@tankpkg/cli 0.0.0-nightly.20260415.9bc2c8a → 0.0.0-nightly.20260416.2d9a5bf

package/dist/bin/tank.js

@@ -1,22 +1,25 @@
 #!/usr/bin/env node
-import { a as VERSION, i as USER_AGENT, l as setConfig, n as flushLogs, o as getConfig, s as getConfigDir, t as authFlowLog } from "../debug-logger-CbsZyznz.js";
+import { a as VERSION, i as USER_AGENT, l as setConfig, n as flushLogs, o as getConfig, s as getConfigDir, t as authFlowLog } from "../debug-logger-DD91p4Iq.js";
 import { t as logger } from "../logger-BhULz3Uz.js";
 import { Command } from "commander";
 import chalk from "chalk";
-import fs from "node:fs";
-import os from "node:os";
-import path from "node:path";
+import fs, { createWriteStream } from "node:fs";
+import os, { tmpdir } from "node:os";
+import path, { join } from "node:path";
 import { z } from "zod";
-import { claudeCodeAdapter, clineAdapter, compilePackage, cursorAdapter, normalizeDirectory, opencodeAdapter, rooCodeAdapter, windsurfAdapter } from "@internals/adapters";
+import semver from "semver";
 import ora from "ora";
 import { confirm, input } from "@inquirer/prompts";
 import crypto$1 from "node:crypto";
-import semver from "semver";
 import { buildSkillKey, checkPermissionBudget, downloadAllParallel, extractSafely, getExtractDir as getExtractDir$1, getGlobalExtractDir, getResolvedNodesInOrder, parseLockKey as parseLockKey$2, parseVersionFromLockKey, readExtractedDependencies, resolveDependencyTree, verifyExtractedDependencies, writeLockfileWithResolvedGraph } from "@tankpkg/sdk";
+import { createInterface } from "node:readline";
+import { execSync, spawn } from "node:child_process";
+import { mkdir, mkdtemp, rm, stat } from "node:fs/promises";
+import { Readable } from "node:stream";
+import { pipeline } from "node:stream/promises";
 import open from "open";
 import ignore from "ignore";
 import { create } from "tar";
-import { spawn } from "node:child_process";
 import { fileURLToPath } from "node:url";
 //#region \0rolldown/runtime.js
 var __defProp = Object.defineProperty;
@@ -262,10 +265,12 @@ const ruleIRSchema = z.object({
 	extensions: extensionBagSchema
 }).strict();
 const mcpServerConfigSchema = z.object({
-	command: z.string().min(1),
+	command: z.string().min(1).optional(),
 	args: z.array(z.string()).optional(),
-	env: z.record(z.string(), z.string()).optional()
-}).strict();
+	env: z.record(z.string(), z.string()).optional(),
+	runtime: z.string().min(1).optional(),
+	entry: z.string().min(1).optional()
+}).strict().refine((data) => data.command || data.runtime && data.entry, "MCP config must have either \"command\" or both \"runtime\" and \"entry\"");
 const toolIRSchema = z.object({
 	kind: z.literal("tool"),
 	name: z.string().min(1, "Tool name must not be empty"),
@@ -284,7 +289,7 @@ const atomIRSchema = z.discriminatedUnion("kind", [
 	resourceIRSchema,
 	promptIRSchema
 ]);
-z.object({
+const packageIRSchema = z.object({
 	name: z.string().min(1, "Name must not be empty").max(214, `Name must be 214 characters or fewer`).regex(NAME_PATTERN$1, "Name must be scoped (@org/name), lowercase alphanumeric and hyphens"),
 	version: z.string().regex(SEMVER_PATTERN$1, "Version must be valid semver"),
 	description: z.string().max(500).optional(),
@@ -308,11 +313,32 @@ const baseManifestFields = {
 };
 /** Legacy skills.json schema — strict, no atoms. Used for backward-compatible consumers. */
 const skillsJsonSchema = z.object(baseManifestFields).strict();
-z.object({
+/**
+* Publish manifest schema — accepts both legacy skills.json AND atom-enriched tank.json.
+* The `atoms` and `includes` fields are passed through as opaque JSON arrays,
+* validated only at surface level. Full atom IR validation happens at build time.
+*/
+const publishManifestSchema = z.object({
 	...baseManifestFields,
 	atoms: z.array(z.record(z.string(), z.unknown())).optional(),
 	includes: z.array(z.string()).optional()
 }).strict();
+const SKILL_SOURCES = [
+	"registry",
+	"github",
+	"clawhub",
+	"skills_sh",
+	"agentskills_il",
+	"npm",
+	"local"
+];
+const SCAN_VERDICTS = [
+	"pass",
+	"pass_with_notes",
+	"flagged",
+	"fail",
+	"error"
+];
 const lockedSkillV1Schema = z.object({
 	resolved: z.string().url(),
 	integrity: z.string().regex(/^sha512-/, "Integrity must start with sha512-"),
@@ -328,7 +354,10 @@ const lockedSkillSchema = z.object({
 	integrity: z.string().regex(/^sha512-/, "Integrity must start with sha512-"),
 	permissions: permissionsSchema,
 	audit_score: z.number().min(0).max(10).nullable(),
-	dependencies: z.record(z.string(), z.string()).optional()
+	dependencies: z.record(z.string(), z.string()).optional(),
+	source: z.enum(SKILL_SOURCES).optional(),
+	scan_verdict: z.enum(SCAN_VERDICTS).optional(),
+	scanned_at: z.string().optional()
 });
 z.object({
 	lockfileVersion: z.union([z.literal(1), z.literal(2)]),
@@ -433,7 +462,7 @@ function readLockfile$1(directory) {
 }
 //#endregion
 //#region src/commands/audit.ts
-function scoreColor$2(score) {
+function scoreColor$3(score) {
 	if (score >= 7) return chalk.green;
 	if (score >= 4) return chalk.yellow;
 	return chalk.red;
@@ -441,7 +470,7 @@ function scoreColor$2(score) {
 function formatScore(result) {
 	if (result.error) return chalk.dim("error");
 	if (result.score == null || result.status !== "completed") return chalk.dim("pending");
-	return scoreColor$2(result.score)(result.score.toFixed(1));
+	return scoreColor$3(result.score)(result.score.toFixed(1));
 }
 function formatStatus(result) {
 	if (result.error) return chalk.dim("error");
@@ -570,7 +599,1421 @@ async function auditCommand(options) {
 			});
 		}
 	}
-	displayTable(results);
+	displayTable(results);
+}
+//#endregion
+//#region ../adapters/dist/index.mjs
+function emitInstruction$5(atom) {
+	const globs = atom.globs?.length ? atom.globs : void 0;
+	if (globs) {
+		const frontmatter = `---\nglobs: ${JSON.stringify(globs)}\n---\n`;
+		return {
+			files: [{
+				path: `.claude/rules/${slugify$5(atom.content)}.md`,
+				content: `${frontmatter}\n{file:${atom.content}}`
+			}],
+			warnings: []
+		};
+	}
+	return {
+		files: [{
+			path: `.claude/rules/${slugify$5(atom.content)}.md`,
+			content: `{file:${atom.content}}`
+		}],
+		warnings: []
+	};
+}
+function emitHook$5(atom) {
+	const ccEvent = {
+		"pre-tool-use": "PreToolUse",
+		"post-tool-use": "PostToolUse",
+		"pre-stop": "Stop",
+		"session-created": "SessionStart",
+		"session-idle": "Notification",
+		"task-start": "SessionStart",
+		"task-complete": "TaskCompleted",
+		"task-cancel": "SessionEnd",
+		"pre-user-prompt": "UserPromptSubmit",
+		"pre-context-compact": "PreCompact",
+		"post-context-compact": "PostCompact",
+		"post-response": "Notification",
+		"subagent-start": "SubagentStart",
+		"subagent-complete": "SubagentStop",
+		"permission-asked": "PermissionRequest",
+		"permission-replied": "PermissionDenied",
+		"file-edited": "FileChanged",
+		"pre-file-read": "PreToolUse",
+		"post-file-read": "PostToolUse",
+		"pre-file-write": "PreToolUse",
+		"post-file-write": "PostToolUse",
+		"pre-command": "PreToolUse",
+		"post-command": "PostToolUse",
+		"pre-mcp-tool-use": "PreToolUse",
+		"post-mcp-tool-use": "PostToolUse",
+		"system-prompt-transform": "InstructionsLoaded",
+		"message-updated": "Notification",
+		"lsp-diagnostics": "Notification"
+	}[atom.event] ?? "Notification";
+	const name = atom.name ?? `hook-${atom.event}`;
+	const matcher = atom.match ?? void 0;
+	const hookEntry = { type: "command" };
+	if (atom.handler.type === "js") hookEntry.command = `node "$CLAUDE_PROJECT_DIR/.claude/hooks/${name}.mjs"`;
+	else {
+		const actions = atom.handler.actions;
+		const script = buildDslShellScript(name, actions);
+		hookEntry.command = `bash "$CLAUDE_PROJECT_DIR/.claude/hooks/${name}.sh"`;
+		const files = [{
+			path: `.claude/hooks/${name}.sh`,
+			content: script
+		}];
+		const settingsFragment = buildSettingsFragment(ccEvent, matcher, hookEntry);
+		files.push({
+			path: `.claude/settings.json`,
+			content: JSON.stringify({ hooks: settingsFragment }, null, 2)
+		});
+		return {
+			files,
+			warnings: []
+		};
+	}
+	const jsWrapper = buildJsWrapper(name, atom);
+	const settingsFragment = buildSettingsFragment(ccEvent, matcher, hookEntry);
+	return {
+		files: [{
+			path: `.claude/hooks/${name}.mjs`,
+			content: jsWrapper
+		}, {
+			path: `.claude/settings.json`,
+			content: JSON.stringify({ hooks: settingsFragment }, null, 2)
+		}],
+		warnings: []
+	};
+}
+function emitAgent$5(atom) {
+	const tools = atom.tools ?? [];
+	const toolsSection = tools.length ? `\n## Tools\n\n${tools.map((t) => `- ${t}`).join("\n")}` : "";
+	const readonlySection = atom.readonly ? "\n\n## Permissions\n\nThis agent is read-only. Do not modify files." : "";
+	const md = `# ${atom.name}\n\n${atom.role}${toolsSection}${readonlySection}\n`;
+	return {
+		files: [{
+			path: `.claude/agents/${atom.name}.md`,
+			content: md
+		}],
+		warnings: []
+	};
+}
+function emitTool$5(atom) {
+	if (!atom.mcp) return {
+		files: [],
+		warnings: [{
+			level: "skipped",
+			atomKind: "tool",
+			message: `Tool "${atom.name}" has no MCP config`
+		}]
+	};
+	const mcpConfig = { mcpServers: { [atom.name]: {
+		command: atom.mcp.command,
+		args: atom.mcp.args ?? [],
+		...atom.mcp.env ? { env: atom.mcp.env } : {}
+	} } };
+	return {
+		files: [{
+			path: ".mcp.json",
+			content: JSON.stringify(mcpConfig, null, 2)
+		}],
+		warnings: []
+	};
+}
+function emitRule$5(atom) {
+	const ccEvent = atom.event === "pre-tool-use" ? "PreToolUse" : atom.event === "pre-stop" ? "Stop" : "PreToolUse";
