agentpacks 0.3.0 → 0.4.0

package/dist/node/sources/git-ref.js

@@ -1,32 +1,4 @@
 import { createRequire } from "node:module";
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __moduleCache = /* @__PURE__ */ new WeakMap;
-var __toCommonJS = (from) => {
-  var entry = __moduleCache.get(from), desc;
-  if (entry)
-    return entry;
-  entry = __defProp({}, "__esModule", { value: true });
-  if (from && typeof from === "object" || typeof from === "function")
-    __getOwnPropNames(from).map((key) => !__hasOwnProp.call(entry, key) && __defProp(entry, key, {
-      get: () => from[key],
-      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
-    }));
-  __moduleCache.set(from, entry);
-  return entry;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, {
-      get: all[name],
-      enumerable: true,
-      configurable: true,
-      set: (newValue) => all[name] = () => newValue
-    });
-};
-var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // src/sources/git-ref.ts
@@ -51,9 +23,14 @@ function parseGitSourceRef(source) {
   if (parts.length < 2) {
     throw new Error(`Invalid git source reference: "${source}". Expected owner/repo format.`);
   }
+  const owner = parts[0];
+  const repo = parts[1];
+  if (!owner || !repo) {
+    throw new Error(`Invalid git source reference: "${source}". Expected owner/repo format.`);
+  }
   return {
-    owner: parts[0],
-    repo: parts[1],
+    owner,
+    repo,
     ref,
     path: path || ""
   };

package/dist/node/sources/git.js

@@ -1,32 +1,4 @@
 import { createRequire } from "node:module";
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __moduleCache = /* @__PURE__ */ new WeakMap;
-var __toCommonJS = (from) => {
-  var entry = __moduleCache.get(from), desc;
-  if (entry)
-    return entry;
-  entry = __defProp({}, "__esModule", { value: true });
-  if (from && typeof from === "object" || typeof from === "function")
-    __getOwnPropNames(from).map((key) => !__hasOwnProp.call(entry, key) && __defProp(entry, key, {
-      get: () => from[key],
-      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
-    }));
-  __moduleCache.set(from, entry);
-  return entry;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, {
-      get: all[name],
-      enumerable: true,
-      configurable: true,
-      set: (newValue) => all[name] = () => newValue
-    });
-};
-var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // src/core/lockfile.ts
@@ -85,9 +57,14 @@ function parseGitSourceRef(source) {
   if (parts.length < 2) {
     throw new Error(`Invalid git source reference: "${source}". Expected owner/repo format.`);
   }
+  const owner = parts[0];
+  const repo = parts[1];
+  if (!owner || !repo) {
+    throw new Error(`Invalid git source reference: "${source}". Expected owner/repo format.`);
+  }
   return {
-    owner: parts[0],
-    repo: parts[1],
+    owner,
+    repo,
     ref,
     path: path || ""
   };

package/dist/node/sources/index.js

@@ -1,32 +1,4 @@
 import { createRequire } from "node:module";
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __moduleCache = /* @__PURE__ */ new WeakMap;
-var __toCommonJS = (from) => {
-  var entry = __moduleCache.get(from), desc;
-  if (entry)
-    return entry;
-  entry = __defProp({}, "__esModule", { value: true });
-  if (from && typeof from === "object" || typeof from === "function")
-    __getOwnPropNames(from).map((key) => !__hasOwnProp.call(entry, key) && __defProp(entry, key, {
-      get: () => from[key],
-      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
-    }));
-  __moduleCache.set(from, entry);
-  return entry;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, {
-      get: all[name],
-      enumerable: true,
-      configurable: true,
-      set: (newValue) => all[name] = () => newValue
-    });
-};
-var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // src/core/lockfile.ts
@@ -103,9 +75,14 @@ function parseGitSourceRef(source) {
   if (parts.length < 2) {
     throw new Error(`Invalid git source reference: "${source}". Expected owner/repo format.`);
   }
+  const owner = parts[0];
+  const repo = parts[1];
+  if (!owner || !repo) {
+    throw new Error(`Invalid git source reference: "${source}". Expected owner/repo format.`);
+  }
   return {
-    owner: parts[0],
-    repo: parts[1],
+    owner,
+    repo,
     ref,
     path: path || ""
   };
@@ -174,6 +151,36 @@ function npmSourceKey(parsed) {
   return `npm:${parsed.packageName}`;
 }
 
