agentpacks 1.7.13 → 1.8.0

package/dist/node/cli/install.js

@@ -1,903 +1,4 @@
-import { createRequire } from "node:module";
-var __require = /* @__PURE__ */ createRequire(import.meta.url);
-
-// src/core/config.ts
-import { existsSync, readFileSync } from "fs";
-import { parse as parseJsonc } from "jsonc-parser";
-import { resolve } from "path";
-import { z } from "zod";
-var TARGET_IDS = [
-  "opencode",
-  "cursor",
-  "claudecode",
-  "codexcli",
-  "mistralvibe",
-  "geminicli",
-  "copilot",
-  "agentsmd",
-  "cline",
-  "kilo",
-  "roo",
-  "qwencode",
-  "kiro",
-  "factorydroid",
-  "antigravity",
-  "junie",
-  "augmentcode",
-  "windsurf",
-  "warp",
-  "replit",
-  "zed"
-];
-var FEATURE_IDS = [
-  "rules",
-  "commands",
-  "agents",
-  "skills",
-  "hooks",
-  "plugins",
-  "mcp",
-  "ignore",
-  "models"
-];
-var REPO_MODES = ["repo", "monorepo", "metarepo"];
-var PackManifestSchema = z.object({
-  name: z.string().min(1),
-  version: z.string().default("1.0.0"),
-  description: z.string().default(""),
-  author: z.union([
-    z.string(),
-    z.object({ name: z.string(), email: z.string().optional() })
-  ]).optional(),
-  homepage: z.string().optional(),
-  repository: z.union([
-    z.string(),
-    z.object({ url: z.string(), type: z.string().optional() })
-  ]).optional(),
-  license: z.string().optional(),
-  logo: z.string().optional(),
-  tags: z.array(z.string()).default([]),
-  dependencies: z.array(z.string()).default([]),
-  conflicts: z.array(z.string()).default([]),
-  targets: z.union([z.literal("*"), z.array(z.string())]).default("*"),
-  features: z.union([z.literal("*"), z.array(z.string())]).default("*")
-});
-var FeaturesSchema = z.union([
-  z.literal("*"),
-  z.array(z.string()),
-  z.record(z.string(), z.union([z.literal("*"), z.array(z.string())]))
-]);
-var WorkspaceConfigSchema = z.object({
-  $schema: z.string().optional(),
-  packs: z.array(z.string()).default(["./packs/default"]),
-  disabled: z.array(z.string()).default([]),
-  targets: z.union([z.literal("*"), z.array(z.string())]).default("*"),
-  features: FeaturesSchema.default("*"),
-  mode: z.enum(REPO_MODES).default("repo"),
-  baseDirs: z.array(z.string()).default(["."]),
-  global: z.boolean().default(false),
-  delete: z.boolean().default(true),
-  verbose: z.boolean().default(false),
-  silent: z.boolean().default(false),
-  overrides: z.record(z.string(), z.record(z.string(), z.string())).default({}),
-  sources: z.array(z.object({
-    source: z.string(),
-    packs: z.array(z.string()).optional(),
-    skills: z.array(z.string()).optional()
-  })).default([]),
-  modelProfile: z.string().optional()
-});
-var CONFIG_FILES = ["agentpacks.local.jsonc", "agentpacks.jsonc"];
-function loadWorkspaceConfig(projectRoot) {
-  for (const filename of CONFIG_FILES) {
-    const filepath = resolve(projectRoot, filename);
-    if (existsSync(filepath)) {
-      const raw = readFileSync(filepath, "utf-8");
-      const parsed = parseJsonc(raw);
-      return WorkspaceConfigSchema.parse(parsed);
-    }
-  }
-  return WorkspaceConfigSchema.parse({});
-}
-function loadPackManifest(packDir) {
-  const filepath = resolve(packDir, "pack.json");
-  if (!existsSync(filepath)) {
-    const dirName = packDir.split("/").pop() ?? "unknown";
-    return PackManifestSchema.parse({ name: dirName });
-  }
-  const raw = readFileSync(filepath, "utf-8");
-  const parsed = JSON.parse(raw);
-  return PackManifestSchema.parse(parsed);
-}
-function resolveFeatures(config, targetId) {
-  const { features } = config;
-  if (features === "*") {
-    return [...FEATURE_IDS];
-  }
-  if (Array.isArray(features)) {
-    if (features.includes("*"))
-      return [...FEATURE_IDS];
-    return features.filter((f) => FEATURE_IDS.includes(f));
-  }
-  const targetFeatures = features[targetId];
-  if (!targetFeatures)
-    return [];
-  if (targetFeatures === "*")
-    return [...FEATURE_IDS];
-  if (Array.isArray(targetFeatures) && targetFeatures.includes("*"))
-    return [...FEATURE_IDS];
-  return targetFeatures.filter((f) => FEATURE_IDS.includes(f));
-}
-function resolveTargets(config) {
-  if (config.targets === "*")
-    return [...TARGET_IDS];
-  return config.targets;
-}
-
-// src/core/lockfile.ts
-import { createHash } from "crypto";
-import { existsSync as existsSync2, readFileSync as readFileSync2, writeFileSync } from "fs";
-import { resolve as resolve2 } from "path";
-var LOCKFILE_VERSION = 1;
-var LOCKFILE_NAME = "agentpacks.lock";
-function loadLockfile(projectRoot) {
-  const filepath = resolve2(projectRoot, LOCKFILE_NAME);
-  if (!existsSync2(filepath)) {
-    return { lockfileVersion: LOCKFILE_VERSION, sources: {} };
-  }
-  const raw = readFileSync2(filepath, "utf-8");
-  return JSON.parse(raw);
-}
-function saveLockfile(projectRoot, lockfile) {
-  const filepath = resolve2(projectRoot, LOCKFILE_NAME);
-  writeFileSync(filepath, JSON.stringify(lockfile, null, 2) + `
-`);
-}
-function getLockedSource(lockfile, sourceKey) {
-  return lockfile.sources[sourceKey];
-}
-function setLockedSource(lockfile, sourceKey, entry) {
-  lockfile.sources[sourceKey] = entry;
-}
-function computeIntegrity(content) {
-  const hash = createHash("sha256").update(content).digest("hex");
-  return `sha256-${hash}`;
-}
-function isLockfileFrozenValid(lockfile, sourceKeys) {
-  const missing = sourceKeys.filter((key) => !(key in lockfile.sources));
-  return { valid: missing.length === 0, missing };
-}
-
-// src/sources/git-ref.ts
-function parseGitSourceRef(source) {
-  let s = source;
-  if (s.startsWith("github:")) {
-    s = s.slice(7);
-  }
-  let path = "";
-  const atIdx = s.indexOf("@");
-  const colonIdx = s.indexOf(":", atIdx > -1 ? atIdx : 0);
-  if (colonIdx > -1) {
-    path = s.slice(colonIdx + 1);
-    s = s.slice(0, colonIdx);
-  }
-  let ref = "main";
-  if (atIdx > -1) {
-    ref = s.slice(atIdx + 1);
-    s = s.slice(0, atIdx);
-  }
-  const parts = s.split("/");
