type: "rule-overlap",
+            message: `A rule file "${skillName}.md" already exists in .claude/rules/. This skill may duplicate existing instructions.`,
+            severity: "warn",
+        });
+    }
+    // Also check if skill tags overlap heavily with rule file names
+    if (skillInfo?.tags) {
+        for (const tag of skillInfo.tags) {
+            if (ruleBasenames.includes(tag.toLowerCase()) && tag.toLowerCase() !== skillName.toLowerCase()) {
+                warnings.push({
+                    type: "rule-overlap",
+                    message: `Skill tag "${tag}" matches existing rule "${tag}.md". May overlap.`,
+                    severity: "warn",
+                });
+                break; // one warning is enough
+            }
+        }
+    }
+    // 3. Preference clash: check skill content against CLAUDE.md preferences
+    if (skillContent && context.preferences.length > 0) {
+        const contentLower = skillContent.toLowerCase();
+        for (const [a, b] of OPPOSING_PAIRS) {
+            const skillHasA = contentLower.includes(a);
+            const skillHasB = contentLower.includes(b);
+            const prefsHaveA = context.preferences.some((p) => p.toLowerCase().includes(a));
+            const prefsHaveB = context.preferences.some((p) => p.toLowerCase().includes(b));
+            if (skillHasA && prefsHaveB) {
+                warnings.push({
+                    type: "preference-clash",
+                    message: `Skill mentions "${a}" but your project prefers "${b}".`,
+                    severity: "warn",
+                });
+            }
+            else if (skillHasB && prefsHaveA) {
+                warnings.push({
+                    type: "preference-clash",
+                    message: `Skill mentions "${b}" but your project prefers "${a}".`,
+                    severity: "warn",
+                });
+            }
+        }
+    }
+    return warnings;
+}

package/dist/utils/errors.d.ts

@@ -3,4 +3,3 @@ export declare class CliError extends Error {
     readonly exitCode: number;
     constructor(message: string, code?: string, exitCode?: number);
 }
-//# sourceMappingURL=errors.d.ts.map

package/dist/utils/errors.js

@@ -8,4 +8,3 @@ export class CliError extends Error {
         this.name = "CliError";
     }
 }
-//# sourceMappingURL=errors.js.map

package/dist/utils/frontmatter.d.ts

@@ -9,4 +9,3 @@ export declare function extractFrontmatter(content: string): {
 export declare function parseFrontmatter(raw: string): SkillFrontmatter | null;
 export declare function fixSkillFrontmatter(content: string): string;
 export declare function validateSkillDir(skillDir: string, skillName: string): ValidationResult;
-//# sourceMappingURL=frontmatter.d.ts.map

package/dist/utils/frontmatter.js

@@ -40,7 +40,13 @@ export function parseFrontmatter(raw) {
         if (descMatch?.[1] !== undefined) {
             let value = descMatch[1].trim();
             // Handle YAML multiline: |, >, or bare indented continuation
-            if (value === "|" || value === ">" || value === "|-" || value === "|+" || value === ">-" || value === ">+" || value === "") {
+            if (value === "|" ||
+                value === ">" ||
+                value === "|-" ||
+                value === "|+" ||
+                value === ">-" ||
+                value === ">+" ||
+                value === "") {
                 const multilineLines = [];
                 for (let j = i + 1; j < lines.length; j++) {
                     const next = lines[j];
@@ -93,12 +99,7 @@ export function fixSkillFrontmatter(content) {
     if (!parsed)
         return content;
     // Rebuild clean frontmatter with only name and description
-    const cleanFm = [
-        FM_DELIMITER,
-        `name: ${parsed.name}`,
-        `description: ${parsed.description}`,
-        FM_DELIMITER,
-    ].join("\n");
+    const cleanFm = [FM_DELIMITER, `name: ${parsed.name}`, `description: ${parsed.description}`, FM_DELIMITER].join("\n");
     return cleanFm + "\n" + extracted.body.replace(/^\n+/, "\n");
 }
 export function validateSkillDir(skillDir, skillName) {
@@ -145,12 +146,29 @@ export function validateSkillDir(skillDir, skillName) {
     else if (parsed.description.length > MAX_DESC_LENGTH) {
         result.warnings.push(`Description too long (${parsed.description.length} chars, max ${MAX_DESC_LENGTH})`);
     }
-    // Check for non-standard fields
+    // Check for non-standard fields (metadata is invalid per spec)
     const standardFields = ["name", "description"];
+    const VALID_FIELDS = [
+        "name",
+        "description",
+        "argument-hint",
+        "compatibility",
+        "disable-model-invocation",
+        "license",
+        "user-invokable",
+    ];
     for (const line of extracted.raw.split("\n")) {
         const keyMatch = line.match(/^(\w[\w-]*):/);
         if (keyMatch?.[1] && !standardFields.includes(keyMatch[1])) {
-            result.infos.push(`Non-standard field: ${keyMatch[1]}`);
+            if (keyMatch[1] === "metadata") {
+                result.warnings.push("Invalid field: metadata (not allowed in frontmatter)");
+            }
+            else if (!VALID_FIELDS.includes(keyMatch[1])) {
+                result.infos.push(`Non-standard field: ${keyMatch[1]}`);
+            }
+            else {
+                result.infos.push(`Optional field: ${keyMatch[1]}`);
+            }
         }
     }
     if (parsed.name !== skillName) {
@@ -165,8 +183,17 @@ export function validateSkillDir(skillDir, skillName) {
     if (extracted.body.trim().length >= 50 && !extracted.body.includes("##")) {
         result.infos.push("Body has no ## headings (recommended for structure)");
     }
+    // Check for code blocks (quality signal)
+    if (extracted.body.trim().length >= 50 && !extracted.body.includes("```")) {
+        result.infos.push("No code blocks found (procedural skills should include code examples)");
+    }
+    // Check for BAD/GOOD pattern examples
+    const hasPattern = /(?:BAD|GOOD|WRONG|RIGHT|AVOID|PREFER|DO NOT|INSTEAD)/i.test(extracted.body) ||
+        /<!--\s*(?:bad|good)\s*-->/i.test(extracted.body);
+    if (extracted.body.trim().length >= 100 && !hasPattern) {
+        result.infos.push("No BAD/GOOD contrast patterns found (recommended for teaching)");
+    }
     if (result.errors.length > 0)
         result.valid = false;
     return result;
 }
-//# sourceMappingURL=frontmatter.js.map