+// src/sources/registry-ref.ts
+function parseRegistrySourceRef(source) {
+  let s = source;
+  if (s.startsWith("registry:")) {
+    s = s.slice(9);
+  }
+  if (!s) {
+    throw new Error(`Invalid registry source reference: "${source}". Expected pack name.`);
+  }
+  let version = "latest";
+  const atIdx = s.indexOf("@");
+  if (atIdx > 0) {
+    version = s.slice(atIdx + 1);
+    s = s.slice(0, atIdx);
+  }
+  if (!s) {
+    throw new Error(`Invalid registry source reference: "${source}". Pack name is empty.`);
+  }
+  if (!/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/.test(s)) {
+    throw new Error(`Invalid registry pack name: "${s}". Must be lowercase alphanumeric with hyphens.`);
+  }
+  return { packName: s, version };
+}
+function isRegistryPackRef(packRef) {
+  return packRef.startsWith("registry:");
+}
+function registrySourceKey(parsed) {
+  return `registry:${parsed.packName}`;
+}
+
 // src/sources/git.ts
 import { mkdirSync, writeFileSync as writeFileSync2 } from "fs";
 import { resolve as resolve3, join } from "path";
@@ -306,7 +313,7 @@ async function installGitSource(projectRoot, source, lockfile, options = {}) {
 }
 