+	if (atom.policy === "block") {
+		const denyPattern = atom.match ? `Bash(${atom.match}*)` : void 0;
+		if (denyPattern) return {
+			files: [{
+				path: ".claude/settings.json",
+				content: JSON.stringify({ permissions: { deny: [denyPattern] } }, null, 2)
+			}],
+			warnings: []
+		};
+	}
+	const hookEntry = {
+		type: "command",
+		command: `echo '${atom.reason ?? "Rule triggered"}' >&2 && exit ${atom.policy === "block" ? "2" : "0"}`
+	};
+	const settingsFragment = buildSettingsFragment(ccEvent, atom.match ?? void 0, hookEntry);
+	return {
+		files: [{
+			path: ".claude/settings.json",
+			content: JSON.stringify({ hooks: settingsFragment }, null, 2)
+		}],
+		warnings: []
+	};
+}
+function emitResource$5(atom) {
+	return {
+		files: [],
+		warnings: [{
+			level: "degraded",
+			atomKind: "resource",
+			message: `Claude Code uses CLAUDE.md @import for resources — "${atom.name ?? atom.uri}" registered as instruction`
+		}]
+	};
+}
+function emitPrompt$5(atom) {
+	const md = atom.description ? `${atom.description}\n\n{file:${atom.template}}` : `{file:${atom.template}}`;
+	return {
+		files: [{
+			path: `.claude/commands/${atom.name}.md`,
+			content: md
+		}],
+		warnings: []
+	};
+}
+function slugify$5(s) {
+	return s.replace(/^\.\//, "").replace(/[/.]/g, "-").replace(/-+/g, "-").replace(/-$/, "");
+}
+function buildSettingsFragment(event, matcher, hookEntry) {
+	return { [event]: [{
+		...matcher ? { matcher } : {},
+		hooks: [hookEntry]
+	}] };
+}
+function buildDslShellScript(name, actions) {
+	return `#!/usr/bin/env bash
+set -euo pipefail
+INPUT=$(cat)
+${actions.map((a) => {
+		if (a.action === "block" && a.match) return `if echo "$INPUT" | grep -q '${a.match}'; then
+  echo '{"decision":"block","reason":"${a.reason ?? `Blocked: ${a.match}`}"}' 
+  exit 2
+fi`;
+		return null;
+	}).filter(Boolean).join("\n")}
+exit 0
+`;
+}
+function buildJsWrapper(name, _atom) {
+	return `import { readFileSync } from "node:fs";
+import { execSync } from "node:child_process";
+
+const input = JSON.parse(readFileSync("/dev/stdin", "utf-8"));
+
+const CODE_EXTS = new Set([".ts",".tsx",".js",".jsx",".py",".go",".rs",".java",".rb",".c",".cpp",".h",".cs",".swift",".kt",".sh"]);
+const EXCLUDED = [".opencode/",".cursor/",".claude/",".windsurf/",".clinerules/",".roo/","node_modules/",".git/"];
+
+function getChangedCodeFiles() {
+  try {
+    const status = execSync("git status --porcelain -uall 2>/dev/null", { encoding: "utf-8" }).trim();
+    if (!status) return [];
+    const files = status.split("\\n").map(l => l.slice(3).trim()).filter(Boolean);
+    return files.filter(f => {
+      if (EXCLUDED.some(e => f.startsWith(e))) return false;
+      const ext = f.slice(f.lastIndexOf("."));
+      return CODE_EXTS.has(ext);
+    });
+  } catch { return []; }
+}
+
+const codeFiles = getChangedCodeFiles();
+if (codeFiles.length === 0) process.exit(0);
+
+const reason = "Quality gate: " + codeFiles.length + " code file(s) modified (" + codeFiles.join(", ") + "). Review for critical/high issues before completing.";
+process.stdout.write(JSON.stringify({ decision: "block", reason }));
+process.exit(0);
+`;
+}
+const claudeCodeAdapter = {
+	name: "claude-code",
+	supportedRange: ">=1.0.0",
+	capabilities: {
+		instruction: "full",
+		hook: "full",
+		tool: "full",
+		agent: "full",
+		rule: "full",
+		resource: "degraded",
+		prompt: "full"
+	},
+	compileAtom(atom) {
+		const a = atom;
+		switch (a.kind) {
+			case "instruction": return emitInstruction$5(a);
+			case "hook": return emitHook$5(a);
+			case "agent": return emitAgent$5(a);
+			case "tool": return emitTool$5(a);
+			case "rule": return emitRule$5(a);
+			case "resource": return emitResource$5(a);
+			case "prompt": return emitPrompt$5(a);
+			default: return {
+				files: [],
+				warnings: [{
+					level: "skipped",
+					atomKind: "unknown",
+					message: "Unknown atom kind"
+				}]
+			};
+		}
+	}
+};
+function emitInstruction$4(atom) {
+	return {
+		files: [{
+			path: `.clinerules/${slugify$4(atom.content)}.md`,
+			content: `{file:${atom.content}}`
+		}],
+		warnings: []
+	};
+}
+function emitHook$4(atom) {
+	if (!{
+		"pre-tool-use": "PreToolUse",
+		"post-tool-use": "PostToolUse",
+		"task-start": "TaskStart",
+		"task-resume": "TaskResume",
+		"task-complete": "TaskComplete",
+		"task-cancel": "TaskCancel",
+		"pre-user-prompt": "UserPromptSubmit",
+		"pre-context-compact": "PreCompact",
+		"pre-stop": "TaskComplete"
+	}[atom.event]) return {
+		files: [],
+		warnings: [{
+			level: "degraded",
+			atomKind: "hook",
+			message: `Cline does not support event "${atom.event}" — skipped`
+		}]
+	};
+	const name = atom.name ?? `hook-${atom.event}`;
+	if (atom.handler.type === "js") {
+		const wrapper = `#!/usr/bin/env node\nimport { readFileSync } from "node:fs";\nconst input = JSON.parse(readFileSync("/dev/stdin", "utf-8"));\nconst handler = await import("./${name}.handler.ts");\nconst result = await handler.default(input);\nif (result) process.stdout.write(JSON.stringify(result));\n`;
+		return {
+			files: [{
+				path: `.clinerules/hooks/${name}.mjs`,
+				content: wrapper
+			}],
+			warnings: []
+		};
+	}
+	const script = buildDslScript$2(atom.handler.actions);
+	return {
+		files: [{
+			path: `.clinerules/hooks/${name}.sh`,
+			content: script
+		}],
+		warnings: []
+	};
+}
+function emitAgent$4(atom) {
+	return {
+		files: [],
+		warnings: [{
+			level: "degraded",
+			atomKind: "agent",
+			message: `Cline only has Plan/Act modes — agent "${atom.name}" compiled as instruction`
+		}]
+	};
+}
+function emitTool$4(atom) {
+	if (!atom.mcp) return {
+		files: [],
+		warnings: [{
+			level: "skipped",
+			atomKind: "tool",
+			message: `Tool "${atom.name}" has no MCP config`
+		}]
+	};
+	const config = { mcpServers: { [atom.name]: {
+		command: atom.mcp.command,
+		args: atom.mcp.args ?? [],
+		disabled: false,
+		...atom.mcp.env ? { env: atom.mcp.env } : {}
+	} } };
+	return {
+		files: [{
+			path: ".vscode/cline_mcp_settings.json",
+			content: JSON.stringify(config, null, 2)
+		}],
+		warnings: []
+	};
+}
+function emitRule$4(atom) {
+	const content = `## Rule: ${atom.name ?? atom.event}\n\n- Policy: ${atom.policy}\n- Reason: ${atom.reason ?? "No reason specified"}\n`;
+	return {
+		files: [{
+			path: `.clinerules/rule-${slugify$4(atom.name ?? atom.event)}.md`,
+			content
+		}],
+		warnings: [{
+			level: "degraded",
+			atomKind: "rule",
+			message: "Cline rules are soft guidance — use hooks for enforcement"
+		}]
+	};
+}
+function emitResource$4(atom) {
+	return {
+		files: [],
+		warnings: [{
+			level: "degraded",
+			atomKind: "resource",
+			message: `Cline MCP resources supported — "${atom.name ?? atom.uri}" requires MCP server registration`
+		}]
+	};
+}
+function emitPrompt$4(atom) {
+	return {
+		files: [{
+			path: `.clinerules/skills/${atom.name}/SKILL.md`,
+			content: `# ${atom.name}\n\n${atom.description ?? ""}\n\n{file:${atom.template}}`
+		}],
+		warnings: []
+	};
+}
+function slugify$4(s) {
+	return s.replace(/^\.\//, "").replace(/[/.]/g, "-").replace(/-+/g, "-").replace(/-$/, "");
+}
+function buildDslScript$2(actions) {
+	return `#!/usr/bin/env bash\nset -euo pipefail\nINPUT=$(cat)\n${actions.filter((a) => a.action === "block" && a.match).map((a) => `if echo "$INPUT" | grep -q '${a.match}'; then\n  echo '{"cancel":true,"reason":"${a.reason ?? a.match}"}'\n  exit 0\nfi`).join("\n")}\nexit 0\n`;
+}
+const clineAdapter = {
+	name: "cline",
+	supportedRange: ">=3.0.0",
+	capabilities: {
+		instruction: "full",
+		hook: "full",
+		tool: "full",
+		agent: "degraded",
+		rule: "degraded",
+		resource: "degraded",
+		prompt: "full"
+	},
+	compileAtom(atom) {
+		const a = atom;
+		switch (a.kind) {
+			case "instruction": return emitInstruction$4(a);
+			case "hook": return emitHook$4(a);
+			case "agent": return emitAgent$4(a);
+			case "tool": return emitTool$4(a);
+			case "rule": return emitRule$4(a);
+			case "resource": return emitResource$4(a);
+			case "prompt": return emitPrompt$4(a);
+			default: return {
+				files: [],
+				warnings: [{
+					level: "skipped",
+					atomKind: "unknown",
+					message: "Unknown atom kind"
+				}]
+			};
+		}
+	}
+};
+function emitInstruction$3(atom) {
+	const globs = atom.globs?.length ? atom.globs.join(", ") : void 0;
+	const alwaysApply = !globs && atom.scope !== "directory";
+	const frontmatter = [
+		"---",
+		`description: Tank-generated instruction`,
+		globs ? `globs: ${globs}` : null,
+		`alwaysApply: ${alwaysApply}`,
+		"---"
+	].filter(Boolean).join("\n");
+	return {
+		files: [{
+			path: `.cursor/rules/${slugify$3(atom.content)}.mdc`,
+			content: `${frontmatter}\n\n{file:${atom.content}}`
+		}],
+		warnings: []
+	};
+}
+function emitHook$3(atom) {
+	const cursorEvent = {
+		"pre-tool-use": "beforeToolCall",
+		"post-tool-use": "afterToolCall",
+		"pre-file-write": "beforeFileEdit",
+		"post-file-write": "afterFileEdit",
+		"pre-command": "beforeCommand",
+		"post-command": "afterCommand",
+		"pre-stop": "afterResponse",
+		"post-response": "afterResponse",
+		"pre-file-read": "beforeTabFileRead",
+		"pre-mcp-tool-use": "beforeMcpToolCall",
+		"post-mcp-tool-use": "afterMcpToolCall"
+	}[atom.event];
+	if (!cursorEvent) return {
+		files: [],
+		warnings: [{
+			level: "degraded",
+			atomKind: "hook",
+			message: `Cursor does not have a direct equivalent for event "${atom.event}" — skipped`
+		}]
+	};
+	const name = atom.name ?? `hook-${atom.event}`;
+	const hookConfig = {};
+	if (atom.handler.type === "js") hookConfig[cursorEvent] = [{
