akm-cli 0.0.21 → 0.0.23

package/dist/registry-build-index.js

@@ -0,0 +1,356 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { fetchWithRetry } from "./common";
+import { asRecord, asString, GITHUB_API_BASE, githubHeaders } from "./github";
+import { copyIncludedPaths, findNearestIncludeConfig } from "./kit-include";
+import { generateMetadataFlat, loadStashFile } from "./metadata";
+import { parseRegistryIndex } from "./providers/static-index";
+import { detectStashRoot, extractTarGzSecure } from "./registry-install";
+import { walkStashFlat } from "./walker";
+const DEFAULT_NPM_REGISTRY_BASE = "https://registry.npmjs.org";
+const DEFAULT_MANUAL_ENTRIES_PATH = path.resolve("manual-entries.json");
+const DEFAULT_OUTPUT_PATH = path.resolve("index.json");
+const REQUIRED_KEYWORDS = ["agentikit", "akm-kit"];
+const GITHUB_TOPICS = ["agentikit", "akm-kit"];
+const EXCLUDED_REPOS = new Set(["itlackey/agentikit-plugins", "itlackey/agentikit"]);
+const EXCLUDED_NPM_PACKAGES = new Set([
+    "agentikit",
+    "agentikit-claude",
+    "agentikit-opencode",
+    "agentikit-plugins",
+    "akm-cli",
+    "akm-opencode",
+]);
+const EMPTY_INSPECTION = {};
+export async function buildRegistryIndex(options) {
+    const manualEntriesPath = path.resolve(options?.manualEntriesPath ?? DEFAULT_MANUAL_ENTRIES_PATH);
+    const npmRegistryBase = trimTrailingSlash(options?.npmRegistryBase ?? DEFAULT_NPM_REGISTRY_BASE);
+    const githubApiBase = trimTrailingSlash(options?.githubApiBase ?? GITHUB_API_BASE);
+    const [manualKits, npmKits, githubKits] = await Promise.all([
+        loadManualEntries(manualEntriesPath),
+        scanNpm(npmRegistryBase),
+        scanGithub(githubApiBase),
+    ]);
+    const kits = deduplicateKits([...manualKits, ...npmKits, ...githubKits]).sort((a, b) => a.name.localeCompare(b.name));
+    const index = {
+        version: 2,
+        updatedAt: new Date().toISOString(),
+        kits,
+    };
+    return {
+        index,
+        counts: {
+            manual: manualKits.length,
+            npm: npmKits.length,
+            github: githubKits.length,
+            total: kits.length,
+        },
+        paths: {
+            manualEntriesPath,
+        },
+    };
+}
+export function writeRegistryIndex(index, outPath) {
+    const resolved = path.resolve(outPath ?? DEFAULT_OUTPUT_PATH);
+    fs.mkdirSync(path.dirname(resolved), { recursive: true });
+    fs.writeFileSync(resolved, `${JSON.stringify(index, null, 2)}\n`, "utf8");
+    return resolved;
+}
+async function scanNpm(npmRegistryBase) {
+    const kits = [];
+    const seen = new Set();
+    for (const keyword of REQUIRED_KEYWORDS) {
+        let offset = 0;
+        const size = 250;
+        while (true) {
+            const url = `${npmRegistryBase}/-/v1/search?text=keywords:${encodeURIComponent(keyword)}&size=${size}&from=${offset}`;
+            const data = await fetchJson(url);
+            for (const obj of data.objects) {
+                const pkg = obj.package;
+                if (EXCLUDED_NPM_PACKAGES.has(pkg.name))
+                    continue;
+                const repoUrl = pkg.links?.repository ?? "";
+                const normalizedRepo = repoUrl.replace(/^https?:\/\/github\.com\//, "").replace(/\.git$/, "");
+                if (EXCLUDED_REPOS.has(normalizedRepo))
+                    continue;
+                const id = `npm:${pkg.name}`;
+                if (seen.has(id))
+                    continue;
+                seen.add(id);
+                const keywords = (pkg.keywords ?? []).map((value) => value.toLowerCase());
+                if (!keywords.some((value) => REQUIRED_KEYWORDS.includes(value)))
+                    continue;
+                let latestMetadata = {};
+                try {
+                    latestMetadata = await fetchJson(`${npmRegistryBase}/${encodeURIComponent(pkg.name)}/latest`);
+                }
+                catch {
+                    latestMetadata = {};
+                }
+                const inspection = await inspectNpmPackage(npmRegistryBase, latestMetadata).catch(() => EMPTY_INSPECTION);
+                const tags = mergeStrings((pkg.keywords ?? []).filter((value) => !REQUIRED_KEYWORDS.includes(value.toLowerCase())), inspection.tags);
