@tankpkg/cli 0.4.2

package/dist/lib/lockfile.js

@@ -0,0 +1,135 @@
+import fs from 'node:fs';
+import path from 'node:path';
+/**
+ * Read and parse the lockfile from the given directory.
+ * Returns null if the file doesn't exist or is corrupt.
+ */
+export function readLockfile(directory) {
+    const dir = directory ?? process.cwd();
+    const lockPath = path.join(dir, 'skills.lock');
+    if (!fs.existsSync(lockPath)) {
+        return null;
+    }
+    try {
+        const raw = fs.readFileSync(lockPath, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Write a lockfile deterministically: sorted keys, consistent formatting, trailing newline.
+ */
+export function writeLockfile(lock, directory) {
+    const dir = directory ?? process.cwd();
+    const lockPath = path.join(dir, 'skills.lock');
+    // Sort skill keys alphabetically for determinism
+    const sortedSkills = {};
+    for (const key of Object.keys(lock.skills).sort()) {
+        sortedSkills[key] = lock.skills[key];
+    }
+    const output = {
+        lockfileVersion: lock.lockfileVersion,
+        skills: sortedSkills,
+    };
+    fs.writeFileSync(lockPath, JSON.stringify(output, null, 2) + '\n');
+}
+/**
+ * Compute the union of all skill permissions from a lockfile.
+ * Merges network outbound, filesystem read/write (deduped), and subprocess (OR).
+ */
+export function computeResolvedPermissions(lock) {
+    const entries = Object.values(lock.skills);
+    if (entries.length === 0) {
+        return {};
+    }
+    const outbound = new Set();
+    const fsRead = new Set();
+    const fsWrite = new Set();
+    let subprocess = false;
+    for (const entry of entries) {
+        const perms = entry.permissions;
+        if (perms.network?.outbound) {
+            for (const domain of perms.network.outbound) {
+                outbound.add(domain);
+            }
+        }
+        if (perms.filesystem?.read) {
+            for (const pattern of perms.filesystem.read) {
+                fsRead.add(pattern);
+            }
+        }
+        if (perms.filesystem?.write) {
+            for (const pattern of perms.filesystem.write) {
+                fsWrite.add(pattern);
+            }
+        }
+        if (perms.subprocess === true) {
+            subprocess = true;
+        }
+    }
+    const result = {};
+    if (outbound.size > 0) {
+        result.network = { outbound: [...outbound].sort() };
+    }
+    if (fsRead.size > 0 || fsWrite.size > 0) {
+        result.filesystem = {};
+        if (fsRead.size > 0) {
+            result.filesystem.read = [...fsRead].sort();
+        }
+        if (fsWrite.size > 0) {
+            result.filesystem.write = [...fsWrite].sort();
+        }
+    }
+    if (subprocess) {
+        result.subprocess = true;
+    }
+    return result;
+}
+/**
+ * Check if resolved permissions fit within the project's permission budget.
+ *
+ * Returns:
+ * - 'pass' if all resolved permissions are within budget
+ * - 'fail' if any resolved permission exceeds budget
+ * - 'no_budget' if no project permissions are defined
+ */
+export function computeBudgetCheck(resolvedPermissions, projectPermissions) {
+    if (projectPermissions === undefined) {
+        return 'no_budget';
+    }
+    // Check subprocess
+    if (resolvedPermissions.subprocess === true && projectPermissions.subprocess === false) {
+        return 'fail';
+    }
+    // Check network outbound
+    if (resolvedPermissions.network?.outbound) {
+        const budgetOutbound = new Set(projectPermissions.network?.outbound ?? []);
+        for (const domain of resolvedPermissions.network.outbound) {
+            if (!budgetOutbound.has(domain)) {
+                return 'fail';
+            }
+        }
+    }
+    // Check filesystem read
+    if (resolvedPermissions.filesystem?.read) {
+        const budgetRead = new Set(projectPermissions.filesystem?.read ?? []);
+        for (const pattern of resolvedPermissions.filesystem.read) {
+            if (!budgetRead.has(pattern)) {
+                return 'fail';
+            }
+        }
+    }
+    // Check filesystem write
+    if (resolvedPermissions.filesystem?.write) {
+        const budgetWrite = new Set(projectPermissions.filesystem?.write ?? []);
+        for (const pattern of resolvedPermissions.filesystem.write) {
+            if (!budgetWrite.has(pattern)) {
+                return 'fail';
+            }
+        }
+    }
+    return 'pass';
+}
+//# sourceMappingURL=lockfile.js.map