-  if (parts.length < 2) {
-    throw new Error(`Invalid git source reference: "${source}". Expected owner/repo format.`);
-  }
-  const owner = parts[0];
-  const repo = parts[1];
-  if (!owner || !repo) {
-    throw new Error(`Invalid git source reference: "${source}". Expected owner/repo format.`);
-  }
-  return {
-    owner,
-    repo,
-    ref,
-    path: path || ""
-  };
-}
-function isGitPackRef(packRef) {
-  if (packRef.startsWith("github:"))
-    return true;
-  if (packRef.startsWith("./") || packRef.startsWith("../") || packRef.startsWith("/")) {
-    return false;
-  }
-  if (packRef.startsWith("@") || packRef.startsWith("npm:"))
-    return false;
-  const parts = packRef.split("/");
-  return parts.length === 2 && !packRef.includes("node_modules");
-}
-function gitSourceKey(parsed) {
-  return `${parsed.owner}/${parsed.repo}`;
-}
-
-// src/sources/git.ts
-import { mkdirSync, writeFileSync as writeFileSync2 } from "fs";
-import { join, resolve as resolve3 } from "path";
-var GITHUB_API = "https://api.github.com";
-function githubHeaders(token) {
-  const h = {
-    Accept: "application/vnd.github.v3+json",
-    "User-Agent": "agentpacks"
-  };
-  if (token)
-    h.Authorization = `token ${token}`;
-  return h;
-}
-async function resolveGitRef(parsed, token) {
-  const base = `${GITHUB_API}/repos/${parsed.owner}/${parsed.repo}/git/ref`;
-  const res = await fetch(`${base}/heads/${parsed.ref}`, {
-    headers: githubHeaders(token)
-  });
-  if (!res.ok) {
-    const tagRes = await fetch(`${base}/tags/${parsed.ref}`, {
-      headers: githubHeaders(token)
-    });
-    if (!tagRes.ok) {
-      throw new Error(`Could not resolve ref "${parsed.ref}" for ${parsed.owner}/${parsed.repo}: ${res.status}`);
-    }
-    const tagData = await tagRes.json();
-    return tagData.object.sha;
-  }
-  const data = await res.json();
-  return data.object.sha;
-}
-async function fetchGitDirectory(parsed, sha, subpath, token) {
-  const path = parsed.path ? `${parsed.path}/${subpath}` : subpath;
-  const url = `${GITHUB_API}/repos/${parsed.owner}/${parsed.repo}/contents/${path}?ref=${sha}`;
-  const res = await fetch(url, { headers: githubHeaders(token) });
-  if (!res.ok)
-    return [];
-  return await res.json();
-}
-async function fetchGitFile(downloadUrl, token) {
-  const headers = { "User-Agent": "agentpacks" };
-  if (token)
-    headers.Authorization = `token ${token}`;
-  const res = await fetch(downloadUrl, { headers });
-  if (!res.ok) {
-    throw new Error(`Failed to fetch ${downloadUrl}: ${res.status}`);
-  }
-  return res.text();
-}
-async function fetchAndWriteSubdir(parsed, sha, remotePath, localDir, installed, token) {
-  mkdirSync(localDir, { recursive: true });
-  const entries = await fetchGitDirectory(parsed, sha, remotePath, token);
-  for (const entry of entries) {
-    if (entry.type === "file" && entry.download_url) {
-      const content = await fetchGitFile(entry.download_url, token);
-      const filepath = join(localDir, entry.name);
-      writeFileSync2(filepath, content);
-      installed.push(filepath);
-    } else if (entry.type === "dir") {
-      await fetchAndWriteSubdir(parsed, sha, `${remotePath}/${entry.name}`, join(localDir, entry.name), installed, token);
-    }
-  }
-}
-async function installGitSource(projectRoot, source, lockfile, options = {}) {
-  const parsed = parseGitSourceRef(source);
-  const sourceKey = gitSourceKey(parsed);
-  const installed = [];
-  const warnings = [];
-  let resolvedSha;
-  const locked = getLockedSource(lockfile, sourceKey);
-  if (options.frozen && !locked) {
-    throw new Error(`Frozen mode: no lockfile entry for source "${sourceKey}".`);
-  }
-  if (locked && !options.update) {
-    resolvedSha = locked.resolvedRef;
-  } else {
-    resolvedSha = await resolveGitRef(parsed, options.token);
-  }
-  const basePath = parsed.path || "packs";
-  const entries = await fetchGitDirectory(parsed, resolvedSha, basePath, options.token);
-  const curatedDir = resolve3(projectRoot, ".agentpacks", ".curated");
-  mkdirSync(curatedDir, { recursive: true });
-  const newLockEntry = {
-    requestedRef: parsed.ref,
-    resolvedRef: resolvedSha,
-    resolvedAt: new Date().toISOString(),
-    skills: {},
-    packs: {}
-  };
-  const packDirs = entries.filter((e) => e.type === "dir");
-  for (const packEntry of packDirs) {
-    const packName = packEntry.name;
-    const packOutDir = resolve3(curatedDir, packName);
-    const packFiles = await fetchGitDirectory(parsed, resolvedSha, `${basePath}/${packName}`, options.token);
-    mkdirSync(packOutDir, { recursive: true });
-    for (const file of packFiles) {
-      if (file.type === "file" && file.download_url) {
-        const content = await fetchGitFile(file.download_url, options.token);
-        writeFileSync2(join(packOutDir, file.name), content);
-        installed.push(join(packOutDir, file.name));
-        if (newLockEntry.packs) {
-          newLockEntry.packs[packName] = {
-            integrity: computeIntegrity(content)
-          };
-        }
-      } else if (file.type === "dir") {
-        await fetchAndWriteSubdir(parsed, resolvedSha, `${basePath}/${packName}/${file.name}`, join(packOutDir, file.name), installed, options.token);
-      }
-    }
-  }
-  if (packDirs.length === 0) {
-    const fileEntries = entries.filter((e) => e.type === "file");
-    if (fileEntries.length > 0) {
-      const packName = parsed.path.split("/").pop() ?? parsed.repo;
-      const packOutDir = resolve3(curatedDir, packName);
-      mkdirSync(packOutDir, { recursive: true });
-      for (const file of entries) {
-        if (file.type === "file" && file.download_url) {
-          const content = await fetchGitFile(file.download_url, options.token);
-          writeFileSync2(join(packOutDir, file.name), content);
-          installed.push(join(packOutDir, file.name));
-        } else if (file.type === "dir") {