 // src/sources/npm.ts
-import { mkdirSync as mkdirSync2, existsSync as existsSync3 } from "fs";
+import { mkdirSync as mkdirSync2, existsSync as existsSync3, readdirSync } from "fs";
 import { resolve as resolve4, join as join2 } from "path";
 import { execSync } from "child_process";
 var NPM_REGISTRY = "https://registry.npmjs.org";
@@ -331,18 +338,15 @@ async function installNpmSource(projectRoot, source, lockfile, options = {}) {
     throw new Error(`Frozen mode: no lockfile entry for source "${sourceKey}".`);
   }
   let resolvedVersion;
-  let tarballUrl;
   if (locked && !options.update) {
     resolvedVersion = locked.resolvedRef;
-    tarballUrl = "";
   } else {
     const resolved = await resolveNpmVersion(parsed);
     resolvedVersion = resolved.version;
-    tarballUrl = resolved.tarball;
   }
   const curatedDir = resolve4(projectRoot, ".agentpacks", ".curated");
   mkdirSync2(curatedDir, { recursive: true });
-  const packDir = extractNpmPack(parsed, resolvedVersion, curatedDir, installed, warnings);
+  extractNpmPack(parsed, resolvedVersion, curatedDir, installed, warnings);
   const newEntry = {
     requestedRef: parsed.version,
     resolvedRef: resolvedVersion,
@@ -364,12 +368,17 @@ function extractNpmPack(parsed, version, curatedDir, installed, warnings) {
       stdio: "pipe",
       timeout: 30000
     });
-    const tgzFiles = __require("fs").readdirSync(tmpDir).filter((f) => f.endsWith(".tgz"));
+    const tgzFiles = readdirSync(tmpDir).filter((f) => f.endsWith(".tgz"));
     if (tgzFiles.length === 0) {
       warnings.push(`No tarball found for ${pkgSpec}`);
       return packOutDir;
     }
-    const tgzPath = join2(tmpDir, tgzFiles[0]);
+    const firstTgz = tgzFiles[0];
+    if (!firstTgz) {
+      warnings.push(`No tarball found for ${pkgSpec}`);
+      return packOutDir;
+    }
+    const tgzPath = join2(tmpDir, firstTgz);
     mkdirSync2(packOutDir, { recursive: true });
     execSync(`tar xzf "${tgzPath}" -C "${packOutDir}" --strip-components=1`, {
       stdio: "pipe",
@@ -387,8 +396,7 @@ function extractNpmPack(parsed, version, curatedDir, installed, warnings) {
   return packOutDir;
 }
 function collectFiles(dir, out) {
-  const fs = __require("fs");
-  const entries = fs.readdirSync(dir, { withFileTypes: true });
+  const entries = readdirSync(dir, { withFileTypes: true });
   for (const entry of entries) {
     const full = join2(dir, entry.name);
     if (entry.isDirectory()) {
@@ -398,16 +406,306 @@ function collectFiles(dir, out) {
     }
   }
 }
+
+// src/utils/registry-client.ts
+var DEFAULT_REGISTRY_URL = "https://registry.agentpacks.dev";
+function createRegistryClient(config) {
+  return new RegistryClient({
+    registryUrl: config?.registryUrl ?? DEFAULT_REGISTRY_URL,
+    authToken: config?.authToken,
+    timeout: config?.timeout ?? 30000
+  });
+}
+
+class RegistryClient {
+  config;
+  constructor(config) {
+    this.config = {
+      registryUrl: config.registryUrl.replace(/\/+$/, ""),
+      authToken: config.authToken,
+      timeout: config.timeout ?? 30000
+    };
+  }
+  async search(params) {
+    const searchParams = new URLSearchParams;
+    if (params.query)
+      searchParams.set("q", params.query);
+    if (params.tags?.length)
+      searchParams.set("tags", params.tags.join(","));
+    if (params.targets?.length)
+      searchParams.set("targets", params.targets.join(","));
+    if (params.features?.length)
+      searchParams.set("features", params.features.join(","));
+    if (params.author)
+      searchParams.set("author", params.author);
+    if (params.sort)
+      searchParams.set("sort", params.sort);
+    if (params.limit)
+      searchParams.set("limit", String(params.limit));
+    if (params.offset)
+      searchParams.set("offset", String(params.offset));
+    const url = `${this.config.registryUrl}/packs?${searchParams.toString()}`;
+    const res = await this.fetch(url);
+    return res;
+  }
+  async info(packName) {
+    const url = `${this.config.registryUrl}/packs/${encodeURIComponent(packName)}`;
+    const res = await this.fetch(url);
+    return res;
+  }
+  async download(packName, version = "latest") {
+    const url = `${this.config.registryUrl}/packs/${encodeURIComponent(packName)}/versions/${encodeURIComponent(version)}/download`;
+    const response = await fetch(url, {
+      headers: this.headers(),
+      signal: AbortSignal.timeout(this.config.timeout)
+    });
+    if (!response.ok) {
+      throw new RegistryApiError(response.status, `Failed to download ${packName}@${version}: ${response.statusText}`);
+    }
+    const integrity = response.headers.get("x-integrity") ?? "";
+    const data = await response.arrayBuffer();
+    return { data, integrity };
+  }
+  async publish(tarball, metadata) {
+    if (!this.config.authToken) {
+      throw new Error("Authentication required. Run `agentpacks login` first.");
+    }
+    const formData = new FormData;
+    formData.append("tarball", new Blob([tarball], { type: "application/gzip" }), `${metadata.name}-${metadata.version}.tgz`);
+    formData.append("metadata", JSON.stringify(metadata));
+    const url = `${this.config.registryUrl}/packs`;
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${this.config.authToken}`
+      },
+      body: formData,
+      signal: AbortSignal.timeout(this.config.timeout)
+    });
+    if (!response.ok) {
+      const body = await response.text();
+      throw new RegistryApiError(response.status, `Publish failed: ${body || response.statusText}`);
+    }
+    return await response.json();
+  }
+  async featured(limit) {
+    const url = limit ? `${this.config.registryUrl}/featured?limit=${limit}` : `${this.config.registryUrl}/featured`;
+    const res = await this.fetch(url);
+    return res.packs;
+  }
+  async tags() {
+    const url = `${this.config.registryUrl}/tags`;
+    const res = await this.fetch(url);
+    return res.tags;
+  }
+  async stats() {
+    const url = `${this.config.registryUrl}/stats`;
+    return await this.fetch(url);
+  }
+  async health() {
+    try {
+      const url = `${this.config.registryUrl}/health`;
+      await this.fetch(url);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async fetch(url) {
+    const response = await fetch(url, {
+      headers: this.headers(),
+      signal: AbortSignal.timeout(this.config.timeout)
+    });