+                kits.push(normalizeKit({
+                    id,
+                    name: pkg.name,
+                    description: inspection.description ?? pkg.description,
+                    ref: pkg.name,
+                    source: "npm",
+                    homepage: pkg.links?.homepage ?? pkg.links?.npm,
+                    author: pkg.author?.name ?? pkg.author?.username ?? pkg.publisher?.username,
+                    latestVersion: inspection.latestVersion ?? pkg.version,
+                    license: asString(latestMetadata.license) ?? inspection.license,
+                    tags,
+                    assetTypes: inspection.assetTypes,
+                    assets: inspection.assets,
+                }));
+            }
+            if (data.objects.length < size)
+                break;
+            offset += size;
+        }
+    }
+    return kits;
+}
+async function inspectNpmPackage(_npmRegistryBase, latestMetadata) {
+    const dist = asRecord(latestMetadata.dist);
+    const tarballUrl = asString(dist.tarball);
+    if (!tarballUrl)
+        return {};
+    const inspection = await inspectArchive(tarballUrl);
+    return {
+        description: asString(latestMetadata.description) ?? inspection.description,
+        latestVersion: asString(latestMetadata.version) ?? inspection.latestVersion,
+        license: asString(latestMetadata.license) ?? inspection.license,
+        tags: mergeStrings(extractNonReservedKeywords(latestMetadata.keywords), inspection.tags),
+        assetTypes: inspection.assetTypes,
+        assets: inspection.assets,
+    };
+}
+async function scanGithub(githubApiBase) {
+    const kits = [];
+    const seen = new Set();
+    const headers = githubHeaders();
+    for (const topic of GITHUB_TOPICS) {
+        let page = 1;
+        const perPage = 100;
+        while (true) {
+            const q = encodeURIComponent(`topic:${topic}`);
+            const url = `${githubApiBase}/search/repositories?q=${q}&sort=updated&order=desc&per_page=${perPage}&page=${page}`;
+            const data = await fetchJson(url, headers);
+            for (const repo of data.items) {
+                if (EXCLUDED_REPOS.has(repo.full_name))
+                    continue;
+                const id = `github:${repo.full_name}`;
+                if (seen.has(id))
+                    continue;
+                seen.add(id);
+                const inspection = await inspectArchive(`${githubApiBase}/repos/${repo.full_name}/tarball/${encodeURIComponent(repo.default_branch)}`, headers).catch(() => EMPTY_INSPECTION);
+                const topics = repo.topics.filter((value) => !GITHUB_TOPICS.includes(value));
+                kits.push(normalizeKit({
+                    id,
+                    name: repo.name,
+                    description: inspection.description ?? repo.description ?? undefined,
+                    ref: repo.full_name,
+                    source: "github",
+                    homepage: repo.html_url,
+                    author: repo.owner.login,
+                    latestVersion: inspection.latestVersion,
+                    license: repo.license?.spdx_id ?? inspection.license,
+                    tags: mergeStrings(topics, inspection.tags),
+                    assetTypes: inspection.assetTypes,
+                    assets: inspection.assets,
+                }));
+            }
+            if (data.items.length < perPage)
+                break;
+            page += 1;
+        }
+    }
+    return kits;
+}
+async function inspectArchive(url, headers) {
+    const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), "akm-registry-build-"));
+    const archivePath = path.join(tempDir, "archive.tgz");
+    const extractDir = path.join(tempDir, "extract");
+    try {
+        const response = await fetchWithRetry(url, headers ? { headers } : undefined, { timeout: 120_000 });
+        if (!response.ok) {
+            throw new Error(`Failed to fetch archive (${response.status}) from ${url}`);
+        }
+        await Bun.write(archivePath, response);
+        // Reuse the secure extraction from registry-install which validates entries,
+        // uses --no-same-owner, strips components, and runs a post-extraction scan.