package/dist/lib/lockfile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lockfile.js","sourceRoot":"","sources":["../../src/lib/lockfile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAG7B;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,SAAkB;IAC7C,MAAM,GAAG,GAAG,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IAE/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAe,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAgB,EAAE,SAAkB;IAChE,MAAM,GAAG,GAAG,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IAE/C,iDAAiD;IACjD,MAAM,YAAY,GAAiD,EAAE,CAAC;IACtE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QAClD,YAAY,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,MAAM,GAAe;QACzB,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,MAAM,EAAE,YAAY;KACrB,CAAC;IAEF,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AACrE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,0BAA0B,CAAC,IAAgB;IACzD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,IAAI,UAAU,GAAG,KAAK,CAAC;IAEvB,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,CAAC;QAEhC,IAAI,KAAK,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;YAC5B,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAC5C,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC;YAC3B,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;gBAC5C,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,UAAU,EAAE,KAAK,EAAE,CAAC;YAC5B,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBAC7C,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,UAAU,KAAK,IAAI,EAAE,CAAC;YAC9B,UAAU,GAAG,IAAI,CAAC;QACpB,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAgB,EAAE,CAAC;IAE/B,IAAI,QAAQ,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,CAAC,OAAO,GAAG,EAAE,QAAQ,EAAE,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;IACtD,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACxC,MAAM,CAAC,UAAU,GAAG,EAAE,CAAC;QACvB,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACpB,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,CAAC;QACD,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACrB,MAAM,CAAC,UAAU,CAAC,KAAK,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,CAAC;IACH,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;IAC3B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAChC,mBAAgC,EAChC,kBAA2C;IAE3C,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;QACrC,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,mBAAmB;IACnB,IAAI,mBAAmB,CAAC,UAAU,KAAK,IAAI,IAAI,kBAAkB,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;QACvF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,yBAAyB;IACzB,IAAI,mBAAmB,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;QAC1C,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,OAAO,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC;QAC3E,KAAK,MAAM,MAAM,IAAI,mBAAmB,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC1D,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,IAAI,mBAAmB,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC;QACzC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QACtE,KAAK,MAAM,OAAO,IAAI,mBAAmB,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;YAC1D,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7B,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,IAAI,mBAAmB,CAAC,UAAU,EAAE,KAAK,EAAE,CAAC;QAC1C,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,UAAU,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QACxE,KAAK,MAAM,OAAO,IAAI,mBAAmB,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YAC3D,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9B,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/lib/logger.d.ts

@@ -0,0 +1,6 @@
+export declare const logger: {
+    info: (msg: string) => void;
+    success: (msg: string) => void;
+    warn: (msg: string) => void;
+    error: (msg: string) => void;
+};

package/dist/lib/logger.js

@@ -0,0 +1,8 @@
+import chalk from 'chalk';
+export const logger = {
+    info: (msg) => console.log(chalk.blue('ℹ'), msg),
+    success: (msg) => console.log(chalk.green('✓'), msg),
+    warn: (msg) => console.log(chalk.yellow('⚠'), msg),
+    error: (msg) => console.error(chalk.red('✗'), msg),
+};
+//# sourceMappingURL=logger.js.map

package/dist/lib/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/lib/logger.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB,IAAI,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC;IACxD,OAAO,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC;IAC5D,IAAI,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC;IAC1D,KAAK,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC;CAC3D,CAAC"}

package/dist/lib/packer.d.ts

@@ -0,0 +1,21 @@
+export interface PackResult {
+    tarball: Buffer;
+    integrity: string;
+    fileCount: number;
+    totalSize: number;
+    readme: string;
+    files: string[];
+}
+/**
+ * Pack a skill directory into a .tgz tarball with integrity hashing.
+ *
+ * Validates:
+ * - skills.json exists and is valid
+ * - SKILL.md exists
+ * - No symlinks or hardlinks
+ * - No path traversal (.. components)
+ * - No absolute paths
+ * - File count <= 1000
+ * - Tarball size <= 50MB
+ */
+export declare function pack(directory: string): Promise<PackResult>;

