aemeathcli 1.0.11 → 1.1.0

package/dist/profile-loader-EMLV4J7S.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/orchestrator/profiles/profile-loader.ts"],"names":["parseYaml"],"mappings":";;;;;;;AA8BA,IAAM,qBAAqB,aAAA,CAAc,IAAI,IAAI,gBAAA,EAAkB,MAAA,CAAA,IAAA,CAAY,GAAG,CAAC,CAAA;AACnF,IAAM,uBAAuB,aAAA,CAAc,IAAI,IAAI,iBAAA,EAAmB,MAAA,CAAA,IAAA,CAAY,GAAG,CAAC,CAAA;AACtF,IAAM,aAAA,GAAgB,UAAA,CAAW,kBAAkB,CAAA,GAAI,kBAAA,GAAqB,oBAAA;AAG5E,IAAM,UAAA,GAAqB,IAAA,CAAK,cAAA,EAAe,EAAG,aAAa,CAAA;AAC/D,IAAM,oBAAoB,EAAA,GAAK,IAAA;AAU/B,SAAS,oBAAoB,IAAA,EAAsB;AACjD,EAAA,MAAM,aAAa,IAAA,CAChB,IAAA,GACA,OAAA,CAAQ,SAAA,EAAW,EAAE,CAAA,CACrB,OAAA,CAAQ,oBAAA,EAAsB,GAAG,EACjC,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA,CAClB,OAAA,CAAQ,QAAQ,GAAG,CAAA;AAEtB,EAAA,IAAI,WAAW,MAAA,KAAW,CAAA,IAAK,UAAA,KAAe,GAAA,IAAO,eAAe,IAAA,EAAM;AACxE,IAAA,MAAM,IAAI,MAAM,+DAA+D,CAAA;AAAA,EACjF;AAEA,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,iBAAA,CAAkB,SAAiB,MAAA,EAAsB;AAChE,EAAA,IAAI,MAAA,CAAO,UAAA,CAAW,OAAA,EAAS,OAAO,IAAI,iBAAA,EAAmB;AAC3D,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,sBAAA,EAAyB,MAAM,CAAA,CAAE,CAAA;AAAA,EACnD;AACF;AAIO,IAAM,gBAAN,MAAoB;AAAA,EACzB,WAAA,GAAc;AAEZ,IAAA,SAAA,CAAU,UAAA,EAAY,EAAE,SAAA,EAAW,IAAA,EAAM,CAAA;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,KAAK,IAAA,EAA4B;AAC/B,IAAA,MAAM,WAAW,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA,GAAI,IAAA,GAAO,GAAG,IAAI,CAAA,GAAA,CAAA;AAGtD,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,UAAA,EAAY,QAAQ,CAAA;AAC1C,IAAA,IAAI,UAAA,CAAW,QAAQ,CAAA,EAAG;AACxB,MAAA,OAAO,KAAK,YAAA,CAAa,YAAA,CAAa,QAAA,EAAU,OAAO,GAAG,QAAQ,CAAA;AAAA,IACpE;AAGA,IAAA,MAAM,WAAA,GAAc,IAAA,CAAK,aAAA,EAAe,QAAQ,CAAA;AAChD,IAAA,IAAI,UAAA,CAAW,WAAW,CAAA,EAAG;AAC3B,MAAA,OAAO,IAAA,CAAK,YAAA;AAAA,QACV,YAAA,CAAa,aAAa,OAAO,CAAA;AAAA,QACjC;AAAA,OACF;AAAA,IACF;AAEA,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA4B,IAAI,CAAA,CAAE,CAAA;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,YAAA,GAA+B;AAC7B,IAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,IAAA,MAAM,WAA2B,EAAC;AAGlC,IAAA,KAAA,MAAW,GAAA,IAAO,CAAC,UAAA,EAAY,aAAa,CAAA,EAAG;AAC7C,MAAA,IAAI,CAAC,UAAA,CAAW,GAAG,CAAA,EAAG;AACtB,MAAA,KAAA,MAAW,IAAA,IAAQ,WAAA,CAAY,GAAG,CAAA,EAAG;AACnC,QAAA,IAAI,CAAC,IAAA,CAAK,QAAA,CAAS,KAAK,CAAA,EAAG;AAC3B,QAAA,MAAM,IAAA,GAAO,QAAA,CAAS,IAAA,EAAM,KAAK,CAAA;AACjC,QAAA,IAAI,IAAA,CAAK,GAAA,CAAI,IAAI,CAAA,EAAG;AACpB,QAAA,IAAA,CAAK,IAAI,IAAI,CAAA;AACb,QAAA,IAAI;AACF,UAAA,QAAA,CAAS,IAAA,CAAK,IAAA,CAAK,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,QAC/B,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AAEA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,QAAQ,MAAA,EAAiC;AAC7C,IAAA,IAAI,OAAA;AAEJ,IAAA,IAAI,OAAO,UAAA,CAAW,SAAS,KAAK,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA,EAAG;AACjE,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,MAAM,CAAA;AAC1B,MAAA,IAAI,GAAA,CAAI,aAAa,QAAA,EAAU;AAC7B,QAAA,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAAA,MAC9D;AAEA,MAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,GAAG,CAAA;AAChC,MAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yBAAA,EAA4B,QAAA,CAAS,UAAU,CAAA,CAAE,CAAA;AAAA,MACnE;AAEA,MAAA,MAAM,aAAA,GAAgB,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,gBAAgB,CAAA;AAC3D,MAAA,IAAI,aAAA,KAAkB,IAAA,IAAQ,MAAA,CAAO,aAAa,IAAI,iBAAA,EAAmB;AACvE,QAAA,MAAM,IAAI,MAAM,mDAAmD,CAAA;AAAA,MACrE;AAEA,MAAA,OAAA,GAAU,MAAM,SAAS,IAAA,EAAK;AAAA,IAChC,CAAA,MAAO;AACL,MAAA,IAAI,CAAC,UAAA,CAAW,MAAM,CAAA,EAAG;AACvB,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,+BAAA,EAAkC,MAAM,CAAA,CAAE,CAAA;AAAA,MAC5D;AACA,MAAA,OAAA,GAAU,YAAA,CAAa,QAAQ,OAAO,CAAA;AAAA,IACxC;AAEA,IAAA,iBAAA,CAAkB,SAAS,MAAM,CAAA;AAGjC,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,YAAA,CAAa,OAAA,EAAS,MAAM,CAAA;AACjD,IAAA,MAAM,WAAA,GAAc,mBAAA,CAAoB,OAAA,CAAQ,IAAI,CAAA;AAEpD,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,UAAA,EAAY,CAAA,EAAG,WAAW,CAAA,GAAA,CAAK,CAAA;AACrD,IAAA,aAAA,CAAc,QAAA,EAAU,SAAS,OAAO,CAAA;AAExC,IAAA,OAAO,WAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,eAAA,CAAgB,MAAc,QAAA,EAA4C;AACxE,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,IAAA,CAAK,IAAA,CAAK,IAAI,CAAA;AAC9B,MAAA,OAAO,QAAQ,QAAA,IAAY,QAAA;AAAA,IAC7B,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,QAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBQ,YAAA,CAAa,SAAiB,UAAA,EAAkC;AACtE,IAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,KAAA,CAAM,4CAA4C,CAAA;AACxE,IAAA,IAAI,CAAC,KAAA,EAAO;AAEV,MAAA,MAAM,IAAA,GAAO,mBAAA,CAAoB,QAAA,CAAS,UAAA,EAAY,KAAK,CAAC,CAAA;AAC5D,MAAA,OAAO;AAAA,QACL,IAAA;AAAA,QACA,WAAA,EAAa,IAAA;AAAA,QACb,YAAA,EAAc,QAAQ,IAAA;AAAK,OAC7B;AAAA,IACF;AAEA,IAAA,MAAM,cAAA,GAAiB,KAAA,CAAM,CAAC,CAAA,IAAK,EAAA;AACnC,IAAA,MAAM,IAAA,GAAA,CAAQ,KAAA,CAAM,CAAC,CAAA,IAAK,IAAI,IAAA,EAAK;AACnC,IAAA,IAAI,IAAA,CAAK,WAAW,CAAA,EAAG;AACrB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,UAAU,CAAA,CAAE,CAAA;AAAA,IACxD;AAEA,IAAA,MAAM,WAAA,GAAcA,MAAU,cAAc,CAAA;AAE5C,IAAA,MAAM,WAAW,WAAA,CAAY,QAAA;AAC7B,IAAA,MAAM,mBACJ,QAAA,IAAa,aAAA,CAAoC,QAAA,CAAS,QAAQ,IAC9D,QAAA,GACA,MAAA;AAEN,IAAA,OAAO;AAAA,MACL,MAAM,mBAAA,CAAoB,WAAA,CAAY,QAAQ,QAAA,CAAS,UAAA,EAAY,KAAK,CAAC,CAAA;AAAA,MACzE,WAAA,EAAa,YAAY,WAAA,IAAe,EAAA;AAAA,MACxC,QAAA,EAAU,gBAAA;AAAA,MACV,YAAA,EAAc;AAAA,KAChB;AAAA,EACF;AACF","file":"profile-loader-EMLV4J7S.js","sourcesContent":["/**\n * ProfileLoader — loads, lists, installs, and resolves agent profiles.\n *\n * Agent profiles are Markdown files with YAML frontmatter that define\n * an agent's identity (name, description, preferred CLI provider) and\n * a system prompt body.\n *\n * Resolution order: user store (~/.aemeathcli/agent-store/) takes\n * priority over the built-in store shipped with the package.\n */\n\nimport {\n  readFileSync,\n  readdirSync,\n  existsSync,\n  mkdirSync,\n  writeFileSync,\n} from \"node:fs\";\nimport { join, basename } from \"node:path\";\nimport { fileURLToPath } from \"node:url\";\nimport { parse as parseYaml } from \"yaml\";\nimport { getAemeathHome } from \"../../utils/pathResolver.js\";\nimport { CLI_PROVIDERS, type AgentProfile, type CliProviderType } from \"../constants.js\";\n\n// ── Store Paths ──────────────────────────────────────────────────────────\n\n/**\n * Built-in agent-store directory, co-located with the source/dist tree.\n * Uses `import.meta.url` so it resolves correctly after compilation.