+		type: "command",
+		command: `node "$PROJECT_DIR/.cursor/hooks/${name}.mjs"`
+	}];
+	else {
+		const script = buildDslScript$1(atom.handler.actions);
+		hookConfig[cursorEvent] = [{
+			type: "command",
+			command: `bash "$PROJECT_DIR/.cursor/hooks/${name}.sh"`
+		}];
+		return {
+			files: [{
+				path: `.cursor/hooks/${name}.sh`,
+				content: script
+			}, {
+				path: ".cursor/hooks.json",
+				content: JSON.stringify({ hooks: hookConfig }, null, 2)
+			}],
+			warnings: []
+		};
+	}
+	const jsWrapper = `import { readFileSync } from "node:fs";\nconst input = JSON.parse(readFileSync("/dev/stdin", "utf-8"));\nconst handler = await import("./${name}.handler.ts");\nawait handler.default(input);\n`;
+	return {
+		files: [{
+			path: `.cursor/hooks/${name}.mjs`,
+			content: jsWrapper
+		}, {
+			path: ".cursor/hooks.json",
+			content: JSON.stringify({ hooks: hookConfig }, null, 2)
+		}],
+		warnings: []
+	};
+}
+function emitAgent$3(atom) {
+	const tools = atom.tools ?? [];
+	const readonlyNote = atom.readonly ? "\n\nThis agent is read-only. Do not modify files." : "";
+	const md = `# ${atom.name}\n\n${atom.role}\n\nTools: ${tools.join(", ")}${readonlyNote}\n`;
+	return {
+		files: [{
+			path: `.cursor/agents/${atom.name}.md`,
+			content: md
+		}],
+		warnings: []
+	};
+}
+function emitTool$3(atom) {
+	if (!atom.mcp) return {
+		files: [],
+		warnings: [{
+			level: "skipped",
+			atomKind: "tool",
+			message: `Tool "${atom.name}" has no MCP config`
+		}]
+	};
+	const config = { mcpServers: { [atom.name]: {
+		command: atom.mcp.command,
+		args: atom.mcp.args ?? [],
+		...atom.mcp.env ? { env: atom.mcp.env } : {}
+	} } };
+	return {
+		files: [{
+			path: ".cursor/mcp.json",
+			content: JSON.stringify(config, null, 2)
+		}],
+		warnings: []
+	};
+}
+function emitRule$3(atom) {
+	const content = `# Rule: ${atom.name ?? atom.event}\n\n**Policy:** ${atom.policy}\n**Event:** ${atom.event}\n${atom.match ? `**Match:** ${atom.match}\n` : ""}${atom.reason ? `**Reason:** ${atom.reason}\n` : ""}`;
+	return {
+		files: [{
+			path: `.cursor/rules/rule-${slugify$3(atom.name ?? atom.event)}.mdc`,
+			content: `---\nalwaysApply: true\n---\n\n${content}`
+		}],
+		warnings: [{
+			level: "degraded",
+			atomKind: "rule",
+			message: "Cursor rules are soft guidance — use hooks for hard enforcement"
+		}]
+	};
+}
+function emitResource$3(atom) {
+	return {
+		files: [],
+		warnings: [{
+			level: "degraded",
+			atomKind: "resource",
+			message: `Cursor uses @Docs for resources — "${atom.name ?? atom.uri}" not directly registrable`
+		}]
+	};
+}
+function emitPrompt$3(atom) {
+	return {
+		files: [{
+			path: `.cursor/skills/${atom.name}/SKILL.md`,
+			content: `# ${atom.name}\n\n${atom.description ?? ""}\n\n{file:${atom.template}}`
+		}],
+		warnings: []
+	};
+}
+function slugify$3(s) {
+	return s.replace(/^\.\//, "").replace(/[/.]/g, "-").replace(/-+/g, "-").replace(/-$/, "");
+}
+function buildDslScript$1(actions) {
+	return `#!/usr/bin/env bash\nset -euo pipefail\nINPUT=$(cat)\n${actions.filter((a) => a.action === "block" && a.match).map((a) => `if echo "$INPUT" | grep -q '${a.match}'; then\n  echo "Blocked: ${a.reason ?? a.match}" >&2\n  exit 2\nfi`).join("\n")}\nexit 0\n`;
+}
+const cursorAdapter = {
+	name: "cursor",
+	supportedRange: ">=0.40.0",
+	capabilities: {
+		instruction: "full",
+		hook: "full",
+		tool: "full",
+		agent: "full",
+		rule: "degraded",
+		resource: "degraded",
+		prompt: "full"
+	},
+	compileAtom(atom) {
+		const a = atom;
+		switch (a.kind) {
+			case "instruction": return emitInstruction$3(a);
+			case "hook": return emitHook$3(a);
+			case "agent": return emitAgent$3(a);
+			case "tool": return emitTool$3(a);
+			case "rule": return emitRule$3(a);
+			case "resource": return emitResource$3(a);
+			case "prompt": return emitPrompt$3(a);
+			default: return {
+				files: [],
+				warnings: [{
+					level: "skipped",
+					atomKind: "unknown",
+					message: "Unknown atom kind"
+				}]
+			};
+		}
+	}
+};
+function emitInstruction$2(atom) {
+	return {
+		files: [{
+			path: `.opencode/instructions/${slugify$2(atom.content)}.md`,
+			content: `{file:${atom.content}}`
+		}],
+		warnings: []
+	};
+}
+function emitHook$2(atom) {
+	const TRIGGER_HOOKS = {
+		"pre-tool-use": "tool.execute.before",
+		"post-tool-use": "tool.execute.after",
+		"pre-file-read": "tool.execute.before",
+		"post-file-read": "tool.execute.after",
+		"pre-file-write": "tool.execute.before",
+		"post-file-write": "tool.execute.after",
+		"pre-command": "tool.execute.before",
+		"post-command": "tool.execute.after",
+		"pre-context-compact": "experimental.session.compacting",
+		"system-prompt-transform": "experimental.chat.system.transform"
+	};
+	const EVENT_MAP = {
+		"pre-stop": "session.idle",
+		"session-created": "session.created",
+		"session-idle": "session.idle",
+		"session-error": "session.error",
+		"file-edited": "file.edited",
+		"file-watcher-updated": "file.watcher.updated",
+		"task-start": "session.created",
+		"task-complete": "session.idle",
+		"todo-updated": "todo.updated",
+		"permission-asked": "permission.asked",
+		"permission-replied": "permission.replied",
+		"post-response": "session.idle",
+		"pre-user-prompt": "message.updated",
+		"message-updated": "message.updated",
+		"lsp-diagnostics": "lsp.client.diagnostics",
+		"lsp-updated": "lsp.updated",
+		"subagent-start": "session.created",
+		"subagent-complete": "session.idle",
+		"installation-updated": "installation.updated",
+		"shell-env": "shell.env",
+		"pre-mcp-tool-use": "tool.execute.before",
+		"post-mcp-tool-use": "tool.execute.after"
+	};
+	const name = atom.name ?? `hook-${atom.event}`;
+	const triggerHook = TRIGGER_HOOKS[atom.event];
+	if (triggerHook) {
+		const pluginContent = atom.handler.type === "js" ? buildJsTriggerPlugin(name, triggerHook, atom) : buildDslTriggerPlugin(name, triggerHook, atom);
+		return {
+			files: [{
+				path: `.opencode/plugins/${name}.ts`,
+				content: pluginContent
+			}],
+			warnings: []
+		};
+	}
+	const busEvent = EVENT_MAP[atom.event] ?? atom.event.replace(/-/g, ".");
+	const pluginContent = atom.handler.type === "js" ? buildJsEventPlugin(name, busEvent, atom) : buildDslEventPlugin(name, busEvent, atom);
+	return {
+		files: [{
+			path: `.opencode/plugins/${name}.ts`,
+			content: pluginContent
+		}],
+		warnings: []
+	};
+}
+function emitAgent$2(atom) {
+	const READ_ONLY_TOOLS = new Set([
+		"read",
+		"grep",
+		"glob",
+		"lsp",
+		"fetch",
+		"mcp"
+	]);
+	const permissions = {};
+	for (const tool of atom.tools ?? []) permissions[tool] = atom.readonly ? READ_ONLY_TOOLS.has(tool) : true;
+	const md = [
+		`---`,
+		`description: "${atom.role}"`,
+		`mode: subagent`,
+		atom.model && ![
+			"fast",
+			"balanced",
+			"powerful",
+			"custom"
+		].includes(atom.model) ? `model: ${atom.model}` : null,
+		`permissions:`,
+		...Object.entries(permissions).map(([k, v]) => `  ${k}: ${v}`),
+		atom.readonly ? `  write: false\n  edit: false\n  bash: false` : null,
+		`---`,
+		"",
+		atom.role
+	].filter(Boolean).join("\n");
+	return {
+		files: [{
+			path: `.opencode/agent/${atom.name}.md`,
+			content: md
+		}],
+		warnings: []
+	};
+}
+function emitTool$2(atom) {
+	if (!atom.mcp) return {
+		files: [],
+		warnings: [{
+			level: "skipped",
+			atomKind: "tool",
+			message: `Tool "${atom.name}" has no MCP config — cannot register in OpenCode`
+		}]
+	};
+	const config = { [atom.name]: {
+		type: "local",
+		command: [atom.mcp.command, ...atom.mcp.args ?? []],
+		...atom.mcp.env ? { environment: atom.mcp.env } : {}
+	} };
+	return {
+		files: [{
+			path: `.opencode/mcp/${atom.name}.json`,
+			content: JSON.stringify(config, null, 2)
+		}],
+		warnings: []
+	};
+}
+function emitRule$2(atom) {
+	const name = atom.name ?? `rule-${atom.event}`;
+	const pluginContent = buildRulePlugin(name, atom);
+	return {
+		files: [{
+			path: `.opencode/plugins/${name}.ts`,
+			content: pluginContent
+		}],
+		warnings: []
+	};
+}
+function emitResource$2(atom) {
+	return {
+		files: [],
+		warnings: [{
+			level: "degraded",
+			atomKind: "resource",
+			message: `OpenCode MCP resources are experimental — resource "${atom.name ?? atom.uri}" registered as instruction reference`
+		}]
+	};
+}
+function emitPrompt$2(atom) {
+	const frontmatter = [
+		"---",
+		`description: "${atom.description ?? atom.name}"`,
+		"---",
+		"",
+		`{file:${atom.template}}`
+	].join("\n");
+	return {
+		files: [{
+			path: `.opencode/commands/${atom.name}.md`,
+			content: frontmatter
+		}],
+		warnings: []
+	};
+}
+function slugify$2(s) {
+	return s.replace(/^\.\//, "").replace(/[/.]/g, "-").replace(/-+/g, "-").replace(/-$/, "");
+}
+function buildJsTriggerPlugin(name, hook, atom) {
+	const matchFilter = atom.match ? `\n      if (input.tool !== "${atom.match}") return;` : "";
+	const handlerRelPath = `./handlers/${name}.handler`;
+	return `import type { Plugin } from "@opencode-ai/plugin";
+
+export const ${pascalCase(name)}: Plugin = async ({ client }) => {
+  return {
+    "${hook}": async (input, output) => {${matchFilter}
+      const handler = await import("${handlerRelPath}");
+      await handler.default(input, output, client);
+    },
+  };
+};
+`;
+}
+function buildDslTriggerPlugin(name, hook, atom) {
+	if (atom.handler.type !== "dsl") return "";
+	const checks = atom.handler.actions.map((a) => {
+		if (a.action === "block" && a.match) return `      if (JSON.stringify(output.args ?? input).includes("${a.match}")) {
+        throw new Error("${a.reason ?? `Blocked: ${a.match}`}");
