agentpacks 0.3.0 → 0.4.0

package/dist/node/sources/npm.js

@@ -1,32 +1,4 @@
 import { createRequire } from "node:module";
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __moduleCache = /* @__PURE__ */ new WeakMap;
-var __toCommonJS = (from) => {
-  var entry = __moduleCache.get(from), desc;
-  if (entry)
-    return entry;
-  entry = __defProp({}, "__esModule", { value: true });
-  if (from && typeof from === "object" || typeof from === "function")
-    __getOwnPropNames(from).map((key) => !__hasOwnProp.call(entry, key) && __defProp(entry, key, {
-      get: () => from[key],
-      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
-    }));
-  __moduleCache.set(from, entry);
-  return entry;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, {
-      get: all[name],
-      enumerable: true,
-      configurable: true,
-      set: (newValue) => all[name] = () => newValue
-    });
-};
-var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
 var __require = /* @__PURE__ */ createRequire(import.meta.url);
 
 // src/core/lockfile.ts
@@ -113,7 +85,7 @@ function npmSourceKey(parsed) {
 }
 
 // src/sources/npm.ts
-import { mkdirSync, existsSync as existsSync2 } from "fs";
+import { mkdirSync, existsSync as existsSync2, readdirSync } from "fs";
 import { resolve as resolve2, join } from "path";
 import { execSync } from "child_process";
 var NPM_REGISTRY = "https://registry.npmjs.org";
@@ -138,18 +110,15 @@ async function installNpmSource(projectRoot, source, lockfile, options = {}) {
     throw new Error(`Frozen mode: no lockfile entry for source "${sourceKey}".`);
   }
   let resolvedVersion;
-  let tarballUrl;
   if (locked && !options.update) {
     resolvedVersion = locked.resolvedRef;
-    tarballUrl = "";
   } else {
     const resolved = await resolveNpmVersion(parsed);
     resolvedVersion = resolved.version;
-    tarballUrl = resolved.tarball;
   }
   const curatedDir = resolve2(projectRoot, ".agentpacks", ".curated");
   mkdirSync(curatedDir, { recursive: true });
-  const packDir = extractNpmPack(parsed, resolvedVersion, curatedDir, installed, warnings);
+  extractNpmPack(parsed, resolvedVersion, curatedDir, installed, warnings);
   const newEntry = {
     requestedRef: parsed.version,
     resolvedRef: resolvedVersion,
@@ -171,12 +140,17 @@ function extractNpmPack(parsed, version, curatedDir, installed, warnings) {
       stdio: "pipe",
       timeout: 30000
     });
-    const tgzFiles = __require("fs").readdirSync(tmpDir).filter((f) => f.endsWith(".tgz"));
+    const tgzFiles = readdirSync(tmpDir).filter((f) => f.endsWith(".tgz"));
     if (tgzFiles.length === 0) {
       warnings.push(`No tarball found for ${pkgSpec}`);
       return packOutDir;
     }
-    const tgzPath = join(tmpDir, tgzFiles[0]);
+    const firstTgz = tgzFiles[0];
+    if (!firstTgz) {
+      warnings.push(`No tarball found for ${pkgSpec}`);
+      return packOutDir;
+    }
+    const tgzPath = join(tmpDir, firstTgz);
     mkdirSync(packOutDir, { recursive: true });
     execSync(`tar xzf "${tgzPath}" -C "${packOutDir}" --strip-components=1`, {
       stdio: "pipe",
@@ -194,8 +168,7 @@ function extractNpmPack(parsed, version, curatedDir, installed, warnings) {
   return packOutDir;
 }
 function collectFiles(dir, out) {
-  const fs = __require("fs");
-  const entries = fs.readdirSync(dir, { withFileTypes: true });
+  const entries = readdirSync(dir, { withFileTypes: true });
   for (const entry of entries) {
     const full = join(dir, entry.name);
     if (entry.isDirectory()) {

package/dist/node/sources/registry-ref.js

@@ -0,0 +1,37 @@
+import { createRequire } from "node:module";
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+// src/sources/registry-ref.ts
+function parseRegistrySourceRef(source) {
+  let s = source;
+  if (s.startsWith("registry:")) {
+    s = s.slice(9);
+  }
+  if (!s) {
+    throw new Error(`Invalid registry source reference: "${source}". Expected pack name.`);
+  }
+  let version = "latest";
+  const atIdx = s.indexOf("@");
+  if (atIdx > 0) {
+    version = s.slice(atIdx + 1);
+    s = s.slice(0, atIdx);
+  }
+  if (!s) {
+    throw new Error(`Invalid registry source reference: "${source}". Pack name is empty.`);
+  }
+  if (!/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/.test(s)) {
+    throw new Error(`Invalid registry pack name: "${s}". Must be lowercase alphanumeric with hyphens.`);
+  }
+  return { packName: s, version };
+}
+function isRegistryPackRef(packRef) {
+  return packRef.startsWith("registry:");
+}
+function registrySourceKey(parsed) {
+  return `registry:${parsed.packName}`;
+}
+export {
+  registrySourceKey,
+  parseRegistrySourceRef,
+  isRegistryPackRef
+};