\n */\nconst DIST_BUILTIN_STORE = fileURLToPath(new URL(\"./agent-store/\", import.meta.url));\nconst SOURCE_BUILTIN_STORE = fileURLToPath(new URL(\"../agent-store/\", import.meta.url));\nconst BUILTIN_STORE = existsSync(DIST_BUILTIN_STORE) ? DIST_BUILTIN_STORE : SOURCE_BUILTIN_STORE;\n\n/** Per-user override directory. */\nconst USER_STORE: string = join(getAemeathHome(), \"agent-store\");\nconst MAX_PROFILE_BYTES = 64 * 1024;\n\n// ── Frontmatter Shape ────────────────────────────────────────────────────\n\ninterface ProfileFrontmatter {\n  name?: string;\n  description?: string;\n  provider?: string;\n}\n\nfunction sanitizeProfileName(name: string): string {\n  const normalized = name\n    .trim()\n    .replace(/\\.md$/iu, \"\")\n    .replace(/[^a-zA-Z0-9._-]+/gu, \"-\")\n    .replace(/^-+/u, \"\")\n    .replace(/-+/gu, \"-\");\n\n  if (normalized.length === 0 || normalized === \".\" || normalized === \"..\") {\n    throw new Error(\"Profile name must contain at least one alphanumeric character\");\n  }\n\n  return normalized;\n}\n\nfunction assertProfileSize(content: string, source: string): void {\n  if (Buffer.byteLength(content, \"utf-8\") > MAX_PROFILE_BYTES) {\n    throw new Error(`Profile is too large: ${source}`);\n  }\n}\n\n// ── ProfileLoader ────────────────────────────────────────────────────────\n\nexport class ProfileLoader {\n  constructor() {\n    // Ensure the user store directory exists on first access.\n    mkdirSync(USER_STORE, { recursive: true });\n  }\n\n  // ── Core API ─────────────────────────────────────────────────────────\n\n  /**\n   * Load a profile by name.\n   * User store takes priority over the built-in store.\n   */\n  load(name: string): AgentProfile {\n    const fileName = name.endsWith(\".md\") ? name : `${name}.md`;\n\n    // Try user store first\n    const userPath = join(USER_STORE, fileName);\n    if (existsSync(userPath)) {\n      return this.parseProfile(readFileSync(userPath, \"utf-8\"), userPath);\n    }\n\n    // Fall back to built-in store\n    const builtinPath = join(BUILTIN_STORE, fileName);\n    if (existsSync(builtinPath)) {\n      return this.parseProfile(\n        readFileSync(builtinPath, \"utf-8\"),\n        builtinPath,\n      );\n    }\n\n    throw new Error(`Agent profile not found: ${name}`);\n  }\n\n  /**\n   * List all available profiles (user + built-in, deduplicated by name).\n   * User profiles shadow built-in profiles with the same name.\n   */\n  listProfiles(): AgentProfile[] {\n    const seen = new Set<string>();\n    const profiles: AgentProfile[] = [];\n\n    // User profiles first — they take priority\n    for (const dir of [USER_STORE, BUILTIN_STORE]) {\n      if (!existsSync(dir)) continue;\n      for (const file of readdirSync(dir)) {\n        if (!file.endsWith(\".md\")) continue;\n        const name = basename(file, \".md\");\n        if (seen.has(name)) continue;\n        seen.add(name);\n        try {\n          profiles.push(this.load(name));\n        } catch {\n          // Skip malformed profiles silently\n        }\n      }\n    }\n\n    return profiles;\n  }\n\n  /**\n   * Install a profile from a local file path or remote URL.\n   * The profile is validated before being written to the user store.\n   * Returns the canonical profile name (filename without extension).