package/dist/lib/packer.js

@@ -0,0 +1,210 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import crypto from 'node:crypto';
+import { create } from 'tar';
+import ignore from 'ignore';
+import { skillsJsonSchema } from '@tank/shared';
+// Limits
+const MAX_PACKAGE_SIZE = 50 * 1024 * 1024; // 50MB
+const MAX_FILE_COUNT = 1000;
+// Default ignore patterns (used when no .tankignore or .gitignore exists)
+const DEFAULT_IGNORES = [
+    'node_modules',
+    '.git',
+    '.env*',
+    '*.log',
+    '.tank',
+    '.DS_Store',
+];
+// Always ignored regardless of ignore file contents
+const ALWAYS_IGNORED = [
+    'node_modules',
+    '.git',
+];
+// Ignore file names (not packed into tarball)
+const IGNORE_FILES = ['.tankignore', '.gitignore'];
+/**
+ * Pack a skill directory into a .tgz tarball with integrity hashing.
+ *
+ * Validates:
+ * - skills.json exists and is valid
+ * - SKILL.md exists
+ * - No symlinks or hardlinks
+ * - No path traversal (.. components)
+ * - No absolute paths
+ * - File count <= 1000
+ * - Tarball size <= 50MB
+ */
+export async function pack(directory) {
+    const absDir = path.resolve(directory);
+    // 1. Verify directory exists
+    if (!fs.existsSync(absDir)) {
+        throw new Error(`Directory does not exist: ${absDir}`);
+    }
+    const stat = fs.statSync(absDir);
+    if (!stat.isDirectory()) {
+        throw new Error(`Not a directory: ${absDir}`);
+    }
+    // 2. Verify skills.json exists and is valid
+    const skillsJsonPath = path.join(absDir, 'skills.json');
+    if (!fs.existsSync(skillsJsonPath)) {
+        throw new Error('Missing required file: skills.json');
+    }
+    let skillsJsonContent;
+    try {
+        skillsJsonContent = fs.readFileSync(skillsJsonPath, 'utf-8');
+    }
+    catch {
+        throw new Error('Failed to read skills.json');
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(skillsJsonContent);
+    }
+    catch {
+        throw new Error('Invalid skills.json: not valid JSON');
+    }
+    const validation = skillsJsonSchema.safeParse(parsed);
+    if (!validation.success) {
+        const issues = validation.error.issues
+            .map((i) => `  - ${i.path.join('.')}: ${i.message}`)
+            .join('\n');
+        throw new Error(`Invalid skills.json:\n${issues}`);
+    }
+    // 3. Verify SKILL.md exists and read its content
+    const skillMdPath = path.join(absDir, 'SKILL.md');
+    if (!fs.existsSync(skillMdPath)) {
+        throw new Error('Missing required file: SKILL.md');
+    }
+    let readmeContent;
+    try {
+        readmeContent = fs.readFileSync(skillMdPath, 'utf-8');
+    }
+    catch {
+        throw new Error('Failed to read SKILL.md');
+    }
+    // 4. Build ignore filter
+    const ig = buildIgnoreFilter(absDir);
+    // 5. Collect files with validation
+    const files = collectFiles(absDir, absDir, ig);
+    // 6. Enforce file count limit
+    if (files.length > MAX_FILE_COUNT) {
+        throw new Error(`Too many files: ${files.length} exceeds maximum of ${MAX_FILE_COUNT}`);
+    }
+    // 7. Calculate total size of source files
+    let totalSize = 0;
+    for (const file of files) {
+        const filePath = path.join(absDir, file);
+        const fileStat = fs.statSync(filePath);
+        totalSize += fileStat.size;
+    }
+    // 8. Create tarball
+    const tarball = await createTarball(absDir, files);
+    // 9. Enforce tarball size limit
+    if (tarball.length > MAX_PACKAGE_SIZE) {
+        throw new Error(`Tarball too large: ${tarball.length} bytes exceeds maximum of ${MAX_PACKAGE_SIZE} bytes (50MB)`);
+    }
+    // 10. Compute integrity hash
+    const hash = crypto.createHash('sha512').update(tarball).digest('base64');
+    const integrity = `sha512-${hash}`;
+    return {
+        tarball,
+        integrity,
+        fileCount: files.length,
+        totalSize,
+        readme: readmeContent,
+        files,
+    };
+}
+/**
+ * Build an ignore filter from .tankignore, .gitignore, or defaults.
+ */
+function buildIgnoreFilter(dir) {
+    const ig = ignore();
+    // Always add the forced ignores
+    ig.add(ALWAYS_IGNORED);
+    // Check for .tankignore first, then .gitignore, then defaults
+    const tankIgnorePath = path.join(dir, '.tankignore');
+    const gitIgnorePath = path.join(dir, '.gitignore');
+    if (fs.existsSync(tankIgnorePath)) {
+        const content = fs.readFileSync(tankIgnorePath, 'utf-8');
+        ig.add(content);
+        // Also ignore the ignore files themselves
+        ig.add(IGNORE_FILES);
+    }
+    else if (fs.existsSync(gitIgnorePath)) {
+        const content = fs.readFileSync(gitIgnorePath, 'utf-8');
+        ig.add(content);
+        ig.add(IGNORE_FILES);
+    }
+    else {
+        ig.add(DEFAULT_IGNORES);
+    }
+    return ig;
+}
+/**
+ * Recursively collect files from a directory, applying ignore rules and security checks.
+ */
+function collectFiles(baseDir, currentDir, ig) {
+    const files = [];
+    const entries = fs.readdirSync(currentDir, { withFileTypes: true });
+    for (const entry of entries) {
+        const fullPath = path.join(currentDir, entry.name);
+        const relativePath = path.relative(baseDir, fullPath);
+        // Security: check for path traversal
+        if (relativePath.split(path.sep).includes('..')) {
+            throw new Error(`Path traversal detected: "${relativePath}" contains ".." component`);
+        }
+        // Security: check for absolute paths
+        if (path.isAbsolute(relativePath)) {
+            throw new Error(`Absolute path detected: "${relativePath}"`);
+        }
+        // Security: check for symlinks using lstat (not stat which follows symlinks)
+        const lstatResult = fs.lstatSync(fullPath);
+        if (lstatResult.isSymbolicLink()) {
+            throw new Error(`Symlink detected: "${relativePath}" — symlinks are not allowed in skill packages`);
+        }
+        // Check if this path should be ignored
+        // For directories, append '/' so ignore patterns like 'dir/' work correctly
+        const pathForIgnore = lstatResult.isDirectory()
+            ? relativePath + '/'
+            : relativePath;
+        if (ig.ignores(pathForIgnore)) {
+            continue;
+        }
+        if (lstatResult.isDirectory()) {
+            // Recurse into subdirectory
+            const subFiles = collectFiles(baseDir, fullPath, ig);
+            files.push(...subFiles);
+        }
+        else if (lstatResult.isFile()) {
+            files.push(relativePath);
+        }
+        // Skip other types (block devices, character devices, FIFOs, sockets)
+    }
+    return files;
+}
+/**
+ * Create a gzipped tarball from the given files in the directory.
+ */
+async function createTarball(cwd, files) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        // tar.create without `file` returns a readable stream
+        const stream = create({
+            gzip: true,
+            cwd,
+            portable: true, // Omit system-specific metadata
+        }, files);
+        stream.on('data', (chunk) => {
+            chunks.push(chunk);
+        });
+        stream.on('end', () => {
+            resolve(Buffer.concat(chunks));
+        });
+        stream.on('error', (err) => {
+            reject(err);
+        });
+    });
+}
+//# sourceMappingURL=packer.js.map