+        extractTarGzSecure(archivePath, extractDir);
+        const stashRoot = detectStashRoot(extractDir);
+        const inspectionRoot = applyIncludeConfigForInspection(stashRoot, tempDir, extractDir) ?? stashRoot;
+        const metadata = await enumerateAssets(inspectionRoot);
+        const packageMetadata = readNearestPackageJson(extractDir, inspectionRoot);
+        const assets = metadata.map((entry) => ({
+            type: entry.type,
+            name: entry.name,
+            ...(entry.description ? { description: entry.description } : {}),
+            ...(entry.tags && entry.tags.length > 0 ? { tags: entry.tags } : {}),
+        }));
+        return {
+            description: asString(packageMetadata.description),
+            latestVersion: asString(packageMetadata.version),
+            license: asString(packageMetadata.license),
+            tags: extractNonReservedKeywords(packageMetadata.keywords),
+            assetTypes: deriveAssetTypes(assets),
+            assets: assets.length > 0 ? assets : undefined,
+        };
+    }
+    finally {
+        fs.rmSync(tempDir, { recursive: true, force: true });
+    }
+}
+function readNearestPackageJson(extractDir, stashRoot) {
+    const candidates = [
+        path.join(stashRoot, "package.json"),
+        path.join(extractDir, "package.json"),
+        path.join(extractDir, "package", "package.json"),
+    ];
+    for (const candidate of candidates) {
+        try {
+            return asRecord(JSON.parse(fs.readFileSync(candidate, "utf8")));
+        }
+        catch { }
+    }
+    return {};
+}
+async function enumerateAssets(stashRoot) {
+    const fileContexts = walkStashFlat(stashRoot);
+    const dirGroups = new Map();
+    for (const ctx of fileContexts) {
+        const group = dirGroups.get(ctx.parentDirAbs);
+        if (group)
+            group.push(ctx.absPath);
+        else
+            dirGroups.set(ctx.parentDirAbs, [ctx.absPath]);
+    }
+    const entries = [];
+    for (const [dirPath, files] of dirGroups) {
+        let stash = loadStashFile(dirPath);
+        if (stash) {
+            const covered = new Set(stash.entries.map((entry) => entry.filename).filter((value) => !!value));
+            const uncoveredFiles = files.filter((file) => !covered.has(path.basename(file)));
+            if (uncoveredFiles.length > 0) {
+                const generated = await generateMetadataFlat(stashRoot, uncoveredFiles);
+                if (generated.entries.length > 0) {
+                    stash = { entries: [...stash.entries, ...generated.entries] };
+                }
+            }
+        }
+        else {
+            const generated = await generateMetadataFlat(stashRoot, files);
+            if (generated.entries.length === 0)
+                continue;
+            stash = generated;
+        }
+        entries.push(...stash.entries);
+    }
+    return entries.sort((a, b) => `${a.type}:${a.name}`.localeCompare(`${b.type}:${b.name}`));
+}
+function applyIncludeConfigForInspection(stashRoot, tempDir, searchRoot) {
+    const includeConfig = findNearestIncludeConfig(stashRoot, searchRoot);
+    if (!includeConfig)
+        return undefined;
+    const selectedDir = path.join(tempDir, "selected");
+    fs.rmSync(selectedDir, { recursive: true, force: true });
+    fs.mkdirSync(selectedDir, { recursive: true });
+    copyIncludedPaths(includeConfig.include, includeConfig.baseDir, selectedDir);
+    return selectedDir;
+}
+async function loadManualEntries(manualEntriesPath) {
+    try {
+        const raw = JSON.parse(fs.readFileSync(manualEntriesPath, "utf8"));