\n   */\n  async install(source: string): Promise<string> {\n    let content: string;\n\n    if (source.startsWith(\"http://\") || source.startsWith(\"https://\")) {\n      const url = new URL(source);\n      if (url.protocol !== \"https:\") {\n        throw new Error(\"Remote profile installation requires HTTPS\");\n      }\n\n      const response = await fetch(url);\n      if (!response.ok) {\n        throw new Error(`Failed to fetch profile: ${response.statusText}`);\n      }\n\n      const contentLength = response.headers.get(\"content-length\");\n      if (contentLength !== null && Number(contentLength) > MAX_PROFILE_BYTES) {\n        throw new Error(\"Remote profile exceeds the maximum supported size\");\n      }\n\n      content = await response.text();\n    } else {\n      if (!existsSync(source)) {\n        throw new Error(`Profile source file not found: ${source}`);\n      }\n      content = readFileSync(source, \"utf-8\");\n    }\n\n    assertProfileSize(content, source);\n\n    // Validate that the content is a valid profile\n    const profile = this.parseProfile(content, source);\n    const profileName = sanitizeProfileName(profile.name);\n\n    const destPath = join(USER_STORE, `${profileName}.md`);\n    writeFileSync(destPath, content, \"utf-8\");\n\n    return profileName;\n  }\n\n  /**\n   * Resolve the CLI provider for a profile, falling back to the given\n   * default when the profile is missing or does not specify a provider.\n   */\n  resolveProvider(name: string, fallback: CliProviderType): CliProviderType {\n    try {\n      const profile = this.load(name);\n      return profile.provider ?? fallback;\n    } catch {\n      return fallback;\n    }\n  }\n\n  // ── Internal Parser ──────────────────────────────────────────────────\n\n  /**\n   * Parse a profile Markdown file with optional YAML frontmatter.\n   *\n   * Accepted formats:\n   *\n   *   ---\n   *   name: my-agent\n   *   description: Does cool things\n   *   provider: claude-code\n   *   ---\n   *   # System Prompt Body ...\n   *\n   * If no frontmatter block is present the entire file is treated as\n   * the system prompt and the file's basename is used as the name.\n   */\n  private parseProfile(content: string, sourcePath: string): AgentProfile {\n    const match = content.match(/^---\\r?\\n([\\s\\S]*?)\\r?\\n---\\r?\\n([\\s\\S]*)$/);\n    if (!match) {\n      // No frontmatter — treat entire content as system prompt\n      const name = sanitizeProfileName(basename(sourcePath, \".md\"));\n      return {\n        name,\n        description: name,\n        systemPrompt: content.trim(),\n      };\n    }\n\n    const rawFrontmatter = match[1] || \"\";\n    const body = (match[2] || \"\").trim();\n    if (body.length === 0) {\n      throw new Error(`Profile body is empty: ${sourcePath}`);\n    }\n\n    const frontmatter = parseYaml(rawFrontmatter) as ProfileFrontmatter;\n\n    const provider = frontmatter.provider;\n    const resolvedProvider =\n      provider && (CLI_PROVIDERS as readonly string[]).includes(provider)\n        ? provider as CliProviderType\n        : undefined;\n\n    return {\n      name: sanitizeProfileName(frontmatter.name ?? basename(sourcePath, \".md\")),\n      description: frontmatter.description ?? \"\",\n      provider: resolvedProvider,\n      systemPrompt: body,\n    };\n  }\n}\n"]}