+      }`;
+		if (a.action === "injectContext" && a.value) return `      output.system?.push?.("${a.value}");`;
+		return null;
+	}).filter(Boolean).join("\n");
+	return `import type { Plugin } from "@opencode-ai/plugin";
+
+export const ${pascalCase(name)}: Plugin = async () => {
+  return {
+    "${hook}": async (input, output) => {
+${checks}
+    },
+  };
+};
+`;
+}
+function buildJsEventPlugin(name, busEvent, _atom) {
+	const handlerRelPath = `./handlers/${name}.handler`;
+	return `import type { Plugin } from "@opencode-ai/plugin";
+
+export const ${pascalCase(name)}: Plugin = async ({ client, $ }) => {
+  let _lastFingerprint = "";
+  let _running = false;
+  return {
+    event: ({ event }) => {
+      const e = event;
+      if (e.type !== "${busEvent}") return;
+      if (_running) return;
+      const sid = e.properties?.sessionID ?? "";
+      if (!sid) return;
+      _running = true;
+      $\`git status --porcelain -uall 2>/dev/null\`.text().then((stat) => {
+        const fp = stat.trim();
+        if (!fp || fp === _lastFingerprint) {
+          _running = false;
+          return;
+        }
+        _lastFingerprint = fp;
+        return import("${handlerRelPath}").then((handler) => {
+          return handler.default(e, { client, $ });
+        });
+      }).catch((err) => console.error("[${name}] ERROR:", err)).finally(() => { _running = false; });
+    },
+  };
+};
+`;
+}
+function buildDslEventPlugin(name, busEvent, atom) {
+	if (atom.handler.type !== "dsl") return "";
+	const checks = atom.handler.actions.map((a) => {
+		if (a.action === "block" && a.match) return `      console.error("[${name}] Blocked: ${a.reason ?? a.match}");`;
+		return null;
+	}).filter(Boolean).join("\n");
+	return `import type { Plugin } from "@opencode-ai/plugin";
+
+export const ${pascalCase(name)}: Plugin = async () => {
+  return {
+    event: ({ event }) => {
+      if (event.type !== "${busEvent}") return;
+${checks}
+    },
+  };
+};
+`;
+}
+function buildRulePlugin(name, atom) {
+	const triggerHook = {
+		"pre-tool-use": "tool.execute.before",
+		"post-tool-use": "tool.execute.after"
+	}[atom.event];
+	const matchFilter = atom.match ? `\n      if (input.tool !== "${atom.match}") return;` : "";
+	if (triggerHook) {
+		if (atom.policy === "block") return `import type { Plugin } from "@opencode-ai/plugin";
+
+export const ${pascalCase(name)}: Plugin = async () => {
+  return {
+    "${triggerHook}": async (input, output) => {${matchFilter}
+      throw new Error("${atom.reason ?? "Blocked by rule"}");
+    },
+  };
+};
+`;
+		return `import type { Plugin } from "@opencode-ai/plugin";
+
+export const ${pascalCase(name)}: Plugin = async () => {
+  return {
+    "${triggerHook}": async (input, output) => {${matchFilter}
+      console.warn("[${name}] ${atom.reason ?? "Rule triggered"}");
+    },
+  };
+};
+`;
+	}
+	return `import type { Plugin } from "@opencode-ai/plugin";
+
+export const ${pascalCase(name)}: Plugin = async () => {
+  return {
+    event: ({ event }) => {
+      if (event.type !== "${atom.event.replace(/-/g, ".")}") return;
+      console.${atom.policy === "block" ? "error" : "warn"}("[${name}] ${atom.reason ?? "Rule triggered"}");
+    },
+  };
+};
+`;
+}
+function pascalCase(s) {
+	return s.split(/[-_\s]+/).map((w) => w.charAt(0).toUpperCase() + w.slice(1)).join("");
+}
+const opencodeAdapter = {
+	name: "opencode",
+	supportedRange: ">=0.1.0",
+	capabilities: {
+		instruction: "full",
+		hook: "full",
+		tool: "full",
+		agent: "full",
+		rule: "full",
+		resource: "degraded",
+		prompt: "full"
+	},
+	compileAtom(atom) {
+		const a = atom;
+		switch (a.kind) {
+			case "instruction": return emitInstruction$2(a);
+			case "hook": return emitHook$2(a);
+			case "agent": return emitAgent$2(a);
+			case "tool": return emitTool$2(a);
+			case "rule": return emitRule$2(a);
+			case "resource": return emitResource$2(a);
+			case "prompt": return emitPrompt$2(a);
+			default: return {
+				files: [],
+				warnings: [{
+					level: "skipped",
+					atomKind: "unknown",
+					message: "Unknown atom kind"
+				}]
+			};
+		}
+	}
+};
+function emitInstruction$1(atom) {
+	return {
+		files: [{
+			path: `.roo/rules/${slugify$1(atom.content)}.md`,
+			content: `{file:${atom.content}}`
+		}],
+		warnings: []
+	};
+}
+function emitHook$1(_atom) {
+	return {
+		files: [],
+		warnings: [{
+			level: "skipped",
+			atomKind: "hook",
+			message: "Roo Code does not support hooks"
+		}]
+	};
+}
+function emitAgent$1(atom) {
+	const toolGroups = [];
+	for (const tool of atom.tools ?? []) {
+		if ([
+			"read",
+			"grep",
+			"glob"
+		].includes(tool)) toolGroups.push("read");
+		if (["write", "edit"].includes(tool)) toolGroups.push("edit");
+		if (["bash"].includes(tool)) toolGroups.push("command");
+		if (["browser"].includes(tool)) toolGroups.push("browser");
+		if (["mcp"].includes(tool)) toolGroups.push("mcp");
+	}
+	const groups = [...new Set(toolGroups)].map((g) => {
+		if (g === "edit" && atom.readonly) return null;
+		if (g === "command" && atom.readonly) return null;
+		return g;
+	}).filter(Boolean);
+	const mode = {
+		slug: atom.name,
+		name: atom.name.charAt(0).toUpperCase() + atom.name.slice(1),
+		roleDefinition: atom.role,
+		groups: groups.map((g) => [g, {}]),
+		customInstructions: atom.readonly ? "This mode is read-only. Do not modify any files." : void 0
+	};
+	return {
+		files: [{
+			path: `.roomodes`,
+			content: JSON.stringify({ customModes: [mode] }, null, 2)
+		}],
+		warnings: []
+	};
+}
+function emitTool$1(atom) {
+	if (!atom.mcp) return {
+		files: [],
+		warnings: [{
+			level: "skipped",
+			atomKind: "tool",
+			message: `Tool "${atom.name}" has no MCP config`
+		}]
+	};
+	const config = { mcpServers: { [atom.name]: {
+		command: atom.mcp.command,
+		args: atom.mcp.args ?? [],
+		disabled: false,
+		...atom.mcp.env ? { env: atom.mcp.env } : {}
+	} } };
+	return {
+		files: [{
+			path: ".vscode/mcp.json",
+			content: JSON.stringify(config, null, 2)
+		}],
+		warnings: []
+	};
+}
+function emitRule$1(atom) {
+	const content = `## Rule: ${atom.name ?? atom.event}\n\n- Policy: ${atom.policy}\n- Reason: ${atom.reason ?? "No reason specified"}\n`;
+	return {
+		files: [{
+			path: `.roo/rules/rule-${slugify$1(atom.name ?? atom.event)}.md`,
+			content
+		}],
+		warnings: [{
+			level: "degraded",
+			atomKind: "rule",
+			message: "Roo Code rules are soft guidance only"
+		}]
+	};
+}
+function emitResource$1(atom) {
+	return {
+		files: [],
+		warnings: [{
+			level: "degraded",
+			atomKind: "resource",
+			message: `Roo Code MCP resources are mode-scoped — "${atom.name ?? atom.uri}" requires manual MCP setup`
+		}]
+	};
+}
+function emitPrompt$1(atom) {
+	return {
+		files: [],
+		warnings: [{
+			level: "degraded",
+			atomKind: "prompt",
+			message: `Roo Code does not support custom slash commands — prompt "${atom.name}" skipped`
+		}]
+	};
+}
+function slugify$1(s) {
+	return s.replace(/^\.\//, "").replace(/[/.]/g, "-").replace(/-+/g, "-").replace(/-$/, "");
+}
+const rooCodeAdapter = {
+	name: "roo-code",
+	supportedRange: ">=3.0.0",
+	capabilities: {
+		instruction: "full",
+		hook: "none",
+		tool: "full",
+		agent: "full",
+		rule: "degraded",
+		resource: "degraded",
+		prompt: "degraded"
+	},
+	compileAtom(atom) {
+		const a = atom;
+		switch (a.kind) {
+			case "instruction": return emitInstruction$1(a);
+			case "hook": return emitHook$1(a);
+			case "agent": return emitAgent$1(a);
+			case "tool": return emitTool$1(a);
+			case "rule": return emitRule$1(a);
+			case "resource": return emitResource$1(a);
+			case "prompt": return emitPrompt$1(a);
+			default: return {
+				files: [],
+				warnings: [{
+					level: "skipped",
+					atomKind: "unknown",
+					message: "Unknown atom kind"
+				}]
+			};
+		}
+	}
+};
+function emitInstruction(atom) {
+	return {
+		files: [{
+			path: `.windsurf/rules/${slugify(atom.content)}.md`,
+			content: `{file:${atom.content}}`
+		}],
+		warnings: []
+	};
+}
+function emitHook(atom) {
+	const wsEvent = {
+		"pre-tool-use": "pre_mcp_tool_use",
+		"post-tool-use": "post_mcp_tool_use",
+		"pre-file-read": "pre_read_code",
+		"post-file-read": "post_read_code",
+		"pre-file-write": "pre_write_code",
+		"post-file-write": "post_write_code",
+		"pre-command": "pre_run_command",
+		"post-command": "post_run_command",
+		"pre-user-prompt": "pre_user_prompt",
+		"post-response": "post_cascade_response",
+		"pre-stop": "post_cascade_response",
+		"pre-mcp-tool-use": "pre_mcp_tool_use",
+		"post-mcp-tool-use": "post_mcp_tool_use"
+	}[atom.event];
+	if (!wsEvent) return {
+		files: [],
+		warnings: [{
+			level: "degraded",
+			atomKind: "hook",
+			message: `Windsurf does not support event "${atom.event}" — skipped`
+		}]
+	};
+	const name = atom.name ?? `hook-${atom.event}`;
+	if (atom.handler.type === "js") {
+		const wrapper = `#!/usr/bin/env node\nimport { readFileSync } from "node:fs";\nconst input = JSON.parse(readFileSync("/dev/stdin", "utf-8"));\nconst handler = await import("./${name}.handler.ts");\nawait handler.default(input);\n`;
+		const hookConfig = { hooks: { [wsEvent]: [{
+			command: `node "$WORKSPACE_DIR/.windsurf/hooks/${name}.mjs"`,
+			show_output: true
+		}] } };
+		return {
+			files: [{
+				path: `.windsurf/hooks/${name}.mjs`,
+				content: wrapper
+			}, {
+				path: ".windsurf/hooks.json",
+				content: JSON.stringify(hookConfig, null, 2)
+			}],
+			warnings: []
+		};
+	}
+	const script = buildDslScript(atom.handler.actions);
+	const hookConfig = { hooks: { [wsEvent]: [{
