@tankpkg/cli 0.8.1 → 0.9.1

package/dist/bin/tank.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { a as VERSION, c as getConfigDir, i as USER_AGENT, n as flushLogs, o as logger, s as getConfig, t as authFlowLog, u as setConfig } from "../debug-logger-BjGZcIhg.js";
+import { a as VERSION, c as getConfigDir, i as USER_AGENT, n as flushLogs, o as logger, s as getConfig, t as authFlowLog, u as setConfig } from "../debug-logger-nDgSC2MM.js";
 import { Command } from "commander";
 import chalk from "chalk";
 import fs from "node:fs";
@@ -1291,26 +1291,6 @@ function getResolvedNodesInOrder(nodes, installOrder) {
 //#endregion
 //#region src/lib/permission-checker.ts
 /**
-* Check if a skill's permissions fit within the project's permission budget.
-* Throws if any permission exceeds the budget.
-*/
-function checkPermissionBudget(budget, skillPerms, skillName) {
-	if (!skillPerms) return;
-	if (skillPerms.subprocess === true && budget.subprocess !== true) throw new Error(`Permission denied: ${skillName} requires subprocess access, but project budget does not allow it`);
-	if (skillPerms.network?.outbound && skillPerms.network.outbound.length > 0) {
-		const budgetDomains = budget.network?.outbound ?? [];
-		for (const domain of skillPerms.network.outbound) if (!isDomainAllowed$1(domain, budgetDomains)) throw new Error(`Permission denied: ${skillName} requests network access to "${domain}", which is not in the project's permission budget`);
-	}
-	if (skillPerms.filesystem?.read && skillPerms.filesystem.read.length > 0) {
-		const budgetPaths = budget.filesystem?.read ?? [];
-		for (const p of skillPerms.filesystem.read) if (!isPathAllowed$1(p, budgetPaths)) throw new Error(`Permission denied: ${skillName} requests filesystem read access to "${p}", which is not in the project's permission budget`);
-	}
-	if (skillPerms.filesystem?.write && skillPerms.filesystem.write.length > 0) {
-		const budgetPaths = budget.filesystem?.write ?? [];
-		for (const p of skillPerms.filesystem.write) if (!isPathAllowed$1(p, budgetPaths)) throw new Error(`Permission denied: ${skillName} requests filesystem write access to "${p}", which is not in the project's permission budget`);
-	}
-}
-/**
 * Check if a domain is allowed by the budget's domain list.
 * Supports wildcard matching: *.example.com matches sub.example.com
 */
@@ -1339,6 +1319,91 @@ function isPathAllowed$1(requestedPath, allowedPaths) {
 	}
 	return false;
 }
+/**
+* Collect all permission violations without throwing.
+* Mirrors checkPermissionBudget() logic but returns violations as an array.
+*/
+function collectPermissionViolations(budget, skillPerms, skillName) {
+	if (!skillPerms) return [];
+	const violations = [];
+	if (skillPerms.subprocess === true && budget.subprocess !== true) violations.push({
+		skillName,
+		type: "subprocess",
+		requested: "true"
+	});
+	if (skillPerms.network?.outbound && skillPerms.network.outbound.length > 0) {
+		const budgetDomains = budget.network?.outbound ?? [];
+		for (const domain of skillPerms.network.outbound) if (!isDomainAllowed$1(domain, budgetDomains)) violations.push({
+			skillName,
+			type: "network.outbound",
+			requested: domain
+		});
+	}
+	if (skillPerms.filesystem?.read && skillPerms.filesystem.read.length > 0) {
+		const budgetPaths = budget.filesystem?.read ?? [];
+		for (const p of skillPerms.filesystem.read) if (!isPathAllowed$1(p, budgetPaths)) violations.push({
+			skillName,
+			type: "filesystem.read",
+			requested: p
+		});
+	}
+	if (skillPerms.filesystem?.write && skillPerms.filesystem.write.length > 0) {
+		const budgetPaths = budget.filesystem?.write ?? [];
+		for (const p of skillPerms.filesystem.write) if (!isPathAllowed$1(p, budgetPaths)) violations.push({
+			skillName,
+			type: "filesystem.write",
+			requested: p
+		});
+	}
+	return violations;
+}
+//#endregion
+//#region src/lib/permission-prompt.ts
+async function promptForPermissionExpansion(violations, options) {
+	if (options.yes === true) return "accept";
+	if (options.isInteractive === false) return "decline";
+	logger.warn("The following permissions exceed your project budget:");
+	for (const v of violations) logger.warn(`  ${v.skillName}: ${v.type} → ${v.requested}`);
+	return await confirm({
+		message: "Would you like to add these permissions to tank.json?",
+		default: true
+	}) ? "accept" : "decline";
+}
+function mergePermissionsIntoBudget(currentBudget, violations) {
+	const result = {
+		...currentBudget,
+		network: currentBudget.network ? {
+			...currentBudget.network,
+			outbound: [...currentBudget.network.outbound ?? []]
+		} : void 0,
+		filesystem: currentBudget.filesystem ? {
+			...currentBudget.filesystem,
+			read: currentBudget.filesystem.read ? [...currentBudget.filesystem.read] : void 0,
+			write: currentBudget.filesystem.write ? [...currentBudget.filesystem.write] : void 0