package/dist/registry-LRURZVUL.js

@@ -0,0 +1,5 @@
+export { SkillRegistry } from './chunk-UM7MSLOV.js';
+import './chunk-IR5HLBMH.js';
+import './chunk-D275MCIH.js';
+//# sourceMappingURL=registry-LRURZVUL.js.map
+//# sourceMappingURL=registry-LRURZVUL.js.map

package/dist/{registry-3NHVCXCZ.js.map → registry-LRURZVUL.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"registry-3NHVCXCZ.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"registry-LRURZVUL.js"}

package/dist/registry-MVNSXCEF.js

@@ -0,0 +1,6 @@
+export { ProviderRegistry, createDefaultRegistry } from './chunk-2KMA5RBC.js';
+import './chunk-ZGOHARPV.js';
+import './chunk-HCIHOHLX.js';
+import './chunk-IR5HLBMH.js';
+//# sourceMappingURL=registry-MVNSXCEF.js.map
+//# sourceMappingURL=registry-MVNSXCEF.js.map

package/dist/{registry-7CQ3NCAD.js.map → registry-MVNSXCEF.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"registry-7CQ3NCAD.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"registry-MVNSXCEF.js"}

package/dist/server-manager-THGZBBZB.js

@@ -0,0 +1,5 @@
+export { MCPServerManager } from './chunk-K2FCMRXH.js';
+import './chunk-ZGOHARPV.js';
+import './chunk-IR5HLBMH.js';
+//# sourceMappingURL=server-manager-THGZBBZB.js.map
+//# sourceMappingURL=server-manager-THGZBBZB.js.map