+		command: `bash "$WORKSPACE_DIR/.windsurf/hooks/${name}.sh"`,
+		show_output: true
+	}] } };
+	return {
+		files: [{
+			path: `.windsurf/hooks/${name}.sh`,
+			content: script
+		}, {
+			path: ".windsurf/hooks.json",
+			content: JSON.stringify(hookConfig, null, 2)
+		}],
+		warnings: []
+	};
+}
+function emitAgent(atom) {
+	return {
+		files: [],
+		warnings: [{
+			level: "degraded",
+			atomKind: "agent",
+			message: `Windsurf has 3 fixed modes (Code/Plan/Ask) — agent "${atom.name}" compiled as instruction rule`
+		}]
+	};
+}
+function emitTool(atom) {
+	if (!atom.mcp) return {
+		files: [],
+		warnings: [{
+			level: "skipped",
+			atomKind: "tool",
+			message: `Tool "${atom.name}" has no MCP config`
+		}]
+	};
+	const config = { mcpServers: { [atom.name]: {
+		command: atom.mcp.command,
+		args: atom.mcp.args ?? [],
+		...atom.mcp.env ? { env: atom.mcp.env } : {}
+	} } };
+	return {
+		files: [{
+			path: ".windsurf/mcp.json",
+			content: JSON.stringify(config, null, 2)
+		}],
+		warnings: []
+	};
+}
+function emitRule(atom) {
+	const content = `## Rule: ${atom.name ?? atom.event}\n\n- Policy: ${atom.policy}\n- Event: ${atom.event}\n${atom.match ? `- Match: ${atom.match}\n` : ""}- Reason: ${atom.reason ?? "No reason specified"}\n`;
+	return {
+		files: [{
+			path: `.windsurf/rules/rule-${slugify(atom.name ?? atom.event)}.md`,
+			content
+		}],
+		warnings: [{
+			level: "degraded",
+			atomKind: "rule",
+			message: "Windsurf rules are soft guidance — use hooks for enforcement"
+		}]
+	};
+}
+function emitResource(atom) {
+	return {
+		files: [],
+		warnings: [{
+			level: "degraded",
+			atomKind: "resource",
+			message: `Windsurf uses RAG indexing — resource "${atom.name ?? atom.uri}" not directly registrable`
+		}]
+	};
+}
+function emitPrompt(atom) {
+	return {
+		files: [{
+			path: `.windsurf/skills/${atom.name}/SKILL.md`,
+			content: `# ${atom.name}\n\n${atom.description ?? ""}\n\n{file:${atom.template}}`
+		}],
+		warnings: []
+	};
+}
+function slugify(s) {
+	return s.replace(/^\.\//, "").replace(/[/.]/g, "-").replace(/-+/g, "-").replace(/-$/, "");
+}
+function buildDslScript(actions) {
+	return `#!/usr/bin/env bash\nset -euo pipefail\nINPUT=$(cat)\n${actions.filter((a) => a.action === "block" && a.match).map((a) => `if echo "$INPUT" | grep -q '${a.match}'; then\n  echo "Blocked: ${a.reason ?? a.match}" >&2\n  exit 2\nfi`).join("\n")}\nexit 0\n`;
+}
+const windsurfAdapter = {
+	name: "windsurf",
+	supportedRange: ">=1.0.0",
+	capabilities: {
+		instruction: "full",
+		hook: "full",
+		tool: "full",
+		agent: "degraded",
+		rule: "degraded",
+		resource: "degraded",
+		prompt: "full"
+	},
+	compileAtom(atom) {
+		const a = atom;
+		switch (a.kind) {
+			case "instruction": return emitInstruction(a);
+			case "hook": return emitHook(a);
+			case "agent": return emitAgent(a);
+			case "tool": return emitTool(a);
+			case "rule": return emitRule(a);
+			case "resource": return emitResource(a);
+			case "prompt": return emitPrompt(a);
+			default: return {
+				files: [],
+				warnings: [{
+					level: "skipped",
+					atomKind: "unknown",
+					message: "Unknown atom kind"
+				}]
+			};
+		}
+	}
+};
+const HANDLER_DIRS = {
+	opencode: ".opencode/plugins/handlers",
+	"claude-code": ".claude/hooks",
+	cursor: ".cursor/hooks",
+	windsurf: ".windsurf/hooks",
+	cline: ".clinerules/hooks",
+	"roo-code": ".roo/hooks"
+};
+function resolveSourceFiles(atoms, sourceDir, adapterName) {
+	const files = [];
+	const handlerDir = HANDLER_DIRS[adapterName] ?? `.${adapterName}/hooks`;
+	for (const atom of atoms) {
+		if (atom.kind === "hook" && atom.handler.type === "js") {
+			const srcPath = path.resolve(sourceDir, atom.handler.entry);
+			if (fs.existsSync(srcPath)) {
+				const name = "name" in atom && atom.name ? atom.name : `hook-${atom.event}`;
+				files.push({
+					path: `${handlerDir}/${name}.handler.ts`,
+					content: fs.readFileSync(srcPath, "utf-8")
+				});
+			}
+		}
+		if (atom.kind === "instruction") {
+			const srcPath = path.resolve(sourceDir, atom.content);
+			if (fs.existsSync(srcPath)) files.push({
+				path: `__resolved__/${atom.content}`,
+				content: fs.readFileSync(srcPath, "utf-8")
+			});
+		}
+		if (atom.kind === "prompt" && "template" in atom) {
+			const srcPath = path.resolve(sourceDir, atom.template);
+			if (fs.existsSync(srcPath)) files.push({
+				path: `__resolved__/${atom.template}`,
+				content: fs.readFileSync(srcPath, "utf-8")
+			});
+		}
+	}
+	return files;
+}
+function inlineFileReferences(files, resolvedFiles) {
+	return files.map((f) => {
+		let content = f.content;
+		for (const [refPath, refContent] of resolvedFiles) {
+			content = content.replace(`{file:${refPath}}`, refContent);
+			content = content.replace(`{file:./${refPath}}`, refContent);
+		}
+		return {
+			path: f.path,
+			content
+		};
+	});
+}
+function deepMergeJson(a, b) {
+	try {
+		const merged = mergeObjects(JSON.parse(a), JSON.parse(b));
+		return JSON.stringify(merged, null, 2);
+	} catch {
+		return b;
+	}
+}
+function mergeObjects(a, b) {
+	if (Array.isArray(a) && Array.isArray(b)) return [...a, ...b];
+	if (typeof a === "object" && a !== null && typeof b === "object" && b !== null) {
+		const result = { ...a };
+		for (const [key, val] of Object.entries(b)) if (key in result) result[key] = mergeObjects(result[key], val);
+		else result[key] = val;
+		return result;
+	}
+	return b;
+}
+function mergeFilesByPath(files) {
+	const byPath = /* @__PURE__ */ new Map();
+	for (const f of files) {
+		const existing = byPath.get(f.path);
+		if (!existing) {
+			byPath.set(f.path, f);
+			continue;
+		}
+		if (f.path.endsWith(".json") || f.path === ".roomodes") byPath.set(f.path, {
+			path: f.path,
+			content: deepMergeJson(existing.content, f.content)
+		});
+		else if (f.path.endsWith(".md") || f.path.endsWith(".mdc")) byPath.set(f.path, {
+			path: f.path,
+			content: `${existing.content}\n\n${f.content}`
+		});
+		else byPath.set(f.path, f);
+	}
+	return [...byPath.values()];
+}
+function collectAtoms(pkg, resolver, visited) {
+	const seen = visited ?? /* @__PURE__ */ new Set();
+	if (seen.has(pkg.name)) return [];
+	seen.add(pkg.name);
+	const atoms = [];
+	if (pkg.includes) for (const dep of pkg.includes) {
+		const resolved = resolver?.resolve(dep);
+		if (resolved) atoms.push(...collectAtoms(resolved, resolver, seen));
+	}
+	atoms.push(...pkg.atoms);
+	return atoms;
+}
+function compilePackage(pkg, adapter, options) {
+	const rawFiles = [];
+	const allWarnings = [];
+	const skipped = [];
+	const resolvedContent = /* @__PURE__ */ new Map();
+	const allAtomsForResolve = collectAtoms(pkg, options?.resolver);
+	if (options?.sourceDir) {
+		const sourceFiles = resolveSourceFiles(allAtomsForResolve, options.sourceDir, adapter.name);
+		for (const sf of sourceFiles) if (sf.path.startsWith("__resolved__/")) resolvedContent.set(sf.path.replace("__resolved__/", ""), sf.content);
+		else rawFiles.push(sf);
+	}
+	const allAtoms = collectAtoms(pkg, options?.resolver);
+	if (options?.sourceDir) {
+		for (const atom of allAtoms) if (atom.kind === "tool" && atom.mcp?.entry && atom.mcp?.runtime) {
+			const absoluteEntry = path.resolve(options.sourceDir, atom.mcp.entry);
+			atom.mcp.command = atom.mcp.runtime;
+			atom.mcp.args = [absoluteEntry, ...atom.mcp.args ?? []];
+		}
+	}
+	for (const atom of allAtoms) {
+		if (adapter.capabilities[atom.kind] === "none") {
+			const label = "name" in atom && atom.name ? `${atom.kind}/${atom.name}` : atom.kind;
+			allWarnings.push({
+				level: "skipped",
+				atomKind: atom.kind,
+				message: `${adapter.name} does not support ${atom.kind} — skipped "${label}"`
+			});
+			skipped.push(atom.kind);
+			continue;
+		}
+		const output = adapter.compileAtom(atom);
+		rawFiles.push(...output.files);
+		allWarnings.push(...output.warnings);
+	}
+	return {
+		files: mergeFilesByPath(resolvedContent.size > 0 ? inlineFileReferences(rawFiles, resolvedContent) : rawFiles),
+		warnings: allWarnings,
+		skipped
+	};
+}
+function normalizeDirectory(dir) {
+	const tankJsonPath = path.join(dir, "tank.json");
+	const skillsJsonPath = path.join(dir, "skills.json");
+	const skillMdPath = path.join(dir, "SKILL.md");
+	const manifestPath = fs.existsSync(tankJsonPath) ? tankJsonPath : fs.existsSync(skillsJsonPath) ? skillsJsonPath : null;
+	if (!manifestPath) return {
+		success: false,
+		error: "No tank.json or skills.json found"
+	};
+	let manifest;
+	try {
+		manifest = JSON.parse(fs.readFileSync(manifestPath, "utf-8"));
+	} catch {
+		return {
+			success: false,
+			error: `Failed to parse ${path.basename(manifestPath)}`
+		};
+	}
+	const hasAtoms = "atoms" in manifest && Array.isArray(manifest.atoms);
+	const hasSkillMd = fs.existsSync(skillMdPath);
+	if (!hasAtoms && !hasSkillMd) return {
+		success: false,
+		error: "No atoms field in manifest and no SKILL.md found"
+	};
+	const atoms = hasAtoms ? manifest.atoms : [{
+		kind: "instruction",
+		content: "SKILL.md"
+	}];
+	const pkg = {
+		...manifest,
+		atoms
+	};
+	const result = packageIRSchema.safeParse(pkg);
+	if (!result.success) return {
+		success: false,
+		error: `Invalid manifest:\n${result.error.issues.map((i) => `  ${i.path.join(".")}: ${i.message}`).join("\n")}`
+	};
+	return {
+		success: true,
+		data: result.data
+	};
 }
 //#endregion
 //#region src/commands/build.ts
@@ -1327,6 +2770,527 @@ function prepareAgentSkillDir(options) {
 	return targetDir;
 }
 //#endregion
+//#region src/lib/scan-gate.ts
+/**
+* Security scan gate for `tank install <url>`.