package/dist/lib/packer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"packer.js","sourceRoot":"","sources":["../../src/lib/packer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,OAAO,EAAE,MAAM,EAAE,MAAM,KAAK,CAAC;AAC7B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,SAAS;AACT,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AAClD,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B,0EAA0E;AAC1E,MAAM,eAAe,GAAG;IACtB,cAAc;IACd,MAAM;IACN,OAAO;IACP,OAAO;IACP,OAAO;IACP,WAAW;CACZ,CAAC;AAEF,oDAAoD;AACpD,MAAM,cAAc,GAAG;IACrB,cAAc;IACd,MAAM;CACP,CAAC;AAEF,8CAA8C;AAC9C,MAAM,YAAY,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;AAWnD;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,SAAiB;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,6BAA6B;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,6BAA6B,MAAM,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,oBAAoB,MAAM,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,4CAA4C;IAC5C,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,iBAAyB,CAAC;IAC9B,IAAI,CAAC;QACH,iBAAiB,GAAG,EAAE,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,MAAM;aACnC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;aACnD,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,yBAAyB,MAAM,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,iDAAiD;IACjD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAClD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,aAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,aAAa,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,yBAAyB;IACzB,MAAM,EAAE,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAErC,mCAAmC;IACnC,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;IAE/C,8BAA8B;IAC9B,IAAI,KAAK,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CACb,mBAAmB,KAAK,CAAC,MAAM,uBAAuB,cAAc,EAAE,CACvE,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACvC,SAAS,IAAI,QAAQ,CAAC,IAAI,CAAC;IAC7B,CAAC;IAED,oBAAoB;IACpB,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAEnD,gCAAgC;IAChC,IAAI,OAAO,CAAC,MAAM,GAAG,gBAAgB,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,sBAAsB,OAAO,CAAC,MAAM,6BAA6B,gBAAgB,eAAe,CACjG,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC1E,MAAM,SAAS,GAAG,UAAU,IAAI,EAAE,CAAC;IAEnC,OAAO;QACL,OAAO;QACP,SAAS;QACT,SAAS,EAAE,KAAK,CAAC,MAAM;QACvB,SAAS;QACT,MAAM,EAAE,aAAa;QACrB,KAAK;KACN,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IAEpB,gCAAgC;IAChC,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAEvB,8DAA8D;IAC9D,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IAEnD,IAAI,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACzD,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAChB,0CAA0C;QAC1C,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACvB,CAAC;SAAM,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACxD,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAChB,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACvB,CAAC;SAAM,CAAC;QACN,EAAE,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CACnB,OAAe,EACf,UAAkB,EAClB,EAA6B;IAE7B,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAEpE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEtD,qCAAqC;QACrC,IAAI,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CACb,6BAA6B,YAAY,2BAA2B,CACrE,CAAC;QACJ,CAAC;QAED,qCAAqC;QACrC,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,4BAA4B,YAAY,GAAG,CAAC,CAAC;QAC/D,CAAC;QAED,6EAA6E;QAC7E,MAAM,WAAW,GAAG,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,WAAW,CAAC,cAAc,EAAE,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,sBAAsB,YAAY,gDAAgD,CACnF,CAAC;QACJ,CAAC;QAED,uCAAuC;QACvC,4EAA4E;QAC5E,MAAM,aAAa,GAAG,WAAW,CAAC,WAAW,EAAE;YAC7C,CAAC,CAAC,YAAY,GAAG,GAAG;YACpB,CAAC,CAAC,YAAY,CAAC;QAEjB,IAAI,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YAC9B,SAAS;QACX,CAAC;QAED,IAAI,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC;YAC9B,4BAA4B;YAC5B,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;YACrD,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;QAC1B,CAAC;aAAM,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3B,CAAC;QACD,sEAAsE;IACxE,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAC1B,GAAW,EACX,KAAe;IAEf,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC7C,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,sDAAsD;QACtD,MAAM,MAAM,GAAG,MAAM,CACnB;YACE,IAAI,EAAE,IAAI;YACV,GAAG;YACH,QAAQ,EAAE,IAAI,EAAE,gCAAgC;SACjD,EACD,KAAK,CACiB,CAAC;QAEzB,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAClC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACpB,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAChC,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/lib/upgrade-check.d.ts