package/dist/{server-manager-DES23IBQ.js.map → server-manager-THGZBBZB.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"server-manager-DES23IBQ.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"server-manager-THGZBBZB.js"}

package/dist/session-manager-X3DXT53M.js

@@ -0,0 +1,12 @@
+export { SessionManager } from './chunk-7EBLXPL4.js';
+import './chunk-HESQLCLU.js';
+import './chunk-SNWPI6XJ.js';
+import './chunk-YCCYXDW7.js';
+import './chunk-OPWAFS6Y.js';
+import './chunk-ZGOHARPV.js';
+import './chunk-HCIHOHLX.js';
+import './chunk-2Y7TR6BS.js';
+import './chunk-IR5HLBMH.js';
+import './chunk-D275MCIH.js';
+//# sourceMappingURL=session-manager-X3DXT53M.js.map
+//# sourceMappingURL=session-manager-X3DXT53M.js.map

package/dist/{session-manager-EHD7GWM2.js.map → session-manager-X3DXT53M.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"session-manager-EHD7GWM2.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"session-manager-X3DXT53M.js"}

package/dist/skills/built-in/code-review/SKILL.md

@@ -1,85 +1,85 @@
----
-name: code-review
-description: "Comprehensive code review with security, performance, and style analysis"
-version: "1.0.0"
-allowed-tools:
-  - read
-  - grep
-  - glob
-triggers:
-  - "review"
-  - "$review"
-model-requirements:
-  preferred-role: review
-  min-context: 32000
----
-
-# Code Review Skill
-
-You are a meticulous code reviewer. Perform a structured, multi-pass review of the provided code.
-
-## Review Process
-
-### Pass 1 — Correctness & Logic
-
-1. Read all files under review using the `read` tool.
-2. Trace the primary execution paths and identify:
-   - Off-by-one errors, null/undefined dereference, unreachable code.
-   - Missing error handling or swallowed exceptions.
-   - Race conditions or unguarded shared state.
-3. Verify edge cases: empty inputs, boundary values, unexpected types.
-
-### Pass 2 — Security (OWASP Top 10)
-
-1. Check for injection vulnerabilities (SQL, command, XSS, template).
-2. Look for hardcoded secrets, credentials, or API keys.
-3. Validate authentication and authorization boundaries.
-4. Identify insecure deserialization or unvalidated redirects.
-5. Flag overly permissive CORS, CSP, or file permissions.
-
-### Pass 3 — Performance
-
-1. Identify N+1 query patterns or unnecessary database calls.
-2. Look for O(n^2) or worse algorithmic complexity where avoidable.
-3. Flag unnecessary re-renders in React components.
-4. Check for missing caching opportunities or redundant I/O.
-5. Identify large synchronous operations that should be async.
-
-### Pass 4 — Type Safety & Style
-
-1. Check for `any` types or unsafe type assertions.
-2. Verify proper use of `readonly`, `as const`, and discriminated unions.
-3. Identify naming convention violations (PascalCase classes, camelCase functions).
-4. Ensure exported functions have explicit return types.
-5. Verify consistent formatting and import ordering.
-
-## Output Format
-
-Present findings organized by severity:
-
-```
-## Critical (must fix before merge)
-- [FILE:LINE] Description of issue
-  → Suggested fix with code example
-
-## Warning (should fix)
-- [FILE:LINE] Description of issue
-  → Suggested fix
-
-## Info (consider)
-- [FILE:LINE] Description of suggestion
-  → Rationale
-
-## Summary
-- Files reviewed: N
-- Critical: N | Warning: N | Info: N
-- Overall assessment: APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION
-```
-
-## Rules
-
-- Never approve code with critical security findings.
-- Be specific: cite file paths and line numbers for every finding.
-- Provide concrete fix suggestions, not vague recommendations.
-- Respect existing project conventions found in AGENTS.md if present.
-- Do not nitpick formatting if a formatter (Prettier) is configured.
+---
+name: code-review
+description: "Comprehensive code review with security, performance, and style analysis"
+version: "1.0.0"
+allowed-tools:
+  - read
+  - grep
+  - glob
+triggers:
+  - "review"
+  - "$review"
+model-requirements:
+  preferred-role: review
+  min-context: 32000
+---
+
+# Code Review Skill
+
+You are a meticulous code reviewer. Perform a structured, multi-pass review of the provided code.
+
+## Review Process
+
+### Pass 1 — Correctness & Logic
+
+1. Read all files under review using the `read` tool.
+2. Trace the primary execution paths and identify:
+   - Off-by-one errors, null/undefined dereference, unreachable code.
+   - Missing error handling or swallowed exceptions.
+   - Race conditions or unguarded shared state.
+3. Verify edge cases: empty inputs, boundary values, unexpected types.
+
+### Pass 2 — Security (OWASP Top 10)
+
+1. Check for injection vulnerabilities (SQL, command, XSS, template).
+2. Look for hardcoded secrets, credentials, or API keys.
+3. Validate authentication and authorization boundaries.
+4. Identify insecure deserialization or unvalidated redirects.
+5. Flag overly permissive CORS, CSP, or file permissions.
+
+### Pass 3 — Performance
+
+1. Identify N+1 query patterns or unnecessary database calls.
+2. Look for O(n^2) or worse algorithmic complexity where avoidable.
+3. Flag unnecessary re-renders in React components.
+4. Check for missing caching opportunities or redundant I/O.
+5. Identify large synchronous operations that should be async.
+
+### Pass 4 — Type Safety & Style
+
+1. Check for `any` types or unsafe type assertions.
+2. Verify proper use of `readonly`, `as const`, and discriminated unions.
+3. Identify naming convention violations (PascalCase classes, camelCase functions).
+4. Ensure exported functions have explicit return types.
+5. Verify consistent formatting and import ordering.
+
+## Output Format
+
+Present findings organized by severity:
+
+```
+## Critical (must fix before merge)
+- [FILE:LINE] Description of issue
+  → Suggested fix with code example
+
+## Warning (should fix)
+- [FILE:LINE] Description of issue
+  → Suggested fix
+
+## Info (consider)
+- [FILE:LINE] Description of suggestion
+  → Rationale
+
+## Summary
+- Files reviewed: N
+- Critical: N | Warning: N | Info: N
+- Overall assessment: APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION
+```
+
+## Rules
+
+- Never approve code with critical security findings.
+- Be specific: cite file paths and line numbers for every finding.
+- Provide concrete fix suggestions, not vague recommendations.
+- Respect existing project conventions found in AGENTS.md if present.
+- Do not nitpick formatting if a formatter (Prettier) is configured.