-          await fetchAndWriteSubdir(parsed, resolvedSha, `${basePath}/${file.name}`, join(packOutDir, file.name), installed, options.token);
-        }
-      }
-    }
-  }
-  setLockedSource(lockfile, sourceKey, newLockEntry);
-  return { installed, warnings };
-}
-
-// src/sources/local.ts
-import { existsSync as existsSync3 } from "fs";
-import { isAbsolute, resolve as resolve4 } from "path";
-function resolveLocalPack(packRef, projectRoot) {
-  let resolved;
-  if (isAbsolute(packRef)) {
-    resolved = packRef;
-  } else {
-    resolved = resolve4(projectRoot, packRef);
-  }
-  if (!existsSync3(resolved))
-    return null;
-  return resolved;
-}
-function isLocalPackRef(packRef) {
-  return packRef.startsWith("./") || packRef.startsWith("../") || isAbsolute(packRef);
-}
-
-// src/sources/npm-ref.ts
-function parseNpmSourceRef(source) {
-  let s = source;
-  if (s.startsWith("npm:")) {
-    s = s.slice(4);
-  }
-  let path = "";
-  const pathColonIdx = findPathColon(s);
-  if (pathColonIdx > -1) {
-    path = s.slice(pathColonIdx + 1);
-    s = s.slice(0, pathColonIdx);
-  }
-  let version = "latest";
-  const versionAtIdx = findVersionAt(s);
-  if (versionAtIdx > -1) {
-    version = s.slice(versionAtIdx + 1);
-    s = s.slice(0, versionAtIdx);
-  }
-  if (!s) {
-    throw new Error(`Invalid npm source reference: "${source}". Expected package name.`);
-  }
-  return { packageName: s, version, path };
-}
-function findPathColon(s) {
-  const startAfter = s.startsWith("@") ? s.indexOf("/") + 1 : 0;
-  const vAt = findVersionAt(s);
-  const searchFrom = vAt > -1 ? vAt : startAfter;
-  return s.indexOf(":", searchFrom);
-}
-function findVersionAt(s) {
-  if (s.startsWith("@")) {
-    const slashIdx = s.indexOf("/");
-    if (slashIdx === -1)
-      return -1;
-    return s.indexOf("@", slashIdx + 1);
-  }
-  return s.indexOf("@");
-}
-function isNpmPackRef(packRef) {
-  if (packRef.startsWith("npm:"))
-    return true;
-  if (packRef.startsWith("@") && packRef.includes("/"))
-    return true;
-  return false;
-}
-function npmSourceKey(parsed) {
-  return `npm:${parsed.packageName}`;
-}
-
-// src/sources/npm.ts
-import { execSync } from "child_process";
-import { existsSync as existsSync4, mkdirSync as mkdirSync2, readdirSync } from "fs";
-import { join as join2, resolve as resolve5 } from "path";
-var NPM_REGISTRY = "https://registry.npmjs.org";
-async function resolveNpmVersion(parsed) {
-  const url = `${NPM_REGISTRY}/${encodeURIComponent(parsed.packageName)}/${parsed.version}`;
-  const res = await fetch(url, {
-    headers: { Accept: "application/json" }
-  });
-  if (!res.ok) {
-    throw new Error(`Could not resolve npm package "${parsed.packageName}@${parsed.version}": ${res.status}`);
-  }
-  const data = await res.json();
-  return { version: data.version, tarball: data.dist.tarball };
-}
-async function installNpmSource(projectRoot, source, lockfile, options = {}) {
-  const parsed = parseNpmSourceRef(source);
-  const sourceKey = npmSourceKey(parsed);
-  const installed = [];
-  const warnings = [];
-  const locked = getLockedSource(lockfile, sourceKey);
-  if (options.frozen && !locked) {
-    throw new Error(`Frozen mode: no lockfile entry for source "${sourceKey}".`);
-  }
-  let resolvedVersion;
-  if (locked && !options.update) {
-    resolvedVersion = locked.resolvedRef;
-  } else {
-    const resolved = await resolveNpmVersion(parsed);
-    resolvedVersion = resolved.version;
-  }
-  const curatedDir = resolve5(projectRoot, ".agentpacks", ".curated");
-  mkdirSync2(curatedDir, { recursive: true });
-  extractNpmPack(parsed, resolvedVersion, curatedDir, installed, warnings);
-  const newEntry = {
-    requestedRef: parsed.version,
-    resolvedRef: resolvedVersion,
-    resolvedAt: new Date().toISOString(),
-    skills: {},
-    packs: {}
-  };
-  setLockedSource(lockfile, sourceKey, newEntry);
-  return { installed, warnings };
-}
-function extractNpmPack(parsed, version, curatedDir, installed, warnings) {
-  const pkgSpec = `${parsed.packageName}@${version}`;
-  const packName = parsed.packageName.replace(/^@/, "").replace(/\//g, "-");
-  const packOutDir = resolve5(curatedDir, packName);
-  try {
-    const tmpDir = resolve5(curatedDir, ".tmp-npm");
-    mkdirSync2(tmpDir, { recursive: true });
-    execSync(`npm pack ${pkgSpec} --pack-destination "${tmpDir}"`, {
-      stdio: "pipe",
-      timeout: 30000
-    });
-    const tgzFiles = readdirSync(tmpDir).filter((f) => f.endsWith(".tgz"));
-    if (tgzFiles.length === 0) {
-      warnings.push(`No tarball found for ${pkgSpec}`);
-      return packOutDir;
-    }
-    const firstTgz = tgzFiles[0];
-    if (!firstTgz) {
-      warnings.push(`No tarball found for ${pkgSpec}`);
-      return packOutDir;
-    }
-    const tgzPath = join2(tmpDir, firstTgz);
-    mkdirSync2(packOutDir, { recursive: true });
-    execSync(`tar xzf "${tgzPath}" -C "${packOutDir}" --strip-components=1`, {
-      stdio: "pipe",
-      timeout: 15000
-    });
-    execSync(`rm -rf "${tmpDir}"`, { stdio: "pipe" });
-    const subpath = parsed.path || "";
-    const targetDir = subpath ? join2(packOutDir, subpath) : packOutDir;
-    if (existsSync4(targetDir)) {
-      collectFiles(targetDir, installed);
-    }
-  } catch (err) {
-    warnings.push(`Failed to extract npm pack ${pkgSpec}: ${err instanceof Error ? err.message : String(err)}`);
-  }
-  return packOutDir;
-}
-function collectFiles(dir, out) {
-  const entries = readdirSync(dir, { withFileTypes: true });
-  for (const entry of entries) {
-    const full = join2(dir, entry.name);
-    if (entry.isDirectory()) {
-      collectFiles(full, out);
-    } else {
-      out.push(full);
-    }
-  }
-}
-
-// src/sources/registry-ref.ts
-function parseRegistrySourceRef(source) {
-  let s = source;
-  if (s.startsWith("registry:")) {
-    s = s.slice(9);
-  }
-  if (!s) {
-    throw new Error(`Invalid registry source reference: "${source}". Expected pack name.`);