package/dist/utils/fs.d.ts

@@ -32,4 +32,3 @@ export declare function listFilesByAge(dir: string, ext: string, olderThanDays:
  */
 export declare function isOrphanedProject(projectDirName: string): boolean;
 export declare function listSymlinks(): SymlinkInfo[];
-//# sourceMappingURL=fs.d.ts.map

package/dist/utils/fs.js

@@ -1,4 +1,4 @@
-import { existsSync, mkdirSync, writeFileSync, readFileSync, readdirSync, rmSync, renameSync, lstatSync, readlinkSync } from "node:fs";
+import { existsSync, mkdirSync, writeFileSync, readFileSync, readdirSync, rmSync, renameSync, lstatSync, readlinkSync, } from "node:fs";
 import { join, dirname, resolve, sep } from "node:path";
 import { homedir } from "node:os";
 import { loadConfig } from "../utils/config.js";
@@ -26,10 +26,14 @@ export function getDirSize(dir) {
                     else
                         size += stat.size;
                 }
-                catch { /* skip unreadable entries */ }
+                catch {
+                    /* skip unreadable entries */
+                }
             }
         }
-        catch { /* skip unreadable dirs */ }
+        catch {
+            /* skip unreadable dirs */
+        }
     }
     return size;
 }
@@ -45,14 +49,18 @@ export function installSkill(skillName, files) {
     try {
         for (const file of files) {
             // Reject paths containing .. before resolving
-            if (file.path.includes("..") || file.path.includes("~") || file.path.startsWith("\\\\") || file.path.startsWith("//")) {
+            if (file.path.includes("..") ||
+                file.path.includes("~") ||
+                file.path.startsWith("\\\\") ||
+                file.path.startsWith("//")) {
                 throw new Error(`Path traversal blocked: ${file.path}`);
             }
             const filePath = resolve(tempDir, file.path);
             // Normalize to lowercase on Windows for case-insensitive comparison
             const normalizedFile = process.platform === "win32" ? filePath.toLowerCase() : filePath;
             const normalizedTemp = process.platform === "win32" ? (tempDir + sep).toLowerCase() : tempDir + sep;
-            if (!normalizedFile.startsWith(normalizedTemp) && normalizedFile !== (process.platform === "win32" ? tempDir.toLowerCase() : tempDir)) {
+            if (!normalizedFile.startsWith(normalizedTemp) &&
+                normalizedFile !== (process.platform === "win32" ? tempDir.toLowerCase() : tempDir)) {
                 throw new Error(`Path traversal blocked: ${file.path}`);
             }
             const dir = dirname(filePath);
@@ -72,7 +80,9 @@ export function installSkill(skillName, files) {
         try {
             rmSync(tempDir, { recursive: true, force: true });
         }
-        catch { /* best-effort */ }
+        catch {
+            /* best-effort */
+        }
         throw err;
     }
     return skillDir;
@@ -124,13 +134,21 @@ export function listFilesByAge(dir, ext, olderThanDays) {
                         continue;
                     const age = now - stat.mtimeMs;
                     if (age > cutoff) {
-                        results.push({ path: full, sizeMB: stat.size / (1024 * 1024), daysOld: Math.floor(age / (24 * 60 * 60 * 1000)) });
+                        results.push({
+                            path: full,
+                            sizeMB: stat.size / (1024 * 1024),
+                            daysOld: Math.floor(age / (24 * 60 * 60 * 1000)),
+                        });
                     }
                 }
-                catch { /* skip */ }
+                catch {
+                    /* skip */
+                }
             }
         }
-        catch { /* skip */ }
+        catch {
+            /* skip */
+        }
     }
     return results;
 }
@@ -189,8 +207,9 @@ export function listSymlinks() {
                 results.push({ name: entry, fullPath, target, broken: !existsSync(target) });
             }
         }
-        catch { /* skip unreadable */ }
+        catch {
+            /* skip unreadable */
+        }
     }
     return results;
 }
-//# sourceMappingURL=fs.js.map