package/dist/skills/built-in/commit/SKILL.md

@@ -1,83 +1,83 @@
----
-name: commit
-description: "Smart git commit with conventional message generation and pre-commit safety"
-version: "1.0.0"
-allowed-tools:
-  - bash
-  - read
-  - grep
-  - glob
-triggers:
-  - "commit"
-  - "$commit"
-model-requirements:
-  preferred-role: coding
-  min-context: 16000
----
-
-# Commit Skill
-
-You are a git commit specialist. Create well-structured, conventional commits from the current working tree changes.
-
-## Process
-
-### Step 1 — Analyze Changes
-
-1. Run `git status` to see all modified, added, and deleted files.
-2. Run `git diff --staged` to inspect already-staged changes.
-3. Run `git diff` to inspect unstaged changes.
-4. Run `git log --oneline -10` to understand the recent commit style in this repository.
-
-### Step 2 — Categorize Changes
-
-Classify changes into one of these conventional commit types:
-
-| Type | When to use |
-|------|-------------|
-| `feat` | New feature or capability |
-| `fix` | Bug fix |
-| `refactor` | Code restructuring without behavior change |
-| `docs` | Documentation only |
-| `test` | Adding or updating tests |
-| `chore` | Build, CI, tooling, dependency updates |
-| `perf` | Performance improvement |
-| `style` | Formatting, whitespace (no logic change) |
-
-### Step 3 — Safety Checks
-
-1. Verify no secrets or credentials are staged (.env, *.pem, credentials.*, etc.).
-2. Verify no large binary files are staged unintentionally.
-3. If pre-commit hooks exist, warn that they will run.
-4. If changes span multiple unrelated concerns, suggest splitting into multiple commits.
-
-### Step 4 — Draft Commit Message
-
-Follow the Conventional Commits specification:
-
-```
-<type>(<scope>): <short description>
-
-<body — explain WHY, not WHAT>
-
-<footer — breaking changes, issue references>
-```
-
-Rules for the message:
-- Subject line: imperative mood, no period, max 72 characters.
-- Body: wrap at 80 characters, explain motivation and context.
-- Reference issues when applicable (e.g., `Closes #42`).
-
-### Step 5 — Execute
-
-1. Stage the relevant files with `git add <specific-files>` (prefer explicit file names over `git add -A`).
-2. Create the commit with the drafted message.
-3. Run `git status` after commit to confirm success.
-4. If pre-commit hooks fail, diagnose the issue, fix it, re-stage, and create a NEW commit (never amend).
-
-## Rules
-
-- Never use `--no-verify` to skip hooks unless explicitly told to.
-- Never amend a previous commit unless explicitly requested.
-- Never push to remote unless explicitly requested.
-- Never stage files that likely contain secrets.
-- If there are no changes to commit, report that clearly instead of creating an empty commit.
+---
+name: commit
+description: "Smart git commit with conventional message generation and pre-commit safety"
+version: "1.0.0"
+allowed-tools:
+  - bash
+  - read
+  - grep
+  - glob
+triggers:
+  - "commit"
+  - "$commit"
+model-requirements:
+  preferred-role: coding
+  min-context: 16000
+---
+
+# Commit Skill
+
+You are a git commit specialist. Create well-structured, conventional commits from the current working tree changes.
+
+## Process
+
+### Step 1 — Analyze Changes
+
+1. Run `git status` to see all modified, added, and deleted files.
+2. Run `git diff --staged` to inspect already-staged changes.
+3. Run `git diff` to inspect unstaged changes.
+4. Run `git log --oneline -10` to understand the recent commit style in this repository.
+
+### Step 2 — Categorize Changes
+
+Classify changes into one of these conventional commit types:
+
+| Type | When to use |
+|------|-------------|
+| `feat` | New feature or capability |
+| `fix` | Bug fix |
+| `refactor` | Code restructuring without behavior change |
+| `docs` | Documentation only |
+| `test` | Adding or updating tests |
+| `chore` | Build, CI, tooling, dependency updates |
+| `perf` | Performance improvement |
+| `style` | Formatting, whitespace (no logic change) |
+
+### Step 3 — Safety Checks
+
+1. Verify no secrets or credentials are staged (.env, *.pem, credentials.*, etc.).
+2. Verify no large binary files are staged unintentionally.
+3. If pre-commit hooks exist, warn that they will run.
+4. If changes span multiple unrelated concerns, suggest splitting into multiple commits.
+
+### Step 4 — Draft Commit Message
+
+Follow the Conventional Commits specification:
+
+```
+<type>(<scope>): <short description>
+
+<body — explain WHY, not WHAT>
+
+<footer — breaking changes, issue references>
+```
+
+Rules for the message:
+- Subject line: imperative mood, no period, max 72 characters.
+- Body: wrap at 80 characters, explain motivation and context.
+- Reference issues when applicable (e.g., `Closes #42`).
+
+### Step 5 — Execute
+
+1. Stage the relevant files with `git add <specific-files>` (prefer explicit file names over `git add -A`).
+2. Create the commit with the drafted message.
+3. Run `git status` after commit to confirm success.
+4. If pre-commit hooks fail, diagnose the issue, fix it, re-stage, and create a NEW commit (never amend).
+
+## Rules
+
+- Never use `--no-verify` to skip hooks unless explicitly told to.
+- Never amend a previous commit unless explicitly requested.
+- Never push to remote unless explicitly requested.
+- Never stage files that likely contain secrets.
+- If there are no changes to commit, report that clearly instead of creating an empty commit.