-  }
-  let version = "latest";
-  const atIdx = s.indexOf("@");
-  if (atIdx > 0) {
-    version = s.slice(atIdx + 1);
-    s = s.slice(0, atIdx);
-  }
-  if (!s) {
-    throw new Error(`Invalid registry source reference: "${source}". Pack name is empty.`);
-  }
-  if (!/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/.test(s)) {
-    throw new Error(`Invalid registry pack name: "${s}". Must be lowercase alphanumeric with hyphens.`);
-  }
-  return { packName: s, version };
-}
-function isRegistryPackRef(packRef) {
-  return packRef.startsWith("registry:");
-}
-function registrySourceKey(parsed) {
-  return `registry:${parsed.packName}`;
-}
-
-// src/utils/credentials.ts
-import { existsSync as existsSync5, mkdirSync as mkdirSync3, readFileSync as readFileSync3, writeFileSync as writeFileSync3 } from "fs";
-import { homedir } from "os";
-import { dirname, join as join3 } from "path";
-var CONFIG_DIR = join3(homedir(), ".config", "agentpacks");
-var CREDENTIALS_FILE = join3(CONFIG_DIR, "credentials.json");
-function loadCredentials() {
-  if (!existsSync5(CREDENTIALS_FILE)) {
-    return { registryUrl: "https://registry.agentpacks.dev" };
-  }
-  try {
-    const raw = readFileSync3(CREDENTIALS_FILE, "utf-8");
-    return JSON.parse(raw);
-  } catch {
-    return { registryUrl: "https://registry.agentpacks.dev" };
-  }
-}
-function saveCredentials(credentials) {
-  mkdirSync3(dirname(CREDENTIALS_FILE), { recursive: true });
-  writeFileSync3(CREDENTIALS_FILE, JSON.stringify(credentials, null, 2) + `
-`, {
-    mode: 384
-  });
-}
-function clearCredentials() {
-  if (existsSync5(CREDENTIALS_FILE)) {
-    writeFileSync3(CREDENTIALS_FILE, JSON.stringify({ registryUrl: "https://registry.agentpacks.dev" }) + `
-`);
-  }
-}
-
-// src/utils/registry-client.ts
-var DEFAULT_REGISTRY_URL = "https://registry.agentpacks.dev";
-function createRegistryClient(config) {
-  return new RegistryClient({
-    registryUrl: config?.registryUrl ?? DEFAULT_REGISTRY_URL,
-    authToken: config?.authToken,
-    timeout: config?.timeout ?? 30000
-  });
-}
-
-class RegistryClient {
-  config;
-  constructor(config) {
-    this.config = {
-      registryUrl: config.registryUrl.replace(/\/+$/, ""),
-      authToken: config.authToken,
-      timeout: config.timeout ?? 30000
-    };
-  }
-  async search(params) {
-    const searchParams = new URLSearchParams;
-    if (params.query)
-      searchParams.set("q", params.query);
-    if (params.tags?.length)
-      searchParams.set("tags", params.tags.join(","));
-    if (params.targets?.length)
-      searchParams.set("targets", params.targets.join(","));
-    if (params.features?.length)
-      searchParams.set("features", params.features.join(","));
-    if (params.author)
-      searchParams.set("author", params.author);
-    if (params.sort)
-      searchParams.set("sort", params.sort);
-    if (params.limit)
-      searchParams.set("limit", String(params.limit));
-    if (params.offset)
-      searchParams.set("offset", String(params.offset));
-    const url = `${this.config.registryUrl}/packs?${searchParams.toString()}`;
-    const res = await this.fetch(url);
-    return res;
-  }
-  async info(packName) {
-    const url = `${this.config.registryUrl}/packs/${encodeURIComponent(packName)}`;
-    const res = await this.fetch(url);
-    return res;
-  }
-  async download(packName, version = "latest") {
-    const url = `${this.config.registryUrl}/packs/${encodeURIComponent(packName)}/versions/${encodeURIComponent(version)}/download`;
-    const response = await fetch(url, {
-      headers: this.headers(),
-      signal: AbortSignal.timeout(this.config.timeout)
-    });
-    if (!response.ok) {
-      throw new RegistryApiError(response.status, `Failed to download ${packName}@${version}: ${response.statusText}`);
-    }
-    const integrity = response.headers.get("x-integrity") ?? "";
-    const data = await response.arrayBuffer();
-    return { data, integrity };
-  }
-  async publish(tarball, metadata) {
-    if (!this.config.authToken) {
-      throw new Error("Authentication required. Run `agentpacks login` first.");
-    }
-    const formData = new FormData;
-    formData.append("tarball", new Blob([tarball], { type: "application/gzip" }), `${metadata.name}-${metadata.version}.tgz`);
-    formData.append("metadata", JSON.stringify(metadata));
-    const url = `${this.config.registryUrl}/packs`;
-    const response = await fetch(url, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${this.config.authToken}`
-      },
-      body: formData,
-      signal: AbortSignal.timeout(this.config.timeout)
-    });
-    if (!response.ok) {
-      const body = await response.text();
-      throw new RegistryApiError(response.status, `Publish failed: ${body || response.statusText}`);
-    }
-    return await response.json();
-  }
-  async featured(limit) {
-    const url = limit ? `${this.config.registryUrl}/featured?limit=${limit}` : `${this.config.registryUrl}/featured`;
-    const res = await this.fetch(url);
-    return res.packs;
-  }
-  async tags() {
-    const url = `${this.config.registryUrl}/tags`;
-    const res = await this.fetch(url);
-    return res.tags;
-  }
-  async stats() {
-    const url = `${this.config.registryUrl}/stats`;
-    return await this.fetch(url);
-  }
-  async health() {
-    try {
-      const url = `${this.config.registryUrl}/health`;
-      await this.fetch(url);
-      return true;
-    } catch {
-      return false;
-    }
-  }
-  async fetch(url) {
-    const response = await fetch(url, {
-      headers: this.headers(),
-      signal: AbortSignal.timeout(this.config.timeout)
-    });
-    if (!response.ok) {
-      const body = await response.text();
-      throw new RegistryApiError(response.status, body || response.statusText);
-    }
-    return response.json();
-  }
-  headers() {
-    const h = {
-      Accept: "application/json"
-    };
-    if (this.config.authToken) {