package/dist/utils/help.d.ts

@@ -3,4 +3,3 @@ export declare function buildCustomHelp(version: string): string;
 export declare function isFirstRun(): boolean;
 export declare function markInitialized(): void;
 export declare function showWelcome(version: string): void;
-//# sourceMappingURL=help.d.ts.map

package/dist/utils/help.js

@@ -4,6 +4,7 @@ import { homedir } from "node:os";
 import * as p from "@clack/prompts";
 import chalk from "chalk";
 import { ui } from "./ui.js";
+import { getGroupedCommands } from "../command-registry.js";
 const noColor = !!(process.env.NO_COLOR || process.env.TERM === "dumb");
 function amberShade(hex, text) {
     if (noColor)
@@ -32,30 +33,12 @@ export function renderBanner() {
     }
     return BANNER_LINES.map((line, i) => `  ${amberShade(AMBER_HEXES[i], line)}`).join("\n");
 }
-const COMMAND_GROUPS = {
-    "GETTING STARTED": [
-        { cmd: "init", desc: "Initialize arcana in current project" },
-        { cmd: "doctor", desc: "Check environment and diagnose issues" },
-    ],
-    SKILLS: [
-        { cmd: "list", desc: "List available skills" },
-        { cmd: "search <query>", desc: "Search across providers" },
-        { cmd: "info <skill>", desc: "Show skill details" },
-        { cmd: "install [skills...]", desc: "Install one or more skills" },
-        { cmd: "update [skills...]", desc: "Update installed skills" },
-        { cmd: "uninstall [skills...]", desc: "Remove one or more skills" },
-    ],
-    DEVELOPMENT: [
-        { cmd: "create <name>", desc: "Create a new skill from template" },
-        { cmd: "validate [skill]", desc: "Validate skill structure" },
-        { cmd: "audit [skill]", desc: "Audit skill quality" },
-    ],
-    CONFIGURATION: [
-        { cmd: "config [key] [val]", desc: "View or modify configuration" },
-        { cmd: "providers", desc: "Manage skill providers" },
-        { cmd: "clean", desc: "Remove orphaned data" },
-        { cmd: "stats", desc: "Show session analytics" },
-    ],
+// Help groups: subset of registry for --help display (keeps output scannable)
+const HELP_GROUPS = {
+    "GETTING STARTED": ["init", "doctor"],
+    SKILLS: ["list", "search", "info", "install", "update", "uninstall", "recommend"],
+    DEVELOPMENT: ["create", "validate", "audit"],
+    CONFIGURATION: ["config", "providers", "clean", "stats"],
 };
 const EXAMPLES = [
     "$ arcana install code-reviewer typescript golang",
@@ -74,11 +57,16 @@ export function buildCustomHelp(version) {
     lines.push("");
     lines.push(`  ${ui.dim("USAGE")}`);
     lines.push("    arcana <command> [options]");
-    for (const [group, commands] of Object.entries(COMMAND_GROUPS)) {
+    const allCommands = getGroupedCommands();
+    const allFlat = Object.values(allCommands).flat();
+    for (const [group, names] of Object.entries(HELP_GROUPS)) {
         lines.push("");
         lines.push(`  ${ui.dim(group)}`);
-        for (const { cmd, desc } of commands) {
-            lines.push(`    ${ui.cyan(padRight(cmd, 22))}${ui.dim(desc)}`);
+        for (const name of names) {
+            const entry = allFlat.find((c) => c.name === name);
+            if (!entry)
+                continue;
+            lines.push(`    ${ui.cyan(padRight(entry.usage, 22))}${ui.dim(entry.description)}`);
         }
     }
     lines.push("");
@@ -114,4 +102,3 @@ export function showWelcome(version) {
     p.log.info("They install on-demand and only load when relevant, not all at once.");
     console.log();
 }
-//# sourceMappingURL=help.js.map