@@ -0,0 +1 @@
+export declare function checkForUpgrade(configDir?: string): Promise<void>;

package/dist/lib/upgrade-check.js

@@ -0,0 +1,52 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import chalk from 'chalk';
+import { getConfigDir } from './config.js';
+import { VERSION } from '../version.js';
+export async function checkForUpgrade(configDir) {
+    try {
+        if (process.env.TANK_NO_UPDATE_CHECK || process.env.CI) {
+            return;
+        }
+        const cacheDir = getConfigDir(configDir);
+        const cachePath = path.join(cacheDir, 'upgrade_check.json');
+        let cache = null;
+        try {
+            const raw = fs.readFileSync(cachePath, 'utf-8');
+            cache = JSON.parse(raw);
+        }
+        catch {
+            // File doesn't exist or invalid JSON — treat as stale
+        }
+        const isFresh = cache !== null && (Date.now() - cache.lastCheck) < 24 * 60 * 60 * 1000;
+        if (isFresh && cache !== null) {
+            if (cache.latestVersion !== VERSION) {
+                console.error(`\n  ${chalk.cyan('ℹ')} New version available: ${chalk.gray(VERSION)} → ${chalk.green(cache.latestVersion)}`);
+                console.error(`  Run ${chalk.cyan('`tank upgrade`')} to update.\n`);
+            }
+            return;
+        }
+        const res = await fetch('https://api.github.com/repos/tankpkg/tank/releases/latest', {
+            headers: { 'User-Agent': `tank-cli/${VERSION}` },
+            signal: AbortSignal.timeout(3000),
+        });
+        if (!res.ok) {
+            return;
+        }
+        const data = (await res.json());
+        const latestVersion = data.tag_name.replace(/^v/, '');
+        if (!fs.existsSync(cacheDir)) {
+            fs.mkdirSync(cacheDir, { recursive: true });
+        }
+        const newCache = { lastCheck: Date.now(), latestVersion };
+        fs.writeFileSync(cachePath, JSON.stringify(newCache, null, 2) + '\n');
+        if (latestVersion !== VERSION) {
+            console.error(`\n  ${chalk.cyan('ℹ')} New version available: ${chalk.gray(VERSION)} → ${chalk.green(latestVersion)}`);
+            console.error(`  Run ${chalk.cyan('`tank upgrade`')} to update.\n`);
+        }
+    }
+    catch {
+        // Silently swallow ALL errors — background check must never cause CLI to fail
+    }
+}
+//# sourceMappingURL=upgrade-check.js.map