-      h["Authorization"] = `Bearer ${this.config.authToken}`;
-    }
-    return h;
-  }
-}
-
-class RegistryApiError extends Error {
-  status;
-  constructor(status, message) {
-    super(message);
-    this.name = "RegistryApiError";
-    this.status = status;
-  }
-}
-
-// src/utils/tarball.ts
-import { execSync as execSync2 } from "child_process";
-import { createHash as createHash2 } from "crypto";
-import { existsSync as existsSync6, mkdirSync as mkdirSync4, readFileSync as readFileSync4, rmSync } from "fs";
-import { tmpdir } from "os";
-import { join as join4, resolve as resolve6 } from "path";
-async function createTarball(packDir) {
-  const absDir = resolve6(packDir);
-  const tmpFile = join4(tmpdir(), `agentpacks-${Date.now()}.tgz`);
-  try {
-    execSync2(`tar -czf "${tmpFile}" -C "${absDir}" .`, {
-      stdio: "pipe"
-    });
-    const buffer = readFileSync4(tmpFile);
-    return buffer.buffer.slice(buffer.byteOffset, buffer.byteOffset + buffer.byteLength);
-  } finally {
-    if (existsSync6(tmpFile)) {
-      rmSync(tmpFile);
-    }
-  }
-}
-async function extractTarball(data, targetDir) {
-  mkdirSync4(targetDir, { recursive: true });
-  const tmpFile = join4(tmpdir(), `agentpacks-${Date.now()}.tgz`);
-  try {
-    const buffer = Buffer.from(data);
-    const { writeFileSync: writeFileSync4 } = await import("fs");
-    writeFileSync4(tmpFile, buffer);
-    execSync2(`tar -xzf "${tmpFile}" -C "${targetDir}"`, {
-      stdio: "pipe"
-    });
-  } finally {
-    if (existsSync6(tmpFile)) {
-      rmSync(tmpFile);
-    }
-  }
-}
-function computeTarballIntegrity(data) {
-  const hash = createHash2("sha256").update(Buffer.from(data)).digest("hex");
-  return `sha256-${hash}`;
-}
-
-// src/sources/registry.ts
-import { existsSync as existsSync7, mkdirSync as mkdirSync5, readdirSync as readdirSync2, rmSync as rmSync2 } from "fs";
-import { join as join5, resolve as resolve7 } from "path";
-async function installRegistrySource(projectRoot, source, lockfile, options = {}) {
-  const parsed = parseRegistrySourceRef(source);
-  const sourceKey = registrySourceKey(parsed);
-  const installed = [];
-  const warnings = [];
-  const locked = getLockedSource(lockfile, sourceKey);
-  if (options.frozen && !locked) {
-    throw new Error(`Frozen mode: no lockfile entry for source "${sourceKey}".`);
-  }
-  let targetVersion = parsed.version;
-  if (locked && !options.update) {
-    targetVersion = locked.resolvedRef;
-  } else if (targetVersion === "latest") {
-    const clientCfg2 = buildClientConfig(options.registryUrl);
-    const client2 = createRegistryClient(clientCfg2);
-    const info = await client2.info(parsed.packName);
-    targetVersion = info.latestVersion;
-  }
-  const clientCfg = buildClientConfig(options.registryUrl);
-  const client = createRegistryClient(clientCfg);
-  const { data } = await client.download(parsed.packName, targetVersion);
-  const localIntegrity = computeTarballIntegrity(data);
-  if (locked && !options.update && locked.skills?.["__integrity"]) {
-    const expectedIntegrity = locked.skills["__integrity"].integrity;
-    if (expectedIntegrity && localIntegrity !== expectedIntegrity) {
-      throw new Error(`Integrity mismatch for ${parsed.packName}@${targetVersion}. ` + `Expected ${expectedIntegrity}, got ${localIntegrity}.`);
-    }
-  }
-  const curatedDir = resolve7(projectRoot, ".agentpacks", ".curated");
-  const packOutDir = resolve7(curatedDir, parsed.packName);
-  if (existsSync7(packOutDir)) {
-    rmSync2(packOutDir, { recursive: true, force: true });
-  }
-  mkdirSync5(packOutDir, { recursive: true });
-  await extractTarball(data, packOutDir);
-  collectFiles2(packOutDir, installed);
-  const newEntry = {
-    requestedRef: parsed.version,
-    resolvedRef: targetVersion,
-    resolvedAt: new Date().toISOString(),
-    skills: {
-      __integrity: { integrity: localIntegrity }
-    },
-    packs: {
-      [parsed.packName]: { integrity: localIntegrity }
-    }
-  };
-  setLockedSource(lockfile, sourceKey, newEntry);
-  return { installed, warnings };
-}
-function buildClientConfig(registryUrl) {
-  const cfg = {};
-  if (registryUrl) {
-    cfg.registryUrl = registryUrl;
-  }
-  try {
-    const creds = loadCredentials();
-    if (creds?.token) {
-      cfg.authToken = creds.token;
-    }
-  } catch {}
-  return cfg;
-}
-function collectFiles2(dir, out) {
-  const entries = readdirSync2(dir, { withFileTypes: true });
-  for (const entry of entries) {
-    const full = join5(dir, entry.name);
-    if (entry.isDirectory()) {
-      collectFiles2(full, out);
-    } else {
-      out.push(full);
-    }
-  }
-}
-
-// src/cli/install.ts
-import chalk from "chalk";
-async function runInstall(projectRoot, options) {
-  const config = loadWorkspaceConfig(projectRoot);
-  const lockfile = loadLockfile(projectRoot);
-  const verbose = options.verbose ?? config.verbose;
-  const remotePacks = config.packs.filter((ref) => isGitPackRef(ref) || isNpmPackRef(ref) || isRegistryPackRef(ref));
-  const localPacks = config.packs.filter((ref) => isLocalPackRef(ref));
-  if (remotePacks.length === 0) {
-    console.log(chalk.dim("No remote packs to install. All packs are local."));
-    return;
-  }
-  if (verbose) {
-    console.log(chalk.dim(`Found ${remotePacks.length} remote pack(s) to install`));
-    console.log(chalk.dim(`  (${localPacks.length} local pack(s) skipped)`));
-  }
-  if (options.frozen) {
-    const sourceKeys = remotePacks.map((ref) => ref);
-    const frozenCheck = isLockfileFrozenValid(lockfile, sourceKeys);
-    if (!frozenCheck.valid) {
-      console.log(chalk.red(`Frozen install failed. Missing lockfile entries: ${frozenCheck.missing.join(", ")}`));
-      process.exit(1);
-    }
-  }
-  let totalInstalled = 0;
-  const allWarnings = [];
-  for (const packRef of remotePacks) {
-    if (verbose) {
-      console.log(chalk.dim(`  Installing ${packRef}...`));
-    }
-    try {