+        const candidateKits = Array.isArray(raw) ? raw : asRecord(raw).kits;
+        const parsed = parseRegistryIndex({ version: 2, updatedAt: new Date().toISOString(), kits: candidateKits });
+        if (!parsed)
+            return [];
+        return parsed.kits.map((kit) => normalizeKit({ ...kit, curated: kit.curated ?? true }));
+    }
+    catch {
+        return [];
+    }
+}
+async function fetchJson(url, headers) {
+    const response = await fetchWithRetry(url, headers ? { headers } : undefined, { timeout: 30_000 });
+    if (!response.ok) {
+        const body = await response.text().catch(() => "");
+        throw new Error(`HTTP ${response.status} from ${url}: ${body.slice(0, 200)}`);
+    }
+    return (await response.json());
+}
+function deduplicateKits(kits) {
+    const byId = new Map();
+    for (const kit of kits) {
+        const existing = byId.get(kit.id);
+        byId.set(kit.id, existing ? mergeEntries(existing, kit) : kit);
+    }
+    return [...byId.values()];
+}
+function mergeEntries(a, b) {
+    const assets = mergeAssets(a.assets, b.assets);
+    const assetTypes = mergeStrings(a.assetTypes, b.assetTypes, assets ? deriveAssetTypes(assets) : undefined);
+    return normalizeKit({
+        id: a.id,
+        name: a.name,
+        description: a.description ?? b.description,
+        ref: a.ref,
+        source: a.source,
+        homepage: a.homepage ?? b.homepage,
+        tags: mergeStrings(a.tags, b.tags),
+        assetTypes,
+        assets,
+        author: a.author ?? b.author,
+        license: a.license ?? b.license,
+        latestVersion: a.latestVersion ?? b.latestVersion,
+        curated: a.curated || b.curated || undefined,
+    });
+}
+function mergeAssets(a, b) {
+    if (!a && !b)
+        return undefined;
+    const merged = new Map();
+    for (const asset of [...(a ?? []), ...(b ?? [])]) {
+        const key = `${asset.type}:${asset.name}`;
+        if (!merged.has(key))
+            merged.set(key, asset);
+    }
+    const values = [...merged.values()];
+    return values.length > 0 ? sortAssets(values) : undefined;
+}
+function mergeStrings(...values) {
+    const merged = [...new Set(values.flatMap((value) => value ?? []).filter((value) => value.trim().length > 0))].sort();
+    return merged.length > 0 ? merged : undefined;
+}
+function deriveAssetTypes(assets) {
+    return mergeStrings(assets?.map((asset) => asset.type));
+}
+function extractNonReservedKeywords(value) {
+    if (!Array.isArray(value))
+        return undefined;
+    const filtered = value
+        .filter((item) => typeof item === "string")
+        .map((item) => item.trim())
+        .filter((item) => item.length > 0)
+        .filter((item) => !REQUIRED_KEYWORDS.includes(item.toLowerCase()));
+    return filtered.length > 0 ? filtered : undefined;
+}
+function normalizeKit(kit) {
+    const assets = kit.assets ? sortAssets(kit.assets) : undefined;
+    return {
+        ...kit,
+        ...(kit.tags && kit.tags.length > 0 ? { tags: kit.tags } : {}),
+        ...(kit.assetTypes && kit.assetTypes.length > 0 ? { assetTypes: kit.assetTypes } : {}),
+        ...(assets && assets.length > 0 ? { assets } : {}),
+    };
+}
+function sortAssets(assets) {
+    return [...assets].sort((a, b) => `${a.type}:${a.name}`.localeCompare(`${b.type}:${b.name}`));
+}
+function trimTrailingSlash(value) {
+    return value.replace(/\/+$/, "");
+}

package/dist/registry-factory.js

@@ -0,0 +1,19 @@
+/**
+ * Registry provider factory map.
+ *
+ * Maps registry provider type identifiers (e.g. "static-index", "skills-sh")
+ * to factory functions that create RegistryProvider instances.