package/dist/lib/upgrade-check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upgrade-check.js","sourceRoot":"","sources":["../../src/lib/upgrade-check.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAOxC,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,SAAkB;IACtD,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACvD,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QACzC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,oBAAoB,CAAC,CAAC;QAE5D,IAAI,KAAK,GAAwB,IAAI,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAChD,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,sDAAsD;QACxD,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,KAAK,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAEvF,IAAI,OAAO,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAC9B,IAAI,KAAK,CAAC,aAAa,KAAK,OAAO,EAAE,CAAC;gBACpC,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,2BAA2B,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;gBAC5H,OAAO,CAAC,KAAK,CAAC,SAAS,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;YACtE,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,2DAA2D,EAAE;YACnF,OAAO,EAAE,EAAE,YAAY,EAAE,YAAY,OAAO,EAAE,EAAE;YAChD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAyB,CAAC;QACxD,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAEtD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;QACD,MAAM,QAAQ,GAAiB,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,CAAC;QACxE,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAEtE,IAAI,aAAa,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,2BAA2B,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;YACtH,OAAO,CAAC,KAAK,CAAC,SAAS,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,8EAA8E;IAChF,CAAC;AACH,CAAC"}

package/dist/version.d.ts

@@ -0,0 +1,2 @@
+export declare const VERSION: string;
+export declare const USER_AGENT: string;

package/dist/version.js

@@ -0,0 +1,4 @@
+import pkg from '../package.json' with { type: 'json' };
+export const VERSION = pkg.version ?? '0.0.0';
+export const USER_AGENT = `tank-cli/${VERSION}`;
+//# sourceMappingURL=version.js.map

package/dist/version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,iBAAiB,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAC;AAExD,MAAM,CAAC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC;AAC9C,MAAM,CAAC,MAAM,UAAU,GAAG,YAAY,OAAO,EAAE,CAAC"}

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@tankpkg/cli",
+  "version": "0.4.2",
+  "description": "Security-first package manager for AI agent skills",
+  "type": "module",
+  "bin": {
+    "tank": "dist/bin/tank.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "devDependencies": {
+    "@types/node": "^22.19.11",
+    "@types/tar": "^6.1.13",
+    "esbuild": "^0.25.9",
+    "vitest": "^3"
+  },
+  "dependencies": {
+    "@inquirer/prompts": "^8.2.0",
+    "chalk": "^5.6.2",
+    "commander": "^14.0.3",
+    "ignore": "^7.0.5",
+    "open": "^11.0.0",
+    "ora": "^9.3.0",
+    "pino": "^10.3.1",
+    "pino-loki": "^3.0.0",
+    "tar": "^7.5.8",
+    "@tank/shared": "0.1.0"
+  },
+  "scripts": {
+    "build": "node -e \"require('node:fs').rmSync('dist', { recursive: true, force: true })\" && tsc",
+    "build:bundle": "esbuild dist/bin/tank.js --bundle --platform=node --format=esm --outfile=build/tank-bundle.mjs --external:fsevents",
+    "build:sea": "bash scripts/build-binary.sh",
+    "build:binary": "pnpm run build && pnpm run build:bundle && pnpm run build:sea",
+    "test": "vitest run"
+  }
+}