+* Calls the public scan API and enforces verdicts.
+*/
+function verdictColor$1(verdict) {
+	switch (verdict) {
+		case "pass": return chalk.green;
+		case "pass_with_notes": return chalk.yellow;
+		case "flagged": return chalk.hex("#FF8C00");
+		case "fail": return chalk.red;
+		case "error": return chalk.red;
+		default: return chalk.white;
+	}
+}
+function severityColor$1(severity) {
+	switch (severity) {
+		case "critical": return chalk.red;
+		case "high": return chalk.hex("#FF8C00");
+		case "medium": return chalk.yellow;
+		case "low": return chalk.green;
+		case "info": return chalk.blue;
+		default: return chalk.white;
+	}
+}
+function scoreColor$2(score) {
+	if (score >= 7) return chalk.green;
+	if (score >= 4) return chalk.yellow;
+	return chalk.red;
+}
+async function promptUser(question) {
+	const rl = createInterface({
+		input: process.stdin,
+		output: process.stdout
+	});
+	return new Promise((resolve) => {
+		rl.question(question, (answer) => {
+			rl.close();
+			resolve(answer.toLowerCase() === "y" || answer.toLowerCase() === "yes");
+		});
+	});
+}
+async function scanUrl(url, options) {
+	const config = getConfig();
+	const registryUrl = options?.registryUrl ?? config.registry;
+	const token = options?.token ?? config.token;
+	let res;
+	try {
+		const headers = {
+			"Content-Type": "application/json",
+			"User-Agent": USER_AGENT
+		};
+		if (token) headers.Authorization = `Bearer ${token}`;
+		res = await fetch(`${registryUrl}/api/v1/scan`, {
+			method: "POST",
+			headers,
+			body: JSON.stringify({ url }),
+			signal: AbortSignal.timeout(65e3)
+		});
+	} catch (err) {
+		return {
+			success: false,
+			verdict: "error",
+			auditScore: null,
+			findings: [],
+			durationMs: null,
+			error: `Network error: ${err instanceof Error ? err.message : String(err)}`
+		};
+	}
+	if (!res.ok) {
+		if (res.status === 429) return {
+			success: false,
+			verdict: "error",
+			auditScore: null,
+			findings: [],
+			durationMs: null,
+			error: `Rate limited (429): ${token ? "Authenticated rate limit reached (20/hr). Try again later." : "Anonymous rate limit reached (3/hr). Run `tank login` for higher limits."}`
+		};
+		if (res.status === 504) return {
+			success: false,
+			verdict: "error",
+			auditScore: null,
+			findings: [],
+			durationMs: null,
+			error: "Scan timed out (504). The skill may be too large or the scanner is overloaded."
+		};
+		return {
+			success: false,
+			verdict: "error",
+			auditScore: null,
+			findings: [],
+			durationMs: null,
+			error: (await res.json().catch(() => null))?.error ?? `HTTP ${res.status}: ${res.statusText}`
+		};
+	}
+	const data = await res.json();
+	const findings = data.findings.map((f) => ({
+		severity: f.severity,
+		type: f.type,
+		description: f.description,
+		...f.location ? { location: f.location } : {}
+	}));
+	return {
+		success: true,
+		verdict: data.verdict,
+		auditScore: data.audit_score ?? null,
+		findings,
+		durationMs: data.duration_ms ?? null
+	};
+}
+function displayScanResults(result) {
+	const verdictLabel = verdictColor$1(result.verdict)(result.verdict.toUpperCase());
+	console.log("");
+	console.log(chalk.bold("Security Scan Results"));
+	console.log("");
+	console.log(`${chalk.dim("Verdict:".padEnd(14))}${verdictLabel}`);
+	if (result.auditScore !== null) {
+		const scoreLabel = scoreColor$2(result.auditScore)(result.auditScore.toFixed(1));
+		console.log(`${chalk.dim("Score:".padEnd(14))}${scoreLabel}/10`);
+	}
+	if (result.durationMs !== null) console.log(`${chalk.dim("Duration:".padEnd(14))}${(result.durationMs / 1e3).toFixed(1)}s`);
+	if (result.error) console.log(`${chalk.dim("Error:".padEnd(14))}${chalk.red(result.error)}`);
+	if (result.findings.length > 0) {
+		console.log("");
+		console.log(chalk.bold(`Findings (${result.findings.length})`));
+		const bySeverity = {
+			critical: [],
+			high: [],
+			medium: [],
+			low: [],
+			info: []
+		};
+		for (const f of result.findings) bySeverity[f.severity].push(f);
+		for (const severity of [
+			"critical",
+			"high",
+			"medium",
+			"low",
+			"info"
+		]) {
+			const group = bySeverity[severity];
+			if (group.length === 0) continue;
+			console.log("");
+			const label = severityColor$1(severity)(`${severity.toUpperCase()} (${group.length})`);
+			console.log(`  ${label}`);
+			for (const f of group) {
+				console.log(`    - ${chalk.bold(f.type)}: ${f.description}`);
+				if (f.location) console.log(`      ${chalk.dim("Location:")} ${f.location}`);
+			}
+		}
+	} else if (result.success) {
+		console.log("");
+		console.log(chalk.green("No findings. The skill looks secure."));
+	}
+	console.log("");
+}
+async function enforceVerdict(result, options) {
+	switch (result.verdict) {
+		case "pass":
+		case "pass_with_notes": return { allowed: true };
+		case "flagged": {
+			if (options?.yes) return { allowed: true };
+			const count = result.findings.length;
+			if (await promptUser(chalk.yellow(`⚠ Security scan flagged ${count} issue${count === 1 ? "" : "s"}. Install anyway? (y/N) `))) return { allowed: true };
+			return {
+				allowed: false,
+				reason: "User declined after security warnings"
+			};
+		}
+		case "fail": return {
+			allowed: false,
+			reason: "Security scan failed with critical findings"
+		};
+		case "error": return {
+			allowed: false,
+			reason: `Security scan error: ${result.error ?? "unknown"}`
+		};
+		default: return {
+			allowed: false,
+			reason: `Unknown verdict: ${result.verdict}`
+		};
+	}
+}
+//#endregion
+//#region src/lib/url-fetcher.ts
+/**
+* Fetch skills from URLs for `tank install <url>`.
+* Routes GitHub (git clone), ClawHub (zip), skills.sh, and generic tarballs
+* to temp directories with cleanup-on-failure semantics.