package/dist/node/sources/registry.js

@@ -0,0 +1,355 @@
+import { createRequire } from "node:module";
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+// src/core/lockfile.ts
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { resolve } from "path";
+import { createHash } from "crypto";
+var LOCKFILE_VERSION = 1;
+var LOCKFILE_NAME = "agentpacks.lock";
+function loadLockfile(projectRoot) {
+  const filepath = resolve(projectRoot, LOCKFILE_NAME);
+  if (!existsSync(filepath)) {
+    return { lockfileVersion: LOCKFILE_VERSION, sources: {} };
+  }
+  const raw = readFileSync(filepath, "utf-8");
+  return JSON.parse(raw);
+}
+function saveLockfile(projectRoot, lockfile) {
+  const filepath = resolve(projectRoot, LOCKFILE_NAME);
+  writeFileSync(filepath, JSON.stringify(lockfile, null, 2) + `
+`);
+}
+function getLockedSource(lockfile, sourceKey) {
+  return lockfile.sources[sourceKey];
+}
+function setLockedSource(lockfile, sourceKey, entry) {
+  lockfile.sources[sourceKey] = entry;
+}
+function computeIntegrity(content) {
+  const hash = createHash("sha256").update(content).digest("hex");
+  return `sha256-${hash}`;
+}
+function isLockfileFrozenValid(lockfile, sourceKeys) {
+  const missing = sourceKeys.filter((key) => !(key in lockfile.sources));
+  return { valid: missing.length === 0, missing };
+}
+
+// src/sources/registry-ref.ts
+function parseRegistrySourceRef(source) {
+  let s = source;
+  if (s.startsWith("registry:")) {
+    s = s.slice(9);
+  }
+  if (!s) {
+    throw new Error(`Invalid registry source reference: "${source}". Expected pack name.`);
+  }
+  let version = "latest";
+  const atIdx = s.indexOf("@");
+  if (atIdx > 0) {
+    version = s.slice(atIdx + 1);
+    s = s.slice(0, atIdx);
+  }
+  if (!s) {
+    throw new Error(`Invalid registry source reference: "${source}". Pack name is empty.`);
+  }
+  if (!/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/.test(s)) {
+    throw new Error(`Invalid registry pack name: "${s}". Must be lowercase alphanumeric with hyphens.`);
+  }
+  return { packName: s, version };
+}
+function isRegistryPackRef(packRef) {
+  return packRef.startsWith("registry:");
+}
+function registrySourceKey(parsed) {
+  return `registry:${parsed.packName}`;
+}
+
+// src/utils/registry-client.ts
+var DEFAULT_REGISTRY_URL = "https://registry.agentpacks.dev";
+function createRegistryClient(config) {
+  return new RegistryClient({
+    registryUrl: config?.registryUrl ?? DEFAULT_REGISTRY_URL,
+    authToken: config?.authToken,
+    timeout: config?.timeout ?? 30000
+  });
+}
+
+class RegistryClient {
+  config;
+  constructor(config) {
+    this.config = {
+      registryUrl: config.registryUrl.replace(/\/+$/, ""),
+      authToken: config.authToken,
+      timeout: config.timeout ?? 30000
+    };
+  }
+  async search(params) {
+    const searchParams = new URLSearchParams;
+    if (params.query)
+      searchParams.set("q", params.query);
+    if (params.tags?.length)
+      searchParams.set("tags", params.tags.join(","));
+    if (params.targets?.length)
+      searchParams.set("targets", params.targets.join(","));
+    if (params.features?.length)
+      searchParams.set("features", params.features.join(","));
+    if (params.author)
+      searchParams.set("author", params.author);
+    if (params.sort)
+      searchParams.set("sort", params.sort);
+    if (params.limit)
+      searchParams.set("limit", String(params.limit));
+    if (params.offset)
+      searchParams.set("offset", String(params.offset));
+    const url = `${this.config.registryUrl}/packs?${searchParams.toString()}`;
+    const res = await this.fetch(url);
+    return res;
+  }
+  async info(packName) {
+    const url = `${this.config.registryUrl}/packs/${encodeURIComponent(packName)}`;
+    const res = await this.fetch(url);
+    return res;
+  }
+  async download(packName, version = "latest") {
+    const url = `${this.config.registryUrl}/packs/${encodeURIComponent(packName)}/versions/${encodeURIComponent(version)}/download`;