package/dist/utils/history.d.ts

@@ -7,4 +7,3 @@ export declare function readHistory(): HistoryEntry[];
 export declare function appendHistory(action: string, target?: string): void;
 export declare function clearHistory(): void;
 export declare function getRecentSkills(limit?: number): string[];
-//# sourceMappingURL=history.d.ts.map

package/dist/utils/history.js

@@ -55,4 +55,3 @@ export function getRecentSkills(limit = 5) {
     }
     return skills;
 }
-//# sourceMappingURL=history.js.map

package/dist/utils/http.d.ts

@@ -14,4 +14,3 @@ export declare class RateLimitError extends HttpError {
     constructor(url: string, resetAt: Date | null);
 }
 export declare function httpGet(url: string, timeout?: number): Promise<HttpResponse>;
-//# sourceMappingURL=http.d.ts.map

package/dist/utils/http.js

@@ -102,11 +102,15 @@ function doGet(url, timeout, redirectCount = 0) {
         if (token) {
             try {
                 const hostname = new URL(url).hostname;
-                if (hostname === "github.com" || hostname.endsWith(".github.com") || hostname.endsWith(".githubusercontent.com")) {
+                if (hostname === "github.com" ||
+                    hostname.endsWith(".github.com") ||
+                    hostname.endsWith(".githubusercontent.com")) {
                     headers["Authorization"] = `token ${token}`;
                 }
             }
-            catch { /* invalid URL, skip auth */ }
+            catch {
+                /* invalid URL, skip auth */
+            }
         }
         const req = https.get(url, { headers, timeout, agent }, (res) => {
             // Follow redirects (HTTPS only)
@@ -123,8 +127,14 @@ function doGet(url, timeout, redirectCount = 0) {
                 // After the existing https check, add:
                 try {
                     const redirectUrl = new URL(location);
-                    const allowedHosts = ["github.com", "raw.githubusercontent.com", "api.github.com", "objects.githubusercontent.com", "registry.npmjs.org"];
-                    if (!allowedHosts.some(h => redirectUrl.hostname === h || redirectUrl.hostname.endsWith("." + h))) {
+                    const allowedHosts = [
+                        "github.com",
+                        "raw.githubusercontent.com",
+                        "api.github.com",
+                        "objects.githubusercontent.com",
+                        "registry.npmjs.org",
+                    ];
+                    if (!allowedHosts.some((h) => redirectUrl.hostname === h || redirectUrl.hostname.endsWith("." + h))) {
                         reject(new Error(`Redirect to untrusted host blocked: ${redirectUrl.hostname}`));
                         return;
                     }
@@ -162,4 +172,3 @@ function doGet(url, timeout, redirectCount = 0) {
         });
     });
 }
-//# sourceMappingURL=http.js.map

package/dist/utils/install-core.d.ts

@@ -0,0 +1,48 @@
+import type { Provider } from "../providers/base.js";
+import type { SkillFile, SkillInfo } from "../types.js";
+export interface InstallOneResult {
+    success: boolean;
+    skillName: string;
+    files?: SkillFile[];
+    sizeKB?: number;
+    error?: string;
+    scanBlocked?: boolean;
+    conflictBlocked?: boolean;
+    conflictWarnings?: string[];
+    alreadyInstalled?: boolean;
+}
+export interface InstallBatchResult {
+    installed: string[];
+    skipped: string[];
+    failed: string[];
+    failedErrors: Record<string, string>;
+}
+/** Scan fetched files for security threats. Returns true if install should proceed. */
+export declare function preInstallScan(_skillName: string, files: SkillFile[], force?: boolean): {
+    proceed: boolean;
+    critical: string[];
+    high: string[];
+};
+/** Check for conflicts with existing project context. Returns warnings/blocks. */
+export declare function preInstallConflictCheck(skillName: string, remote: SkillInfo | null, files: SkillFile[], force?: boolean): {
+    proceed: boolean;
+    blocks: string[];
+    warnings: string[];
+};
+/**
+ * Core install logic for a single skill. Handles:
+ * fetch -> security scan -> conflict check -> write files -> write meta -> update lock
+ */
+export declare function installOneCore(skillName: string, provider: Provider, opts: {
+    force?: boolean;
+    noCheck?: boolean;
+}): Promise<InstallOneResult>;
+/** Compute size warning message if skill exceeds threshold. */
+export declare function sizeWarning(sizeKB: number): string | null;
+/** Check if a skill can be installed (not already present or force mode). */
+export declare function canInstall(skillName: string, force?: boolean): {
+    proceed: boolean;
+    reason?: string;
+};
+/** Read existing meta to detect provider change on reinstall. */
+export declare function detectProviderChange(skillName: string, newProvider: string): string | null;