+*/
+const HOST_MAP = [
+	[/github\.com/i, "github"],
+	[/clawhub\.ai/i, "clawhub"],
+	[/skills\.sh/i, "skills_sh"],
+	[/agentskills\.co\.il/i, "agentskills_il"],
+	[/registry\.npmjs\.org/i, "npm"]
+];
+function detectSourceType(url) {
+	for (const [pattern, sourceType] of HOST_MAP) if (pattern.test(url)) return sourceType;
+	return "unknown";
+}
+/** Returns true if the input looks like a URL rather than a package name. */
+function isUrl(input) {
+	if (input.startsWith("http://") || input.startsWith("https://")) return true;
+	for (const [pattern] of HOST_MAP) if (pattern.test(input)) return true;
+	return false;
+}
+/** Best-effort skill name extraction from a URL. */
+function inferSkillName(url) {
+	try {
+		const segments = new URL(url.startsWith("http") ? url : `https://${url}`).pathname.replace(/\.git$/, "").split("/").filter(Boolean);
+		switch (detectSourceType(url)) {
+			case "github": {
+				if (segments.length < 2) return null;
+				const treeIdx = segments.indexOf("tree");
+				if (treeIdx !== -1 && segments.length > treeIdx + 2) return segments[segments.length - 1] ?? null;
+				return segments[1] ?? null;
+			}
+			case "clawhub": return segments[1] ?? null;
+			case "skills_sh": return segments[2] ?? segments[1] ?? null;
+			case "agentskills_il": return segments[1] ?? null;
+			case "npm": return segments[segments.length - 1] ?? null;
+			default: return segments[segments.length - 1] ?? null;
+		}
+	} catch {
+		return null;
+	}
+}
+async function createTempDir() {
+	return mkdtemp(join(tmpdir(), "tank-fetch-"));
+}
+async function cleanupDir(dir) {
+	try {
+		await rm(dir, {
+			recursive: true,
+			force: true
+		});
+	} catch {}
+}
+function ensureGitInstalled() {
+	try {
+		execSync("git --version", { stdio: "ignore" });
+	} catch {
+		throw new Error("Git is not installed. Install git and try again.");
+	}
+}
+function gitCloneShallow(repoUrl, dest) {
+	try {
+		execSync(`git clone --depth 1 ${repoUrl} ${dest}`, {
+			stdio: "pipe",
+			timeout: 6e4
+		});
+	} catch (err) {
+		const msg = err instanceof Error ? err.message : String(err);
+		if (msg.includes("Repository not found") || msg.includes("not found")) throw new Error(`Repository not found: ${repoUrl}`);
+		if (msg.includes("timed out") || msg.includes("ETIMEDOUT")) throw new Error(`Network timeout cloning ${repoUrl}`);
+		throw new Error(`Git clone failed: ${msg}`);
+	}
+}
+function gitRevParseHead(dir) {
+	try {
+		return execSync("git rev-parse HEAD", {
+			cwd: dir,
+			stdio: "pipe"
+		}).toString().trim();
+	} catch {
+		return null;
+	}
+}
+async function downloadFile(url, dest) {
+	const res = await fetch(url, { signal: AbortSignal.timeout(6e4) });
+	if (!res.ok) {
+		if (res.status === 404) throw new Error(`Not found: ${url}`);
+		throw new Error(`HTTP ${res.status} downloading ${url}`);
+	}
+	if (!res.body) throw new Error(`Empty response body from ${url}`);
+	await pipeline(Readable.fromWeb(res.body), createWriteStream(dest));
+}
+async function extractZip(zipPath, dest) {
+	try {
+		execSync(`unzip -o -q "${zipPath}" -d "${dest}"`, {
+			stdio: "pipe",
+			timeout: 3e4
+		});
+	} catch (err) {
+		const msg = err instanceof Error ? err.message : String(err);
+		throw new Error(`Zip extraction failed: ${msg}`);
+	}
+}
+async function extractTarball(tarPath, dest) {
+	try {
+		execSync(`tar xzf "${tarPath}" -C "${dest}"`, {
+			stdio: "pipe",
+			timeout: 3e4
+		});
+	} catch (err) {
+		const msg = err instanceof Error ? err.message : String(err);
+		throw new Error(`Tarball extraction failed: ${msg}`);
+	}
+}
+function parseGitHubUrl(url) {
+	try {
+		const segments = new URL(url.startsWith("http") ? url : `https://${url}`).pathname.replace(/\.git$/, "").split("/").filter(Boolean);
+		if (segments.length < 2) return null;
+		const owner = segments[0];
+		const repo = segments[1];
+		let branch = null;
+		let subpath = null;
+		if (segments[2] === "tree" && segments.length > 3) {
+			branch = segments[3];
+			if (segments.length > 4) subpath = segments.slice(4).join("/");
+		}
+		return {
+			owner,
+			repo,
+			branch,
+			subpath
+		};
+	} catch {
+		return null;
+	}
+}
+async function fetchFromGitHub(url, tempDir) {
+	ensureGitInstalled();
+	const parts = parseGitHubUrl(url);
+	if (!parts) throw new Error(`Invalid GitHub URL: ${url}`);
+	const cloneUrl = `https://github.com/${parts.owner}/${parts.repo}.git`;
+	const cloneDest = join(tempDir, parts.repo);
+	logger.info(`Cloning ${parts.owner}/${parts.repo}...`);
+	gitCloneShallow(cloneUrl, cloneDest);
+	if (parts.branch) try {
+		execSync(`git checkout ${parts.branch}`, {
+			cwd: cloneDest,
+			stdio: "pipe",
+			timeout: 1e4
+		});
+	} catch {}
+	const commitSha = gitRevParseHead(cloneDest);
+	let localPath = cloneDest;
+	if (parts.subpath) {
+		const subDir = join(cloneDest, parts.subpath);
+		try {
+			if ((await stat(subDir)).isDirectory()) localPath = subDir;
+		} catch {
+			throw new Error(`Subpath not found in repo: ${parts.subpath}`);
+		}
+	}
+	return {
+		localPath,
+		sourceType: "github",
+		sourceUrl: url,
+		commitSha,
+		inferredName: parts.subpath ? parts.subpath.split("/").pop() ?? parts.repo : parts.repo,
+		cleanup: () => cleanupDir(tempDir)
+	};
+}
+function parseClawHubUrl(url) {
+	try {
+		const segments = new URL(url.startsWith("http") ? url : `https://${url}`).pathname.split("/").filter(Boolean);
+		if (segments.length < 2) return null;
+		return {
+			owner: segments[0],
+			skillName: segments[1]
+		};
+	} catch {
+		return null;
+	}
+}
+async function fetchFromClawHub(url, tempDir) {
+	const parts = parseClawHubUrl(url);
+	if (!parts) throw new Error(`Invalid ClawHub URL: ${url}`);
+	logger.info(`Fetching ${parts.owner}/${parts.skillName} from ClawHub...`);
+	const pageUrl = url.startsWith("http") ? url : `https://${url}`;
+	const pageRes = await fetch(pageUrl, { signal: AbortSignal.timeout(3e4) });
+	if (!pageRes.ok) {
+		if (pageRes.status === 404) throw new Error(`Skill not found on ClawHub: ${parts.skillName}`);
+		throw new Error(`HTTP ${pageRes.status} fetching ClawHub page`);
+	}
+	const html = await pageRes.text();
+	const downloadUrlMatch = html.match(/https?:\/\/[^\s"']+\.convex\.cloud[^\s"']*download[^\s"']*/i) ?? html.match(/https?:\/\/[^\s"']+\.zip/i);
+	if (!downloadUrlMatch) throw new Error("Could not find download URL on ClawHub page. The skill may not have a downloadable archive.");
+	const zipPath = join(tempDir, `${parts.skillName}.zip`);
+	await downloadFile(downloadUrlMatch[0], zipPath);
+	const extractDir = join(tempDir, parts.skillName);
+	await mkdir(extractDir, { recursive: true });
+	await extractZip(zipPath, extractDir);
+	return {
+		localPath: extractDir,
+		sourceType: "clawhub",
+		sourceUrl: url,
+		commitSha: null,
+		inferredName: parts.skillName,
+		cleanup: () => cleanupDir(tempDir)
+	};
+}
+function parseSkillsShUrl(url) {
+	try {
+		const segments = new URL(url.startsWith("http") ? url : `https://${url}`).pathname.split("/").filter(Boolean);
+		if (segments.length < 2) return null;
+		return {
+			owner: segments[0],
+			repo: segments[1],
+			skillName: segments[2] ?? null
+		};
+	} catch {
+		return null;
+	}
+}
+async function fetchFromSkillsSh(url, tempDir) {
+	ensureGitInstalled();
+	const parts = parseSkillsShUrl(url);
+	if (!parts) throw new Error(`Invalid skills.sh URL: ${url}`);
+	const cloneUrl = `https://github.com/${parts.owner}/${parts.repo}.git`;
+	const cloneDest = join(tempDir, parts.repo);
+	logger.info(`Cloning ${parts.owner}/${parts.repo} (via skills.sh)...`);
+	gitCloneShallow(cloneUrl, cloneDest);
+	const commitSha = gitRevParseHead(cloneDest);
+	let localPath = cloneDest;
+	const inferredName = parts.skillName ?? parts.repo;
+	if (parts.skillName) {
+		const candidates = [
+			join(cloneDest, "skills", parts.skillName),
+			join(cloneDest, "src", "skills", parts.skillName),
+			join(cloneDest, parts.skillName)
+		];
+		let found = false;
+		for (const candidate of candidates) try {
+			if ((await stat(candidate)).isDirectory()) {
+				localPath = candidate;
+				found = true;
+				break;
+			}
+		} catch {}
+		if (!found) throw new Error(`Skill "${parts.skillName}" not found in ${parts.repo}. Searched: skills/${parts.skillName}, src/skills/${parts.skillName}, ${parts.skillName}`);
+	}
+	return {
+		localPath,
+		sourceType: "skills_sh",
+		sourceUrl: url,
+		commitSha,
+		inferredName,
+		cleanup: () => cleanupDir(tempDir)
+	};
+}
+async function fetchFromGenericUrl(url, tempDir) {
+	const fullUrl = url.startsWith("http") ? url : `https://${url}`;
+	logger.info(`Downloading from ${fullUrl}...`);
+	const isTarball = /\.(tar\.gz|tgz)(\?|$)/i.test(fullUrl);
+	const isZip = /\.zip(\?|$)/i.test(fullUrl);
+	if (!isTarball && !isZip) {
+		const archivePath = join(tempDir, "skill.tar.gz");
+		await downloadFile(fullUrl, archivePath);
+		const extractDir = join(tempDir, "skill");
+		await mkdir(extractDir, { recursive: true });
+		try {
+			await extractTarball(archivePath, extractDir);
+		} catch {
+			try {
+				await extractZip(archivePath, extractDir);
+			} catch {
+				throw new Error(`Failed to extract archive from ${fullUrl}. Expected .tar.gz or .zip format.`);
+			}
+		}
+		return {
+			localPath: extractDir,
+			sourceType: detectSourceType(url),
+			sourceUrl: url,
+			commitSha: null,
+			inferredName: inferSkillName(url),
+			cleanup: () => cleanupDir(tempDir)
+		};
+	}
+	const archivePath = join(tempDir, `skill.${isTarball ? "tar.gz" : "zip"}`);
+	await downloadFile(fullUrl, archivePath);
+	const extractDir = join(tempDir, "skill");
+	await mkdir(extractDir, { recursive: true });
+	if (isTarball) await extractTarball(archivePath, extractDir);
+	else await extractZip(archivePath, extractDir);
+	return {
+		localPath: extractDir,
+		sourceType: detectSourceType(url),
+		sourceUrl: url,
+		commitSha: null,
+		inferredName: inferSkillName(url),
+		cleanup: () => cleanupDir(tempDir)
+	};
+}
+/** Fetch a skill from a URL to a local temp directory. */
+async function fetchFromUrl(url) {
+	const sourceType = detectSourceType(url);
+	let tempDir = null;
+	try {
+		tempDir = await createTempDir();
+		let result;
+		switch (sourceType) {
+			case "github":
+				result = await fetchFromGitHub(url, tempDir);
+				break;
+			case "clawhub":
+				result = await fetchFromClawHub(url, tempDir);
+				break;
+			case "skills_sh":
+				result = await fetchFromSkillsSh(url, tempDir);
+				break;
+			default:
+				result = await fetchFromGenericUrl(url, tempDir);
+				break;
+		}
+		return {
+			success: true,