+    const response = await fetch(url, {
+      headers: this.headers(),
+      signal: AbortSignal.timeout(this.config.timeout)
+    });
+    if (!response.ok) {
+      throw new RegistryApiError(response.status, `Failed to download ${packName}@${version}: ${response.statusText}`);
+    }
+    const integrity = response.headers.get("x-integrity") ?? "";
+    const data = await response.arrayBuffer();
+    return { data, integrity };
+  }
+  async publish(tarball, metadata) {
+    if (!this.config.authToken) {
+      throw new Error("Authentication required. Run `agentpacks login` first.");
+    }
+    const formData = new FormData;
+    formData.append("tarball", new Blob([tarball], { type: "application/gzip" }), `${metadata.name}-${metadata.version}.tgz`);
+    formData.append("metadata", JSON.stringify(metadata));
+    const url = `${this.config.registryUrl}/packs`;
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${this.config.authToken}`
+      },
+      body: formData,
+      signal: AbortSignal.timeout(this.config.timeout)
+    });
+    if (!response.ok) {
+      const body = await response.text();
+      throw new RegistryApiError(response.status, `Publish failed: ${body || response.statusText}`);
+    }
+    return await response.json();
+  }
+  async featured(limit) {
+    const url = limit ? `${this.config.registryUrl}/featured?limit=${limit}` : `${this.config.registryUrl}/featured`;
+    const res = await this.fetch(url);
+    return res.packs;
+  }
+  async tags() {
+    const url = `${this.config.registryUrl}/tags`;
+    const res = await this.fetch(url);
+    return res.tags;
+  }
+  async stats() {
+    const url = `${this.config.registryUrl}/stats`;
+    return await this.fetch(url);
+  }
+  async health() {
+    try {
+      const url = `${this.config.registryUrl}/health`;
+      await this.fetch(url);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async fetch(url) {
+    const response = await fetch(url, {
+      headers: this.headers(),
+      signal: AbortSignal.timeout(this.config.timeout)
+    });
+    if (!response.ok) {
+      const body = await response.text();
+      throw new RegistryApiError(response.status, body || response.statusText);
+    }
+    return response.json();
+  }
+  headers() {
+    const h = {
+      Accept: "application/json"
+    };
+    if (this.config.authToken) {
+      h["Authorization"] = `Bearer ${this.config.authToken}`;
+    }
+    return h;
+  }
+}
+
+class RegistryApiError extends Error {
+  status;
+  constructor(status, message) {
+    super(message);
+    this.name = "RegistryApiError";
+    this.status = status;
+  }
+}
+
+// src/utils/credentials.ts
+import { existsSync as existsSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync } from "fs";
+import { join, dirname } from "path";
+import { homedir } from "os";
+var CONFIG_DIR = join(homedir(), ".config", "agentpacks");
+var CREDENTIALS_FILE = join(CONFIG_DIR, "credentials.json");
+function loadCredentials() {
+  if (!existsSync2(CREDENTIALS_FILE)) {
+    return { registryUrl: "https://registry.agentpacks.dev" };
+  }
+  try {
+    const raw = readFileSync2(CREDENTIALS_FILE, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return { registryUrl: "https://registry.agentpacks.dev" };
+  }
+}
+function saveCredentials(credentials) {
+  mkdirSync(dirname(CREDENTIALS_FILE), { recursive: true });
+  writeFileSync2(CREDENTIALS_FILE, JSON.stringify(credentials, null, 2) + `
+`, {
+    mode: 384
+  });
+}
+function clearCredentials() {
+  if (existsSync2(CREDENTIALS_FILE)) {
+    writeFileSync2(CREDENTIALS_FILE, JSON.stringify({ registryUrl: "https://registry.agentpacks.dev" }) + `
+`);
+  }
+}
+
+// src/utils/tarball.ts
+import { execSync } from "child_process";
+import { readFileSync as readFileSync3, existsSync as existsSync3, mkdirSync as mkdirSync2, rmSync } from "fs";
+import { join as join2, resolve as resolve2 } from "path";
+import { createHash as createHash2 } from "crypto";
+import { tmpdir } from "os";