+ *
+ * "Registry" here refers to the kit discovery registries (npm, GitHub, static
+ * index files) — not to be confused with the stash provider factory map in
+ * stash-provider-factory.ts or the installed-kit operations in installed-kits.ts.
+ */
+import { createProviderRegistry } from "./create-provider-registry";
+// ── Factory map ─────────────────────────────────────────────────────────────
+const registry = createProviderRegistry();
+export function registerProvider(type, factory) {
+    registry.register(type, factory);
+}
+export function resolveProviderFactory(type) {
+    return registry.resolve(type);
+}

package/dist/registry-install.js

@@ -5,8 +5,10 @@ import path from "node:path";
 import { TYPE_DIRS } from "./asset-spec";
 import { fetchWithRetry, isWithin } from "./common";
 import { loadConfig, saveConfig } from "./config";
+import { copyIncludedPaths, findNearestIncludeConfig } from "./kit-include";
 import { getRegistryCacheDir as _getRegistryCacheDir } from "./paths";
-import { parseRegistryRef, resolveRegistryArtifact } from "./registry-resolve";
+import { parseRegistryRef, resolveRegistryArtifact, validateGitRef, validateGitUrl } from "./registry-resolve";
+import { warn } from "./warn";
 const REGISTRY_STASH_DIR_NAMES = new Set(Object.values(TYPE_DIRS));
 export async function installRegistryRef(ref, options) {
     const parsed = parseRegistryRef(ref);
@@ -48,13 +50,30 @@ export async function installRegistryRef(ref, options) {
         }
     }
     fs.mkdirSync(cacheDir, { recursive: true });
-    await downloadArchive(resolved.artifactUrl, archivePath);
-    verifyArchiveIntegrity(archivePath, resolved.resolvedRevision, resolved.source);
-    const integrity = await computeFileHash(archivePath);
-    extractTarGzSecure(archivePath, extractedDir);
-    const provisionalKitRoot = detectStashRoot(extractedDir);
-    const installRoot = applyAgentikitIncludeConfig(provisionalKitRoot, cacheDir, extractedDir) ?? provisionalKitRoot;
-    const stashRoot = detectStashRoot(installRoot);
+    let integrity;
+    let provisionalKitRoot;
+    let installRoot;
+    let stashRoot;
+    try {
+        await downloadArchive(resolved.artifactUrl, archivePath);
+        verifyArchiveIntegrity(archivePath, resolved.resolvedRevision, resolved.source);
+        integrity = await computeFileHash(archivePath);
+        extractTarGzSecure(archivePath, extractedDir);
+        provisionalKitRoot = detectStashRoot(extractedDir);
+        installRoot = applyAgentikitIncludeConfig(provisionalKitRoot, cacheDir, extractedDir) ?? provisionalKitRoot;
+        stashRoot = detectStashRoot(installRoot);
+    }
+    catch (err) {
+        // Clean up the cache directory so stale or partially-extracted artifacts
+        // don't cause false cache hits on the next install attempt.