+    if (!response.ok) {
+      const body = await response.text();
+      throw new RegistryApiError(response.status, body || response.statusText);
+    }
+    return response.json();
+  }
+  headers() {
+    const h = {
+      Accept: "application/json"
+    };
+    if (this.config.authToken) {
+      h["Authorization"] = `Bearer ${this.config.authToken}`;
+    }
+    return h;
+  }
+}
+
+class RegistryApiError extends Error {
+  status;
+  constructor(status, message) {
+    super(message);
+    this.name = "RegistryApiError";
+    this.status = status;
+  }
+}
+
+// src/utils/credentials.ts
+import { existsSync as existsSync4, readFileSync as readFileSync2, writeFileSync as writeFileSync3, mkdirSync as mkdirSync3 } from "fs";
+import { join as join3, dirname } from "path";
+import { homedir } from "os";
+var CONFIG_DIR = join3(homedir(), ".config", "agentpacks");
+var CREDENTIALS_FILE = join3(CONFIG_DIR, "credentials.json");
+function loadCredentials() {
+  if (!existsSync4(CREDENTIALS_FILE)) {
+    return { registryUrl: "https://registry.agentpacks.dev" };
+  }
+  try {
+    const raw = readFileSync2(CREDENTIALS_FILE, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return { registryUrl: "https://registry.agentpacks.dev" };
+  }
+}
+function saveCredentials(credentials) {
+  mkdirSync3(dirname(CREDENTIALS_FILE), { recursive: true });
+  writeFileSync3(CREDENTIALS_FILE, JSON.stringify(credentials, null, 2) + `
+`, {
+    mode: 384
+  });
+}
+function clearCredentials() {
+  if (existsSync4(CREDENTIALS_FILE)) {
+    writeFileSync3(CREDENTIALS_FILE, JSON.stringify({ registryUrl: "https://registry.agentpacks.dev" }) + `
+`);
+  }
+}
+
+// src/utils/tarball.ts
+import { execSync as execSync2 } from "child_process";
+import { readFileSync as readFileSync3, existsSync as existsSync5, mkdirSync as mkdirSync4, rmSync } from "fs";
+import { join as join4, resolve as resolve5 } from "path";
+import { createHash as createHash2 } from "crypto";
+import { tmpdir } from "os";
+async function createTarball(packDir) {
+  const absDir = resolve5(packDir);
+  const tmpFile = join4(tmpdir(), `agentpacks-${Date.now()}.tgz`);
+  try {
+    execSync2(`tar -czf "${tmpFile}" -C "${absDir}" .`, {
+      stdio: "pipe"
+    });
+    const buffer = readFileSync3(tmpFile);
+    return buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);
+  } finally {
+    if (existsSync5(tmpFile)) {
+      rmSync(tmpFile);
+    }
+  }
+}
+async function extractTarball(data, targetDir) {
+  mkdirSync4(targetDir, { recursive: true });
+  const tmpFile = join4(tmpdir(), `agentpacks-${Date.now()}.tgz`);
+  try {
+    const buffer = Buffer.from(data);
+    const { writeFileSync: writeFileSync4 } = await import("fs");
+    writeFileSync4(tmpFile, buffer);
+    execSync2(`tar -xzf "${tmpFile}" -C "${targetDir}"`, {
+      stdio: "pipe"
+    });
+  } finally {
+    if (existsSync5(tmpFile)) {
+      rmSync(tmpFile);
+    }
+  }
+}
+function computeTarballIntegrity(data) {
+  const hash = createHash2("sha256").update(Buffer.from(data)).digest("hex");
+  return `sha256-${hash}`;
+}
+
+// src/sources/registry.ts
+import { existsSync as existsSync6, mkdirSync as mkdirSync5, readdirSync as readdirSync2, rmSync as rmSync2 } from "fs";
+import { resolve as resolve6, join as join5 } from "path";
+async function installRegistrySource(projectRoot, source, lockfile, options = {}) {
+  const parsed = parseRegistrySourceRef(source);
+  const sourceKey = registrySourceKey(parsed);
+  const installed = [];
+  const warnings = [];
+  const locked = getLockedSource(lockfile, sourceKey);
+  if (options.frozen && !locked) {
+    throw new Error(`Frozen mode: no lockfile entry for source "${sourceKey}".`);
+  }
+  let targetVersion = parsed.version;
+  if (locked && !options.update) {
+    targetVersion = locked.resolvedRef;
+  } else if (targetVersion === "latest") {
+    const clientCfg2 = buildClientConfig(options.registryUrl);
+    const client2 = createRegistryClient(clientCfg2);
+    const info = await client2.info(parsed.packName);
+    targetVersion = info.latestVersion;
+  }
+  const clientCfg = buildClientConfig(options.registryUrl);
+  const client = createRegistryClient(clientCfg);
+  const { data } = await client.download(parsed.packName, targetVersion);
+  const localIntegrity = computeTarballIntegrity(data);
+  if (locked && !options.update && locked.skills?.["__integrity"]) {
+    const expectedIntegrity = locked.skills["__integrity"].integrity;
+    if (expectedIntegrity && localIntegrity !== expectedIntegrity) {
+      throw new Error(`Integrity mismatch for ${parsed.packName}@${targetVersion}. ` + `Expected ${expectedIntegrity}, got ${localIntegrity}.`);
+    }
+  }
+  const curatedDir = resolve6(projectRoot, ".agentpacks", ".curated");
+  const packOutDir = resolve6(curatedDir, parsed.packName);
+  if (existsSync6(packOutDir)) {
+    rmSync2(packOutDir, { recursive: true, force: true });
+  }
+  mkdirSync5(packOutDir, { recursive: true });
+  await extractTarball(data, packOutDir);
+  collectFiles2(packOutDir, installed);
+  const newEntry = {
+    requestedRef: parsed.version,
+    resolvedRef: targetVersion,
+    resolvedAt: new Date().toISOString(),
+    skills: {
+      __integrity: { integrity: localIntegrity }
+    },
+    packs: {
+      [parsed.packName]: { integrity: localIntegrity }
+    }
+  };
+  setLockedSource(lockfile, sourceKey, newEntry);
+  return { installed, warnings };
+}
+function buildClientConfig(registryUrl) {
+  const cfg = {};
+  if (registryUrl) {
+    cfg.registryUrl = registryUrl;
+  }
+  try {
+    const creds = loadCredentials();
+    if (creds?.token) {
+      cfg.authToken = creds.token;
+    }
+  } catch {}
+  return cfg;
+}
+function collectFiles2(dir, out) {
+  const entries = readdirSync2(dir, { withFileTypes: true });
+  for (const entry of entries) {
+    const full = join5(dir, entry.name);
+    if (entry.isDirectory()) {
+      collectFiles2(full, out);
+    } else {
+      out.push(full);
+    }
+  }
+}
 export {
   resolveNpmVersion,
   resolveLocalPack,
   resolveGitRef,
+  registrySourceKey,
+  parseRegistrySourceRef,
   parseNpmSourceRef,
   parseGitSourceRef,
   npmSourceKey,
+  isRegistryPackRef,
   isNpmPackRef,
   isLocalPackRef,
   isGitPackRef,
+  installRegistrySource,
   installNpmSource,
   installGitSource,
   gitSourceKey,