+async function createTarball(packDir) {
+  const absDir = resolve2(packDir);
+  const tmpFile = join2(tmpdir(), `agentpacks-${Date.now()}.tgz`);
+  try {
+    execSync(`tar -czf "${tmpFile}" -C "${absDir}" .`, {
+      stdio: "pipe"
+    });
+    const buffer = readFileSync3(tmpFile);
+    return buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);
+  } finally {
+    if (existsSync3(tmpFile)) {
+      rmSync(tmpFile);
+    }
+  }
+}
+async function extractTarball(data, targetDir) {
+  mkdirSync2(targetDir, { recursive: true });
+  const tmpFile = join2(tmpdir(), `agentpacks-${Date.now()}.tgz`);
+  try {
+    const buffer = Buffer.from(data);
+    const { writeFileSync: writeFileSync3 } = await import("fs");
+    writeFileSync3(tmpFile, buffer);
+    execSync(`tar -xzf "${tmpFile}" -C "${targetDir}"`, {
+      stdio: "pipe"
+    });
+  } finally {
+    if (existsSync3(tmpFile)) {
+      rmSync(tmpFile);
+    }
+  }
+}
+function computeTarballIntegrity(data) {
+  const hash = createHash2("sha256").update(Buffer.from(data)).digest("hex");
+  return `sha256-${hash}`;
+}
+
+// src/sources/registry.ts
+import { existsSync as existsSync4, mkdirSync as mkdirSync3, readdirSync, rmSync as rmSync2 } from "fs";
+import { resolve as resolve3, join as join3 } from "path";
+async function installRegistrySource(projectRoot, source, lockfile, options = {}) {
+  const parsed = parseRegistrySourceRef(source);
+  const sourceKey = registrySourceKey(parsed);
+  const installed = [];
+  const warnings = [];
+  const locked = getLockedSource(lockfile, sourceKey);
+  if (options.frozen && !locked) {
+    throw new Error(`Frozen mode: no lockfile entry for source "${sourceKey}".`);
+  }
+  let targetVersion = parsed.version;
+  if (locked && !options.update) {
+    targetVersion = locked.resolvedRef;
+  } else if (targetVersion === "latest") {
+    const clientCfg2 = buildClientConfig(options.registryUrl);
+    const client2 = createRegistryClient(clientCfg2);
+    const info = await client2.info(parsed.packName);
+    targetVersion = info.latestVersion;
+  }
+  const clientCfg = buildClientConfig(options.registryUrl);
+  const client = createRegistryClient(clientCfg);
+  const { data } = await client.download(parsed.packName, targetVersion);
+  const localIntegrity = computeTarballIntegrity(data);
+  if (locked && !options.update && locked.skills?.["__integrity"]) {
+    const expectedIntegrity = locked.skills["__integrity"].integrity;
+    if (expectedIntegrity && localIntegrity !== expectedIntegrity) {
+      throw new Error(`Integrity mismatch for ${parsed.packName}@${targetVersion}. ` + `Expected ${expectedIntegrity}, got ${localIntegrity}.`);
+    }
+  }
+  const curatedDir = resolve3(projectRoot, ".agentpacks", ".curated");
+  const packOutDir = resolve3(curatedDir, parsed.packName);
+  if (existsSync4(packOutDir)) {
+    rmSync2(packOutDir, { recursive: true, force: true });
+  }
+  mkdirSync3(packOutDir, { recursive: true });
+  await extractTarball(data, packOutDir);
+  collectFiles(packOutDir, installed);
+  const newEntry = {
+    requestedRef: parsed.version,
+    resolvedRef: targetVersion,
+    resolvedAt: new Date().toISOString(),
+    skills: {
+      __integrity: { integrity: localIntegrity }
+    },
+    packs: {
+      [parsed.packName]: { integrity: localIntegrity }
+    }
+  };
+  setLockedSource(lockfile, sourceKey, newEntry);
+  return { installed, warnings };
+}
+function buildClientConfig(registryUrl) {
+  const cfg = {};
+  if (registryUrl) {
+    cfg.registryUrl = registryUrl;
+  }
+  try {
+    const creds = loadCredentials();
+    if (creds?.token) {
+      cfg.authToken = creds.token;
+    }
+  } catch {}
+  return cfg;
+}
+function collectFiles(dir, out) {
+  const entries = readdirSync(dir, { withFileTypes: true });
+  for (const entry of entries) {
+    const full = join3(dir, entry.name);
+    if (entry.isDirectory()) {
+      collectFiles(full, out);
+    } else {
+      out.push(full);
+    }
+  }
+}
+export {
+  installRegistrySource
+};