+			...result
+		};
+	} catch (err) {
+		if (tempDir) await cleanupDir(tempDir);
+		return {
+			success: false,
+			error: err instanceof Error ? err.message : String(err)
+		};
+	}
+}
+//#endregion
 //#region src/commands/install.ts
 function createRegistryFetcher(registry, headers) {
 	const versionsCache = /* @__PURE__ */ new Map();
@@ -1755,6 +3719,149 @@ async function installAll(options) {
 function buildIntegrity(buffer) {
 	return `sha512-${crypto$1.createHash("sha512").update(buffer).digest("base64")}`;
 }
+/** Map url-fetcher source types to lockfile SkillSource values. */
+function mapSourceType(urlSourceType) {
+	switch (urlSourceType) {
+		case "github": return "github";
+		case "clawhub": return "clawhub";
+		case "skills_sh": return "skills_sh";
+		case "agentskills_il": return "agentskills_il";
+		case "npm": return "npm";
+		default: return "local";
+	}
+}
+/** Compute SHA-512 integrity hash over all files in a directory (sorted by path). */
+function computeDirectoryIntegrity(dir) {
+	const files = [];
+	function walkDir(current) {
+		const entries = fs.readdirSync(current, { withFileTypes: true });
+		for (const entry of entries) {
+			if (entry.name === ".git") continue;
+			const fullPath = path.join(current, entry.name);
+			if (entry.isDirectory()) walkDir(fullPath);
+			else if (entry.isFile()) files.push(fullPath);
+		}
+	}
+	walkDir(dir);
+	files.sort();
+	const hash = crypto$1.createHash("sha512");
+	for (const file of files) hash.update(fs.readFileSync(file));
+	return `sha512-${hash.digest("base64")}`;
+}
+/** Read a manifest (tank.json or skills.json) from a directory, returning null if missing/invalid. */
+function readManifestFromDir(dir) {
+	for (const filename of ["tank.json", "skills.json"]) {
+		const manifestPath = path.join(dir, filename);
+		if (fs.existsSync(manifestPath)) try {
+			return JSON.parse(fs.readFileSync(manifestPath, "utf-8"));
+		} catch {
+			return null;
+		}
+	}
+	return null;
+}
+async function installFromUrl(url, options) {
+	const { global = false, yes = false } = options;
+	const resolvedHome = os.homedir();
+	const directory = process.cwd();
+	const spinner = ora(`Fetching from URL...`).start();
+	let fetchResult;
+	try {
+		const output = await fetchFromUrl(url);
+		if (!output.success) {
+			spinner.fail("Fetch failed");
+			logger.error(output.error);
+			process.exit(1);
+		}
+		fetchResult = output;
+		spinner.text = "Scanning for security issues...";
+	} catch (err) {
+		spinner.fail("Fetch failed");
+		const msg = err instanceof Error ? err.message : String(err);
+		logger.error(msg);
+		process.exit(1);
+	}
+	try {
+		const scanResult = await scanUrl(url);
+		displayScanResults(scanResult);
+		const enforcement = await enforceVerdict(scanResult, { yes });
+		if (!enforcement.allowed) {
+			spinner.fail(enforcement.reason ?? "Install blocked by security scan");
+			await fetchResult.cleanup();
+			process.exit(1);
+		}
+		const skillMdPath = path.join(fetchResult.localPath, "SKILL.md");
+		if (!fs.existsSync(skillMdPath)) throw new Error("No SKILL.md found. This doesn't appear to be a valid skill.");
+		const existingManifest = readManifestFromDir(fetchResult.localPath);
+		const skillName = existingManifest?.name ?? fetchResult.inferredName ?? path.basename(fetchResult.localPath);
+		const skillVersion = existingManifest?.version ?? "0.0.0";
+		const skillDescription = existingManifest?.description ?? "";
+		if (!existingManifest) {
+			const generatedManifest = {
+				name: skillName,
+				version: skillVersion,
+				description: skillDescription
+			};
+			fs.writeFileSync(path.join(fetchResult.localPath, "tank.json"), `${JSON.stringify(generatedManifest, null, 2)}\n`);
+			logger.info("Generated tank.json (no manifest found in source)");
+		}
+		spinner.text = `Installing ${skillName}...`;
+		const installDir = global ? path.join(resolvedHome, ".tank", "skills", skillName) : path.join(directory, ".tank", "skills", skillName);
+		if (fs.existsSync(installDir)) fs.rmSync(installDir, {
+			recursive: true,
+			force: true
+		});
+		fs.mkdirSync(path.dirname(installDir), { recursive: true });
+		fs.cpSync(fetchResult.localPath, installDir, { recursive: true });
+		const integrity = computeDirectoryIntegrity(installDir);
+		const resolvedLock = resolveLockfilePath(global ? path.join(resolvedHome, ".tank") : directory);
+		const lockPath = resolvedLock.exists ? resolvedLock.path : global ? path.join(resolvedHome, ".tank", LOCKFILE_FILENAME) : path.join(directory, LOCKFILE_FILENAME);
+		const lock = readLockOrFresh(lockPath);
+		const lockKey = `${skillName}@${skillVersion}`;
+		const skillPermissions = existingManifest?.permissions ?? {};
+		lock.skills[lockKey] = {
+			resolved: url.startsWith("http") ? url : `https://${url}`,
+			integrity,
+			permissions: skillPermissions,
+			audit_score: scanResult.auditScore ?? null,
+			source: mapSourceType(fetchResult.sourceType),
+			scan_verdict: scanResult.verdict,
+			scanned_at: (/* @__PURE__ */ new Date()).toISOString()
+		};
+		lock.lockfileVersion = 2;
+		fs.mkdirSync(path.dirname(lockPath), { recursive: true });
+		fs.writeFileSync(lockPath, `${JSON.stringify(lock, null, 2)}\n`);
+		const linkedAgents = [];
+		try {
+			const agentSkillsBaseDir = global ? getGlobalAgentSkillsDir(resolvedHome) : path.join(directory, ".tank", "agent-skills");
+			const linksDir = global ? path.join(resolvedHome, ".tank") : path.join(directory, ".tank");
+			const linkResult = linkSkillToAgents({
+				skillName,
+				sourceDir: prepareAgentSkillDir({
+					skillName,
+					extractDir: installDir,
+					agentSkillsBaseDir,
+					description: skillDescription
+				}),
+				linksDir,
+				source: global ? "global" : "local"
+			});
+			linkedAgents.push(...linkResult.linked);
+			if (linkResult.failed.length > 0) for (const failedLink of linkResult.failed) logger.warn(`Failed to link to ${failedLink.agentId}: ${failedLink.error}`);
+		} catch {
+			logger.warn("Agent linking skipped (non-fatal)");
+		}
+		if (detectInstalledAgents().length === 0) logger.warn("No agents detected for linking");
+		await fetchResult.cleanup();
+		spinner.succeed(`Installed ${skillName} from ${fetchResult.sourceType}`);
+		if (linkedAgents.length > 0) logger.info(`Linked to ${linkedAgents.join(", ")}`);
+		logger.info(`Locked (${integrity.slice(0, 20)}..., scanned ${(/* @__PURE__ */ new Date()).toISOString().split("T")[0]})`);
+	} catch (err) {
+		await fetchResult.cleanup();
+		spinner.fail("Install failed");
+		throw err;
+	}
+}
 //#endregion
 //#region src/commands/link.ts
 async function linkCommand(options = {}) {
@@ -2125,8 +4232,7 @@ const IGNORE_FILES = [".tankignore", ".gitignore"];
 * Pack a skill directory into a .tgz tarball with integrity hashing.
 *
 * Validates:
-* - skills.json exists and is valid
-* - SKILL.md exists
+* - tank.json (or skills.json) exists and is valid
 * - No symlinks or hardlinks
 * - No path traversal (.. components)
 * - No absolute paths
@@ -2156,18 +4262,23 @@ async function pack(directory) {
 	} catch {
 		throw new Error(`Invalid ${manifestFilename}: not valid JSON`);
 	}
-	const validation = skillsJsonSchema.safeParse(parsed);
+	const validation = publishManifestSchema.safeParse(parsed);
 	if (!validation.success) {
 		const issues = validation.error.issues.map((i) => `  - ${i.path.join(".")}: ${i.message}`).join("\n");
 		throw new Error(`Invalid ${manifestFilename}:\n${issues}`);
 	}
+	let readmeContent = "";
 	const skillMdPath = path.join(absDir, "SKILL.md");
-	if (!fs.existsSync(skillMdPath)) throw new Error("Missing required file: SKILL.md");
-	let readmeContent;
-	try {
+	const readmeMdPath = path.join(absDir, "README.md");
+	if (fs.existsSync(skillMdPath)) try {
 		readmeContent = fs.readFileSync(skillMdPath, "utf-8");
 	} catch {
-		throw new Error("Failed to read SKILL.md");
+		readmeContent = "";
+	}
+	else if (fs.existsSync(readmeMdPath)) try {
+		readmeContent = fs.readFileSync(readmeMdPath, "utf-8");
+	} catch {
+		readmeContent = "";
 	}
 	const files = collectFiles(absDir, absDir, buildIgnoreFilter(absDir));
 	if (files.length > MAX_FILE_COUNT) throw new Error(`Too many files: ${files.length} exceeds maximum of ${MAX_FILE_COUNT}`);
@@ -2269,9 +4380,12 @@ function collectFiles(baseDir, currentDir, ig) {
 		if (relativePath.split(path.sep).includes("..")) throw new Error(`Path traversal detected: "${relativePath}" contains ".." component`);
 		if (path.isAbsolute(relativePath)) throw new Error(`Absolute path detected: "${relativePath}"`);
 		const lstatResult = fs.lstatSync(fullPath);
-		if (lstatResult.isSymbolicLink()) throw new Error(`Symlink detected: "${relativePath}" — symlinks are not allowed in skill packages`);
-		const pathForIgnore = lstatResult.isDirectory() ? `${relativePath}/` : relativePath;
+		const pathForIgnore = lstatResult.isDirectory() || lstatResult.isSymbolicLink() && fs.statSync(fullPath).isDirectory() ? `${relativePath}/` : relativePath;
 		if (ig.ignores(pathForIgnore)) continue;
+		if (lstatResult.isSymbolicLink()) {
+			console.warn(`⚠ Skipping symlink: ${relativePath}`);
+			continue;
+		}
 		if (lstatResult.isDirectory()) {
 			const subFiles = collectFiles(baseDir, fullPath, ig);
 			files.push(...subFiles);
@@ -3399,9 +5513,13 @@ program.command("publish").alias("pub").description("Pack and publish a skill to
 		process.exit(1);
 	}
 });
-program.command("install").alias("i").description("Install a skill from the Tank registry, or all skills from lockfile").argument("[name]", "Skill name (e.g., @org/skill-name). Omit to install from lockfile.").argument("[version-range]", "Semver range (default: *)", "*").option("-g, --global", "Install skill globally (available to all projects)").action(async (name, versionRange, opts) => {
+program.command("install").alias("i").description("Install a skill from the Tank registry, a URL, or all skills from lockfile").argument("[name]", "Skill name or URL (e.g., @org/skill-name or https://github.com/owner/repo). Omit to install from lockfile.").argument("[version-range]", "Semver range (default: *)", "*").option("-g, --global", "Install skill globally (available to all projects)").option("-y, --yes", "Auto-accept flagged scan verdicts").action(async (name, versionRange, opts) => {
 	try {
-		if (name) await installCommand({
+		if (name && isUrl(name)) await installFromUrl(name, {
+			global: opts.global,
+			yes: opts.yes
+		});
+		else if (name) await installCommand({
 			name,
 			versionRange,
 			global: opts.global