-      let result;
-      if (isRegistryPackRef(packRef)) {
-        result = await installRegistrySource(projectRoot, packRef, lockfile, {
-          update: options.update,
-          frozen: options.frozen
-        });
-      } else if (isGitPackRef(packRef)) {
-        const token = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN ?? undefined;
-        result = await installGitSource(projectRoot, packRef, lockfile, {
-          update: options.update,
-          frozen: options.frozen,
-          token
-        });
-      } else if (isNpmPackRef(packRef)) {
-        result = await installNpmSource(projectRoot, packRef, lockfile, {
-          update: options.update,
-          frozen: options.frozen
-        });
-      } else {
-        continue;
-      }
-      totalInstalled += result.installed.length;
-      allWarnings.push(...result.warnings);
-      if (verbose && result.installed.length > 0) {
-        console.log(chalk.dim(`    ${result.installed.length} file(s) installed`));
-      }
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      console.log(chalk.red(`  error [${packRef}]: ${msg}`));
-      allWarnings.push(`Failed to install ${packRef}: ${msg}`);
-    }
-  }
-  for (const w of allWarnings) {
-    console.log(chalk.yellow(`  warn: ${w}`));
-  }
-  saveLockfile(projectRoot, lockfile);
-  console.log(chalk.green(`Installed ${totalInstalled} file(s) from ${remotePacks.length} source(s)`));
-  if (verbose) {
-    console.log(chalk.dim("Lockfile updated: agentpacks.lock"));
-  }
-}
-export {
-  runInstall
-};
+import{createRequire as zq}from"node:module";var Sq=zq(import.meta.url);import{existsSync as c,readFileSync as i}from"fs";import{parse as hq}from"jsonc-parser";import{resolve as t}from"path";import{z as $}from"zod";var Rq=["opencode","cursor","claudecode","codexcli","mistralvibe","geminicli","copilot","cline","kilo","roo","qwencode","kiro","factorydroid","antigravity","junie","augmentcode","windsurf","warp","replit","zed"],x=["rules","commands","agents","skills","hooks","plugins","mcp","ignore","models"],gq=["repo","monorepo","metarepo"],l=$.object({name:$.string().min(1),version:$.string().default("1.0.0"),description:$.string().default(""),author:$.union([$.string(),$.object({name:$.string(),email:$.string().optional()})]).optional(),homepage:$.string().optional(),repository:$.union([$.string(),$.object({url:$.string(),type:$.string().optional()})]).optional(),license:$.string().optional(),logo:$.string().optional(),tags:$.array($.string()).default([]),dependencies:$.array($.string()).default([]),conflicts:$.array($.string()).default([]),targets:$.union([$.literal("*"),$.array($.string())]).default("*"),features:$.union([$.literal("*"),$.array($.string())]).default("*")}),yq=$.union([$.literal("*"),$.array($.string()),$.record($.string(),$.union([$.literal("*"),$.array($.string())]))]),p=$.object({$schema:$.string().optional(),packs:$.array($.string()).default(["./packs/default"]),disabled:$.array($.string()).default([]),targets:$.union([$.literal("*"),$.array($.string())]).default("*"),features:yq.default("*"),mode:$.enum(gq).default("repo"),baseDirs:$.array($.string()).default(["."]),global:$.boolean().default(!1),delete:$.boolean().default(!0),verbose:$.boolean().default(!1),silent:$.boolean().default(!1),overrides:$.record($.string(),$.record($.string(),$.string())).default({}),sources:$.array($.object({source:$.string(),packs:$.array($.string()).optional(),skills:$.array($.string()).optional()})).default([]),modelProfile:$.string().optional()}),mq=["agentpacks.local.jsonc","agentpacks.jsonc"];function o(q){for(let Q of mq){let X=t(q,Q);if(c(X)){let Z=i(X,"utf-8"),J=hq(Z);return p.parse(J)}}return p.parse({})}function NQ(q){let Q=t(q,"pack.json");if(!c(Q)){let J=q.split("/").pop()??"unknown";return l.parse({name:J})}let X=i(Q,"utf-8"),Z=JSON.parse(X);return l.parse(Z)}function LQ(q,Q){let{features:X}=q;if(X==="*")return[...x];if(Array.isArray(X)){if(X.includes("*"))return[...x];return X.filter((J)=>x.includes(J))}let Z=X[Q];if(!Z)return[];if(Z==="*")return[...x];if(Array.isArray(Z)&&Z.includes("*"))return[...x];return Z.filter((J)=>x.includes(J))}function CQ(q){if(q.targets==="*")return[...Rq];return q.targets}import{createHash as uq}from"crypto";import{existsSync as kq,readFileSync as fq,writeFileSync as dq}from"fs";import{resolve as a}from"path";var nq=1,s="agentpacks.lock";function r(q){let Q=a(q,s);if(!kq(Q))return{lockfileVersion:nq,sources:{}};let X=fq(Q,"utf-8");return JSON.parse(X)}function e(q,Q){let X=a(q,s);dq(X,JSON.stringify(Q,null,2)+`
+`)}function A(q,Q){return q.sources[Q]}function P(q,Q,X){q.sources[Q]=X}function qq(q){return`sha256-${uq("sha256").update(q).digest("hex")}`}function Qq(q,Q){let X=Q.filter((Z)=>!(Z in q.sources));return{valid:X.length===0,missing:X}}function Xq(q){let Q=q;if(Q.startsWith("github:"))Q=Q.slice(7);let X="",Z=Q.indexOf("@"),J=Q.indexOf(":",Z>-1?Z:0);if(J>-1)X=Q.slice(J+1),Q=Q.slice(0,J);let Y="main";if(Z>-1)Y=Q.slice(Z+1),Q=Q.slice(0,Z);let V=Q.split("/");if(V.length<2)throw Error(`Invalid git source reference: "${q}". Expected owner/repo format.`);let W=V[0],M=V[1];if(!W||!M)throw Error(`Invalid git source reference: "${q}". Expected owner/repo format.`);return{owner:W,repo:M,ref:Y,path:X||""}}function j(q){if(q.startsWith("github:"))return!0;if(q.startsWith("./")||q.startsWith("../")||q.startsWith("/"))return!1;if(q.startsWith("@")||q.startsWith("npm:"))return!1;return q.split("/").length===2&&!q.includes("node_modules")}function Zq(q){return`${q.owner}/${q.repo}`}import{mkdirSync as v,writeFileSync as D}from"fs";import{join as w,resolve as I}from"path";var $q="https://api.github.com";function z(q){let Q={Accept:"application/vnd.github.v3+json","User-Agent":"agentpacks"};if(q)Q.Authorization=`token ${q}`;return Q}async function lq(q,Q){let X=`${$q}/repos/${q.owner}/${q.repo}/git/ref`,Z=await fetch(`${X}/heads/${q.ref}`,{headers:z(Q)});if(!Z.ok){let Y=await fetch(`${X}/tags/${q.ref}`,{headers:z(Q)});if(!Y.ok)throw Error(`Could not resolve ref "${q.ref}" for ${q.owner}/${q.repo}: ${Z.status}`);return(await Y.json()).object.sha}return(await Z.json()).object.sha}async function S(q,Q,X,Z){let J=q.path?