+		} : void 0
+	};
+	for (const v of violations) switch (v.type) {
+		case "filesystem.read":
+			if (!result.filesystem) result.filesystem = {};
+			if (!result.filesystem.read) result.filesystem.read = [];
+			if (!result.filesystem.read.includes(v.requested)) result.filesystem.read.push(v.requested);
+			break;
+		case "filesystem.write":
+			if (!result.filesystem) result.filesystem = {};
+			if (!result.filesystem.write) result.filesystem.write = [];
+			if (!result.filesystem.write.includes(v.requested)) result.filesystem.write.push(v.requested);
+			break;
+		case "network.outbound":
+			if (!result.network) result.network = {};
+			if (!result.network.outbound) result.network.outbound = [];
+			if (!result.network.outbound.includes(v.requested)) result.network.outbound.push(v.requested);
+			break;
+		case "subprocess":
+			result.subprocess = true;
+			break;
+	}
+	return result;
+}
 //#endregion
 //#region src/commands/install.ts
 function createRegistryFetcher(registry, headers) {
@@ -1432,15 +1497,30 @@ function buildLockedVersionByName(lock) {
 function createExtractDirResolver(directory, global, resolvedHome) {
 	return (skillName) => global ? getGlobalExtractDir(resolvedHome, skillName) : getExtractDir$1(directory, skillName);
 }
-function validateResolvedNodes(resolvedNodes, projectPermissions, auditMinScore) {
+async function validateResolvedNodes(resolvedNodes, projectPermissions, auditMinScore, options) {
 	if (!projectPermissions) logger.warn(`No permission budget defined in ${MANIFEST_FILENAME}. Install proceeding without permission checks.`);
-	for (const node of resolvedNodes) {
-		if (projectPermissions) checkPermissionBudget(projectPermissions, node.meta.permissions, node.name);
-		if (auditMinScore !== void 0) {
-			if (node.meta.auditScore === null || node.meta.auditScore === void 0) logger.warn(`Audit score not yet available for ${node.name}. Install proceeding without audit score check.`);
-			else if (node.meta.auditScore < auditMinScore) throw new Error(`Audit score ${node.meta.auditScore} for ${node.name} is below minimum threshold ${auditMinScore} defined in ${MANIFEST_FILENAME}`);
+	if (projectPermissions) {
+		const allViolations = resolvedNodes.flatMap((node) => collectPermissionViolations(projectPermissions, node.meta.permissions, node.name));
+		if (allViolations.length > 0) {
+			const isInteractive = !process.env.CI && process.stdout.isTTY === true;
+			const decision = await promptForPermissionExpansion(allViolations, {
+				yes: options?.yes,
+				isInteractive
+			});
+			if (decision === "accept" && options?.skillsJsonPath && options?.skillsJson) {
+				const merged = mergePermissionsIntoBudget(projectPermissions, allViolations);
+				options.skillsJson.permissions = merged;
+				fs.writeFileSync(options.skillsJsonPath, `${JSON.stringify(options.skillsJson, null, 2)}\n`);
+			} else if (decision === "decline") {
+				const first = allViolations[0];
+				throw new Error(`Permission denied: ${first.skillName} requests ${first.type} access to "${first.requested}", which is not in the project's permission budget`);
+			}
 		}
 	}
+	for (const node of resolvedNodes) if (auditMinScore !== void 0) {
+		if (node.meta.auditScore === null || node.meta.auditScore === void 0) logger.warn(`Audit score not yet available for ${node.name}. Install proceeding without audit score check.`);
+		else if (node.meta.auditScore < auditMinScore) throw new Error(`Audit score ${node.meta.auditScore} for ${node.name} is below minimum threshold ${auditMinScore} defined in ${MANIFEST_FILENAME}`);
+	}
 }
 async function runLegacyFallback(options) {
 	const { rootSkillNames, resolvedNodeByName, extractDirForSkill, directory, configDir, global, homedir } = options;
@@ -1490,8 +1570,12 @@ function linkInstalledRoots(options) {
 	if (detectInstalledAgents(homedir).length === 0) logger.warn("No agents detected for linking");
 }
 async function executeInstallPipeline(options) {
-	const { directory, configDir, global, homedir, resolvedHome, lock, lockPath, resolvedNodes, nodesToInstall, rootSkillNames, projectPermissions, auditMinScore, spinner } = options;
-	if (!global) validateResolvedNodes(resolvedNodes, projectPermissions, auditMinScore);
+	const { directory, configDir, global, homedir, resolvedHome, lock, lockPath, resolvedNodes, nodesToInstall, rootSkillNames, projectPermissions, auditMinScore, spinner, yes, skillsJsonPath, skillsJson } = options;
+	if (!global) await validateResolvedNodes(resolvedNodes, projectPermissions, auditMinScore, {
+		yes,
+		skillsJsonPath,
+		skillsJson
+	});
 	const extractDirForSkill = createExtractDirResolver(directory, global, resolvedHome);
 	const resolvedNodeByName = new Map(resolvedNodes.map((node) => [node.name, node]));
 	const downloaded = await downloadAllParallel(nodesToInstall, spinner);