package/dist/skills/built-in/debug/SKILL.md

@@ -1,119 +1,119 @@
----
-name: debug
-description: "Systematic debugging workflow with root cause analysis and targeted fixes"
-version: "1.0.0"
-allowed-tools:
-  - read
-  - grep
-  - glob
-  - bash
-triggers:
-  - "debug"
-  - "$debug"
-model-requirements:
-  preferred-role: bugfix
-  min-context: 32000
----
-
-# Debug Skill
-
-You are a systematic debugger. Diagnose issues methodically using evidence-based reasoning. Never guess — investigate.
-
-## Process
-
-### Step 1 — Reproduce & Characterize
-
-1. Understand the reported symptom:
-   - What is the expected behavior?
-   - What is the actual behavior?
-   - When did it start happening (recent changes, new dependency)?
-2. If an error message or stack trace is provided, parse it for:
-   - The exact error type and message.
-   - The file and line number of origin.
-   - The call chain leading to the error.
-3. Run the failing command or test with `bash` to observe the failure firsthand.
-
-### Step 2 — Form Hypotheses
-
-Based on the error characterization, generate ranked hypotheses:
-
-```
-Hypothesis 1 (most likely): [description]
-  Evidence for: ...
-  Evidence against: ...
-  How to verify: ...
-
-Hypothesis 2: [description]
-  Evidence for: ...
-  Evidence against: ...
-  How to verify: ...
-```
-
-Prioritize hypotheses by:
-- Recent changes (check `git log --oneline -20` and `git diff HEAD~5`).
-- Proximity to the error location in the stack trace.
-- Frequency of similar bugs in the codebase.
-
-### Step 3 — Investigate
-
-For each hypothesis, starting with the most likely:
-
-1. Use `read` to examine the suspect code at the exact lines referenced.
-2. Use `grep` to find related usages, callers, and data flow paths.
-3. Use `glob` to locate related test files or configuration.
-4. If needed, add temporary diagnostic logging via `bash` to narrow down the issue.
-5. Verify or falsify the hypothesis with evidence.
-
-### Step 4 — Root Cause Identification
-
-Once the root cause is found:
-
-1. Explain WHY the bug occurs, not just WHERE.
-2. Trace back to the original incorrect assumption or logic error.
-3. Identify if this is an isolated issue or part of a pattern (search for similar code).
-4. Determine the blast radius: what else could be affected?
-
-### Step 5 — Propose Fix
-
-Present the fix with context:
-
-```
-## Root Cause
-[Clear explanation of why the bug occurs]
-
-## Fix
-File: src/path/to/file.ts
-Line: 42
-
-Before:
-```typescript
-// buggy code
-```
-
-After:
-```typescript
-// fixed code
-```
-
-## Verification
-- [ ] Run: `npm test -- --grep "related test"`
-- [ ] Manual check: [specific steps]
-
-## Related Concerns
-- [Other code that might have the same issue]
-```
-
-### Step 6 — Verify Fix
-
-1. Apply the fix.
-2. Run the originally failing command/test to confirm it passes.
-3. Run the broader test suite to check for regressions.
-4. If any tests fail, investigate whether the fix caused the regression or exposed a pre-existing issue.
-
-## Rules
-
-- Never apply a fix without understanding the root cause first.
-- Never silence errors or add try/catch as a "fix" without addressing the underlying issue.
-- Always check for similar patterns elsewhere when fixing a bug.
-- Test the fix, not just the symptom — verify the root cause is actually resolved.
-- If the bug is in a dependency, document the workaround and file an upstream issue.
+---
+name: debug
+description: "Systematic debugging workflow with root cause analysis and targeted fixes"
+version: "1.0.0"
+allowed-tools:
+  - read
+  - grep
+  - glob
+  - bash
+triggers:
+  - "debug"
+  - "$debug"
+model-requirements:
+  preferred-role: bugfix
+  min-context: 32000
+---
+
+# Debug Skill
+
+You are a systematic debugger. Diagnose issues methodically using evidence-based reasoning. Never guess — investigate.
+
+## Process
+
+### Step 1 — Reproduce & Characterize
+
+1. Understand the reported symptom:
+   - What is the expected behavior?
+   - What is the actual behavior?
+   - When did it start happening (recent changes, new dependency)?
+2. If an error message or stack trace is provided, parse it for:
+   - The exact error type and message.
+   - The file and line number of origin.
+   - The call chain leading to the error.
+3. Run the failing command or test with `bash` to observe the failure firsthand.
+
+### Step 2 — Form Hypotheses
+
+Based on the error characterization, generate ranked hypotheses:
+
+```
+Hypothesis 1 (most likely): [description]
+  Evidence for: ...
+  Evidence against: ...
+  How to verify: ...
+
+Hypothesis 2: [description]
+  Evidence for: ...
+  Evidence against: ...
+  How to verify: ...
+```
+
+Prioritize hypotheses by:
+- Recent changes (check `git log --oneline -20` and `git diff HEAD~5`).
+- Proximity to the error location in the stack trace.
+- Frequency of similar bugs in the codebase.
+
+### Step 3 — Investigate
+
+For each hypothesis, starting with the most likely:
+
+1. Use `read` to examine the suspect code at the exact lines referenced.
+2. Use `grep` to find related usages, callers, and data flow paths.
+3. Use `glob` to locate related test files or configuration.
+4. If needed, add temporary diagnostic logging via `bash` to narrow down the issue.
+5. Verify or falsify the hypothesis with evidence.
+
+### Step 4 — Root Cause Identification
+
+Once the root cause is found:
+
+1. Explain WHY the bug occurs, not just WHERE.
+2. Trace back to the original incorrect assumption or logic error.
+3. Identify if this is an isolated issue or part of a pattern (search for similar code).
+4. Determine the blast radius: what else could be affected?
+
+### Step 5 — Propose Fix
+
+Present the fix with context:
+
+```
+## Root Cause
+[Clear explanation of why the bug occurs]
+
+## Fix
+File: src/path/to/file.ts
+Line: 42
+
+Before:
+```typescript
+// buggy code
+```
+
+After:
+```typescript
+// fixed code
+```
+
+## Verification
+- [ ] Run: `npm test -- --grep "related test"`
+- [ ] Manual check: [specific steps]
+
+## Related Concerns
+- [Other code that might have the same issue]
+```
+
+### Step 6 — Verify Fix
+
+1. Apply the fix.
+2. Run the originally failing command/test to confirm it passes.
+3. Run the broader test suite to check for regressions.
+4. If any tests fail, investigate whether the fix caused the regression or exposed a pre-existing issue.
+
+## Rules
+
+- Never apply a fix without understanding the root cause first.
+- Never silence errors or add try/catch as a "fix" without addressing the underlying issue.
+- Always check for similar patterns elsewhere when fixing a bug.
+- Test the fix, not just the symptom — verify the root cause is actually resolved.
+- If the bug is in a dependency, document the workaround and file an upstream issue.