`${q.path}/${X}`:X,Y=`${$q}/repos/${q.owner}/${q.repo}/contents/${J}?ref=${Q}`,V=await fetch(Y,{headers:z(Z)});if(!V.ok)return[];return await V.json()}async function h(q,Q){let X={"User-Agent":"agentpacks"};if(Q)X.Authorization=`token ${Q}`;let Z=await fetch(q,{headers:X});if(!Z.ok)throw Error(`Failed to fetch ${q}: ${Z.status}`);return Z.text()}async function R(q,Q,X,Z,J,Y){v(Z,{recursive:!0});let V=await S(q,Q,X,Y);for(let W of V)if(W.type==="file"&&W.download_url){let M=await h(W.download_url,Y),B=w(Z,W.name);D(B,M),J.push(B)}else if(W.type==="dir")await R(q,Q,`${X}/${W.name}`,w(Z,W.name),J,Y)}async function Jq(q,Q,X,Z={}){let J=Xq(Q),Y=Zq(J),V=[],W=[],M,B=A(X,Y);if(Z.frozen&&!B)throw Error(`Frozen mode: no lockfile entry for source "${Y}".`);if(B&&!Z.update)M=B.resolvedRef;else M=await lq(J,Z.token);let H=J.path||"packs",U=await S(J,M,H,Z.token),O=I(q,".agentpacks",".curated");v(O,{recursive:!0});let K={requestedRef:J.ref,resolvedRef:M,resolvedAt:new Date().toISOString(),skills:{},packs:{}},b=U.filter((N)=>N.type==="dir");for(let N of b){let L=N.name,G=I(O,L),T=await S(J,M,`${H}/${L}`,Z.token);v(G,{recursive:!0});for(let _ of T)if(_.type==="file"&&_.download_url){let n=await h(_.download_url,Z.token);if(D(w(G,_.name),n),V.push(w(G,_.name)),K.packs)K.packs[L]={integrity:qq(n)}}else if(_.type==="dir")await R(J,M,`${H}/${L}/${_.name}`,w(G,_.name),V,Z.token)}if(b.length===0){if(U.filter((L)=>L.type==="file").length>0){let L=J.path.split("/").pop()??J.repo,G=I(O,L);v(G,{recursive:!0});for(let T of U)if(T.type==="file"&&T.download_url){let _=await h(T.download_url,Z.token);D(w(G,T.name),_),V.push(w(G,T.name))}else if(T.type==="dir")await R(J,M,`${H}/${T.name}`,w(G,T.name),V,Z.token)}}return P(X,Y,K),{installed:V,warnings:W}}import{existsSync as pq}from"fs";import{isAbsolute as Yq,resolve as cq}from"path";function hQ(q,Q){let X;if(Yq(q))X=q;else X=cq(Q,q);if(!pq(X))return null;return X}function Bq(q){return q.startsWith("./")||q.startsWith("../")||Yq(q)}function Mq(q){let Q=q;if(Q.startsWith("npm:"))Q=Q.slice(4);let X="",Z=iq(Q);if(Z>-1)X=Q.slice(Z+1),Q=Q.slice(0,Z);let J="latest",Y=Wq(Q);if(Y>-1)J=Q.slice(Y+1),Q=Q.slice(0,Y);if(!Q)throw Error(`Invalid npm source reference: "${q}". Expected package name.`);return{packageName:Q,version:J,path:X}}function iq(q){let Q=q.startsWith("@")?q.indexOf("/")+1:0,X=Wq(q),Z=X>-1?X:Q;return q.indexOf(":",Z)}function Wq(q){if(q.startsWith("@")){let Q=q.indexOf("/");if(Q===-1)return-1;return q.indexOf("@",Q+1)}return q.indexOf("@")}function g(q){if(q.startsWith("npm:"))return!0;if(q.startsWith("@")&&q.includes("/"))return!0;return!1}function Hq(q){return`npm:${q.packageName}`}import{execSync as y}from"child_process";import{existsSync as tq,mkdirSync as m,readdirSync as Vq}from"fs";import{join as u,resolve as k}from"path";var oq="https://registry.npmjs.org";async function aq(q){let Q=`${oq}/${encodeURIComponent(q.packageName)}/${q.version}`,X=await fetch(Q,{headers:{Accept:"application/json"}});if(!X.ok)throw Error(`Could not resolve npm package "${q.packageName}@${q.version}": ${X.status}`);let Z=await X.json();return{version:Z.version,tarball:Z.dist.tarball}}async function Uq(q,Q,X,Z={}){let J=Mq(Q),Y=Hq(J),V=[],W=[],M=A(X,Y);if(Z.frozen&&!M)throw Error(`Frozen mode: no lockfile entry for source "${Y}".`);let B;if(M&&!Z.update)B=M.resolvedRef;else B=(await aq(J)).version;let H=k(q,".agentpacks",".curated");m(H,{recursive:!0}),sq(J,B,H,V,W);let U={requestedRef:J.version,resolvedRef:B,resolvedAt:new Date().toISOString(),skills:{},packs:{}};return P(X,Y,U),{installed:V,warnings:W}}function sq(q,Q,X,Z,J){let Y=`${q.packageName}@${Q}`,V=q.packageName.replace(/^@/,"").replace(/\//g,"-"),W=k(X,V);try{let M=k(X,".tmp-npm");m(M,{recursive:!0}),y(`npm pack ${Y} --pack-destination "${M}"`,{stdio:"pipe",timeout:30000});let B=Vq(M).filter((b)=>b.endsWith(".tgz"));if(B.length===0)return J.push(`No tarball found for ${Y}`),W;let H=B[0];if(!H)return J.push(`No tarball found for ${Y}`),W;let U=u(M,H);m(W,{recursive:!0}),y(`tar xzf "${U}" -C "${W}" --strip-components=1`,{stdio:"pipe",timeout:15000}),y(`rm -rf "${M}"`,{stdio:"pipe"});let O=q.path||"",K=O?u(W,O):W;if(tq(K))Gq(K,Z)}catch(M){J.push(`Failed to extract npm pack ${Y}: ${M instanceof Error?M.message:String(M)}`)}return W}function Gq(q,Q){let X=Vq(q,{withFileTypes:!0});for(let Z of X){let J=u(q,Z.name);if(Z.isDirectory())Gq(J,Q);else Q.push(J)}}function Kq(q){let Q=q;if(Q.startsWith("registry:"))Q=Q.slice(9);if(!Q)throw Error(`Invalid registry source reference: "${q}". Expected pack name.`);let X="latest",Z=Q.indexOf("@");if(Z>0)X=Q.slice(Z+1),Q=Q.slice(0,Z);if(!Q)throw Error(`Invalid registry source reference: "${q}". Pack name is empty.`);if(!/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/.test(Q))throw Error(`Invalid registry pack name: "${Q}". Must be lowercase alphanumeric with hyphens.`);return{packName:Q,version:X}}function f(q){return q.startsWith("registry:")}function Tq(q){return`registry:${q.packName}`}import{existsSync as _q,mkdirSync as rq,readFileSync as eq,writeFileSync as Oq}from"fs";import{homedir as qQ}from"os";import{dirname as QQ,join as Nq}from"path";var XQ=Nq(qQ(),".config","agentpacks"),E=Nq(XQ,"credentials.json");function Lq(){if(!_q(E))return{registryUrl:"https://registry.agentpacks.dev"};try{let q=eq(E,"utf-8");return JSON.parse(q)}catch{return{registryUrl:"https://registry.agentpacks.dev"}}}function iQ(q){rq(QQ(E),{recursive:!0}),Oq(E,JSON.stringify(q,null,2)+`
+`,{mode:384})}function tQ(){if(_q(E))Oq(E,JSON.stringify({registryUrl:"https://registry.agentpacks.dev"})+`