@@ -1529,7 +1613,7 @@ async function executeInstallPipeline(options) {
 	return updatedLock;
 }
 async function installCommand(options) {
-	const { name, versionRange = "*", directory = process.cwd(), configDir, global = false, homedir, isTransitive = false } = options;
+	const { name, versionRange = "*", directory = process.cwd(), configDir, global = false, homedir, isTransitive = false, yes } = options;
 	const config = getConfig(configDir);
 	const resolvedHome = homedir ?? os.homedir();
 	const requestHeaders = { "User-Agent": USER_AGENT };
@@ -1585,7 +1669,10 @@ async function installCommand(options) {
 			rootSkillNames: [name],
 			projectPermissions,
 			auditMinScore,
-			spinner
+			spinner,
+			yes,
+			skillsJsonPath,
+			skillsJson
 		});
 		if (!global && !isTransitive) {
 			const skills = skillsJson.skills ?? {};
@@ -1683,7 +1770,7 @@ async function installFromLockfile(options) {
 	}
 }
 async function installAll(options) {
-	const { directory = process.cwd(), configDir, global = false, homedir } = options;
+	const { directory = process.cwd(), configDir, global = false, homedir, yes } = options;
 	const resolvedHome = homedir ?? os.homedir();
 	const config = getConfig(configDir);
 	const requestHeaders = { "User-Agent": USER_AGENT };
@@ -1738,7 +1825,10 @@ async function installAll(options) {
 			rootSkillNames: skillEntries.map(([skillName]) => skillName),
 			projectPermissions,
 			auditMinScore,
-			spinner
+			spinner,
+			yes,
+			skillsJsonPath,
+			skillsJson
 		});
 		spinner.succeed(`Installed ${skillEntries.length} root skill${skillEntries.length === 1 ? "" : "s"}`);
 	} catch (err) {
@@ -3294,14 +3384,18 @@ program.command("publish").alias("pub").description("Pack and publish a skill to
 		process.exit(1);
 	}
 });
-program.command("install").alias("i").description("Install a skill from the Tank registry, or all skills from lockfile").argument("[name]", "Skill name (e.g., @org/skill-name). Omit to install from lockfile.").argument("[version-range]", "Semver range (default: *)", "*").option("-g, --global", "Install skill globally (available to all projects)").action(async (name, versionRange, opts) => {
+program.command("install").alias("i").description("Install a skill from the Tank registry, or all skills from lockfile").argument("[name]", "Skill name (e.g., @org/skill-name). Omit to install from lockfile.").argument("[version-range]", "Semver range (default: *)", "*").option("-g, --global", "Install skill globally (available to all projects)").option("-y, --yes", "Auto-accept permission budget expansion").action(async (name, versionRange, opts) => {
 	try {
 		if (name) await installCommand({
 			name,
 			versionRange,
-			global: opts.global
+			global: opts.global,
+			yes: opts.yes
+		});
+		else await installAll({
+			global: opts.global,
+			yes: opts.yes
 		});
-		else await installAll({ global: opts.global });
 	} catch (err) {
 		const msg = err instanceof Error ? err.message : String(err);
 		console.error(`Install failed: ${msg}`);
@@ -3386,7 +3480,26 @@ program.command("scan").description("Scan a local skill for security issues with
 		process.exit(1);
 	}
 });
-program.command("link").alias("ln").description("Link current skill directory to AI agent directories (for development)").action(async () => {
+program.command("link").alias("ln").description("Link current skill to all detected AI agents for local development").addHelpText("after", `
+Creates symlinks from each agent's skills directory to this skill source,
+so changes are reflected immediately without re-publishing.
+
+Must be run from a directory containing a valid tank.json.
+
+Supported agents:
+  Claude Code    ~/.claude/skills
+  OpenCode       ~/.config/opencode/skills
+  Cursor         ~/.cursor/skills
+  Codex          ~/.codex/skills
+  OpenClaw       ~/.openclaw/skills
+  Universal      ~/.agents/skills
+
+Examples:
+  $ cd my-skill && tank link     Link to all detected agents
+  $ tank doctor                  Verify link health
+  $ tank unlink                  Remove all symlinks
+
+See also: tank unlink, tank doctor`).action(async () => {
 	try {
 		await linkCommand();
 	} catch (err) {
@@ -3395,7 +3508,14 @@ program.command("link").alias("ln").description("Link current skill directory to
 		process.exit(1);
 	}
 });
-program.command("unlink").description("Remove skill symlinks from AI agent directories").action(async () => {
+program.command("unlink").description("Remove skill symlinks from all AI agent directories").addHelpText("after", `
+Removes the symlinks created by \`tank link\` from every detected agent.
+Must be run from the same skill directory that was originally linked.
+
+Examples:
+  $ cd my-skill && tank unlink   Remove links for this skill
+
+See also: tank link, tank doctor`).action(async () => {
 	try {
 		await unlinkCommand();
 	} catch (err) {