package/dist/node/sources/local.js

@@ -1,32 +1,4 @@
 import { createRequire } from "node:module";
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __moduleCache = /* @__PURE__ */ new WeakMap;
-var __toCommonJS = (from) => {
-  var entry = __moduleCache.get(from), desc;
-  if (entry)
-    return entry;
-  entry = __defProp({}, "__esModule", { value: true });
-  if (from && typeof from === "object" || typeof from === "function")
-    __getOwnPropNames(from).map((key) => !__hasOwnProp.call(entry, key) && __defProp(entry, key, {
-      get: () => from[key],
-      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
-    }));
-  __moduleCache.set(from, entry);
-  return entry;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, {
-      get: all[name],
-      enumerable: true,
-      configurable: true,
-      set: (newValue) => all[name] = () => newValue
-    });
-};
-var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // src/sources/local.ts

package/dist/node/sources/npm-ref.js

@@ -1,32 +1,4 @@
 import { createRequire } from "node:module";
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __moduleCache = /* @__PURE__ */ new WeakMap;
-var __toCommonJS = (from) => {
-  var entry = __moduleCache.get(from), desc;
-  if (entry)
-    return entry;
-  entry = __defProp({}, "__esModule", { value: true });
-  if (from && typeof from === "object" || typeof from === "function")
-    __getOwnPropNames(from).map((key) => !__hasOwnProp.call(entry, key) && __defProp(entry, key, {
-      get: () => from[key],
-      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
-    }));
-  __moduleCache.set(from, entry);
-  return entry;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, {
-      get: all[name],
-      enumerable: true,
-      configurable: true,
-      set: (newValue) => all[name] = () => newValue
-    });
-};
-var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // src/sources/npm-ref.ts