+`)}function d(q){return new Cq({registryUrl:q?.registryUrl??"https://registry.agentpacks.dev",authToken:q?.authToken,timeout:q?.timeout??30000})}class Cq{config;constructor(q){this.config={registryUrl:q.registryUrl.replace(/\/+$/,""),authToken:q.authToken,timeout:q.timeout??30000}}async search(q){let Q=new URLSearchParams;if(q.query)Q.set("q",q.query);if(q.tags?.length)Q.set("tags",q.tags.join(","));if(q.targets?.length)Q.set("targets",q.targets.join(","));if(q.features?.length)Q.set("features",q.features.join(","));if(q.author)Q.set("author",q.author);if(q.sort)Q.set("sort",q.sort);if(q.limit)Q.set("limit",String(q.limit));if(q.offset)Q.set("offset",String(q.offset));let X=`${this.config.registryUrl}/packs?${Q.toString()}`;return await this.fetch(X)}async info(q){let Q=`${this.config.registryUrl}/packs/${encodeURIComponent(q)}`;return await this.fetch(Q)}async download(q,Q="latest"){let X=`${this.config.registryUrl}/packs/${encodeURIComponent(q)}/versions/${encodeURIComponent(Q)}/download`,Z=await fetch(X,{headers:this.headers(),signal:AbortSignal.timeout(this.config.timeout)});if(!Z.ok)throw new F(Z.status,`Failed to download ${q}@${Q}: ${Z.statusText}`);let J=Z.headers.get("x-integrity")??"";return{data:await Z.arrayBuffer(),integrity:J}}async publish(q,Q){if(!this.config.authToken)throw Error("Authentication required. Run `agentpacks login` first.");let X=new FormData;X.append("tarball",new Blob([q],{type:"application/gzip"}),`${Q.name}-${Q.version}.tgz`),X.append("metadata",JSON.stringify(Q));let Z=`${this.config.registryUrl}/packs`,J=await fetch(Z,{method:"POST",headers:{Authorization:`Bearer ${this.config.authToken}`},body:X,signal:AbortSignal.timeout(this.config.timeout)});if(!J.ok){let Y=await J.text();throw new F(J.status,`Publish failed: ${Y||J.statusText}`)}return await J.json()}async featured(q){let Q=q?`${this.config.registryUrl}/featured?limit=${q}`:`${this.config.registryUrl}/featured`;return(await this.fetch(Q)).packs}async tags(){let q=`${this.config.registryUrl}/tags`;return(await this.fetch(q)).tags}async stats(){let q=`${this.config.registryUrl}/stats`;return await this.fetch(q)}async health(){try{let q=`${this.config.registryUrl}/health`;return await this.fetch(q),!0}catch{return!1}}async fetch(q){let Q=await fetch(q,{headers:this.headers(),signal:AbortSignal.timeout(this.config.timeout)});if(!Q.ok){let X=await Q.text();throw new F(Q.status,X||Q.statusText)}return Q.json()}headers(){let q={Accept:"application/json"};if(this.config.authToken)q.Authorization=`Bearer ${this.config.authToken}`;return q}}class F extends Error{status;constructor(q,Q){super(Q);this.name="RegistryApiError",this.status=q}}import{execSync as wq}from"child_process";import{createHash as ZQ}from"crypto";import{existsSync as bq,mkdirSync as $Q,readFileSync as JQ,rmSync as xq}from"fs";import{tmpdir as Aq}from"os";import{join as Pq,resolve as YQ}from"path";async function XX(q){let Q=YQ(q),X=Pq(Aq(),`agentpacks-${Date.now()}.tgz`);try{wq(`tar -czf "${X}" -C "${Q}" .`,{stdio:"pipe"});let Z=JQ(X);return Z.buffer.slice(Z.byteOffset,Z.byteOffset+Z.byteLength)}finally{if(bq(X))xq(X)}}async function Eq(q,Q){$Q(Q,{recursive:!0});let X=Pq(Aq(),`agentpacks-${Date.now()}.tgz`);try{let Z=Buffer.from(q),{writeFileSync:J}=await import("fs");J(X,Z),wq(`tar -xzf "${X}" -C "${Q}"`,{stdio:"pipe"})}finally{if(bq(X))xq(X)}}function vq(q){return`sha256-${ZQ("sha256").update(Buffer.from(q)).digest("hex")}`}import{existsSync as BQ,mkdirSync as MQ,readdirSync as WQ,rmSync as HQ}from"fs";import{join as VQ,resolve as Fq}from"path";async function Iq(q,Q,X,Z={}){let J=Kq(Q),Y=Tq(J),V=[],W=[],M=A(X,Y);if(Z.frozen&&!M)throw Error(`Frozen mode: no lockfile entry for source "${Y}".`);let B=J.version;if(M&&!Z.update)B=M.resolvedRef;else if(B==="latest"){let G=jq(Z.registryUrl);B=(await d(G).info(J.packName)).latestVersion}let H=jq(Z.registryUrl),U=d(H),{data:O}=await U.download(J.packName,B),K=vq(O);if(M&&!Z.update&&M.skills?.__integrity){let G=M.skills.__integrity.integrity;if(G&&K!==G)throw Error(`Integrity mismatch for ${J.packName}@${B}. Expected ${G}, got ${K}.`)}let b=Fq(q,".agentpacks",".curated"),N=Fq(b,J.packName);if(BQ(N))HQ(N,{recursive:!0,force:!0});MQ(N,{recursive:!0}),await Eq(O,N),Dq(N,V);let L={requestedRef:J.version,resolvedRef:B,resolvedAt:new Date().toISOString(),skills:{__integrity:{integrity:K}},packs:{[J.packName]:{integrity:K}}};return P(X,Y,L),{installed:V,warnings:W}}function jq(q){let Q={};if(q)Q.registryUrl=q;try{let X=Lq();if(X?.token)Q.authToken=X.token}catch{}return Q}function Dq(q,Q){let X=WQ(q,{withFileTypes:!0});for(let Z of X){let J=VQ(q,Z.name);if(Z.isDirectory())Dq(J,Q);else Q.push(J)}}import C from"chalk";async function bX(q,Q){let X=o(q),Z=r(q),J=Q.verbose??X.verbose,Y=X.packs.filter((B)=>j(B)||g(B)||f(B)),V=X.packs.filter((B)=>Bq(B));if(Y.length===0){console.log(C.dim("No remote packs to install. All packs are local."));return}if(J)console.log(C.dim(`Found ${Y.length} remote pack(s) to install`)),console.log(C.dim(`  (${V.length} local pack(s) skipped)`));if(Q.frozen){let B=Y.map((U)=>U),H=Qq(Z,B);if(!H.valid)console.log(C.red(`Frozen install failed. Missing lockfile entries: ${H.missing.join(", ")}`)),process.exit(1)}let W=0,M=[];for(let B of Y){if(J)console.log(C.dim(`  Installing ${B}...`));try{let H;if(f(B))H=await Iq(q,B,Z,{update:Q.update,frozen:Q.frozen});else if(j(B)){let U=process.env.GITHUB_TOKEN??process.env.GH_TOKEN??void 0;H=await Jq(q,B,Z,{update:Q.update,frozen:Q.frozen,token:U})}else if(g(B))H=await Uq(q,B,Z,{update:Q.update,frozen:Q.frozen});else continue;if(W+=H.installed.length,M.push(...H.warnings),J&&H.installed.length>0)console.log(C.dim(`    ${H.installed.length} file(s) installed`))}catch(H){let U=H instanceof Error?H.message:String(H);console.log(C.red(`  error [${B}]: ${U}`)),M.push(`Failed to install ${B}: ${U}`)}}for(let B of M)console.log(C.yellow(`  warn: ${B}`));if(e(q,Z),console.log(C.green(`Installed ${W} file(s) from ${Y.length} source(s)`)),J)console.log(C.dim("Lockfile updated: agentpacks.lock"))}export{bX as runInstall};