+        try {
+            fs.rmSync(cacheDir, { recursive: true, force: true });
+        }
+        catch {
+            // Best-effort cleanup; ignore errors
+        }
+        throw err;
+    }
     return {
         id: resolved.id,
         source: resolved.source,
@@ -121,24 +140,44 @@ async function installGitRegistryRef(parsed, options) {
         }
     }
     fs.mkdirSync(cacheDir, { recursive: true });
-    const cloneArgs = ["clone", "--depth", "1"];
-    if (parsed.requestedRef) {
-        cloneArgs.push("--branch", parsed.requestedRef);
+    // Validate URL and ref before passing to git to prevent command injection
+    validateGitUrl(parsed.url);
+    if (parsed.requestedRef)
+        validateGitRef(parsed.requestedRef);
+    let provisionalKitRoot;
+    let installRoot;
+    let stashRoot;
+    try {
+        const cloneArgs = ["clone", "--depth", "1"];
+        if (parsed.requestedRef) {
+            cloneArgs.push("--branch", parsed.requestedRef);
+        }
+        cloneArgs.push(parsed.url, cloneDir);
+        const cloneResult = spawnSync("git", cloneArgs, { encoding: "utf8", timeout: 120_000 });
+        if (cloneResult.status !== 0) {
+            const err = cloneResult.stderr?.trim() || cloneResult.error?.message || "unknown error";
+            throw new Error(`Failed to clone ${parsed.url}: ${err}`);
+        }
+        // Copy contents to extracted dir without .git
+        fs.mkdirSync(extractedDir, { recursive: true });
+        copyDirectoryContents(cloneDir, extractedDir);
+        // Clean up the clone dir
+        fs.rmSync(cloneDir, { recursive: true, force: true });
+        provisionalKitRoot = detectStashRoot(extractedDir);
+        installRoot = applyAgentikitIncludeConfig(provisionalKitRoot, cacheDir, extractedDir) ?? provisionalKitRoot;
+        stashRoot = detectStashRoot(installRoot);
     }
-    cloneArgs.push(parsed.url, cloneDir);
-    const cloneResult = spawnSync("git", cloneArgs, { encoding: "utf8", timeout: 120_000 });
-    if (cloneResult.status !== 0) {
-        const err = cloneResult.stderr?.trim() || cloneResult.error?.message || "unknown error";
-        throw new Error(`Failed to clone ${parsed.url}: ${err}`);
+    catch (err) {
+        // Clean up the cache directory so stale or partially-cloned artifacts
+        // don't cause false cache hits on the next install attempt.
+        try {
+            fs.rmSync(cacheDir, { recursive: true, force: true });
+        }
+        catch {
+            // Best-effort cleanup; ignore errors
+        }
+        throw err;
     }
-    // Copy contents to extracted dir without .git
-    fs.mkdirSync(extractedDir, { recursive: true });
-    copyDirectoryContents(cloneDir, extractedDir);
-    // Clean up the clone dir
-    fs.rmSync(cloneDir, { recursive: true, force: true });
-    const provisionalKitRoot = detectStashRoot(extractedDir);
-    const installRoot = applyAgentikitIncludeConfig(provisionalKitRoot, cacheDir, extractedDir) ?? provisionalKitRoot;
-    const stashRoot = detectStashRoot(installRoot);
     return {
         id: resolved.id,
         source: resolved.source,
@@ -204,13 +243,13 @@ function buildInstallCacheDir(cacheRootDir, source, id, version) {
     return path.join(cacheRootDir, slug || source, versionSlug);
 }
 function applyAgentikitIncludeConfig(sourceRoot, cacheDir, searchRoot = sourceRoot) {
-    const includeConfig = findNearestAgentikitIncludeConfig(sourceRoot, searchRoot);
+    const includeConfig = findNearestIncludeConfig(sourceRoot, searchRoot);
     if (!includeConfig)
         return undefined;
     const selectedDir = path.join(cacheDir, "selected");
     fs.rmSync(selectedDir, { recursive: true, force: true });
     fs.mkdirSync(selectedDir, { recursive: true });
-    copyIncludedPaths(includeConfig.baseDir, includeConfig.include, selectedDir);
+    copyIncludedPaths(includeConfig.include, includeConfig.baseDir, selectedDir);
     return selectedDir;
 }
 async function downloadArchive(url, destination) {
@@ -260,9 +299,10 @@ export function verifyArchiveIntegrity(archivePath, expected, source) {
         }
         return;
     }
-    // Unrecognized format — skip verification
+    // Unrecognized format — warn and skip verification
+    warn("Unrecognized integrity format: %s — verification skipped", expected);
 }
-function extractTarGzSecure(archivePath, destinationDir) {
+export function extractTarGzSecure(archivePath, destinationDir) {
     const listResult = spawnSync("tar", ["tzf", archivePath], { encoding: "utf8" });
     if (listResult.status !== 0) {
         const err = listResult.stderr?.trim() || listResult.error?.message || "unknown error";
@@ -271,15 +311,42 @@ function extractTarGzSecure(archivePath, destinationDir) {
     validateTarEntries(listResult.stdout);
     fs.rmSync(destinationDir, { recursive: true, force: true });
     fs.mkdirSync(destinationDir, { recursive: true });
-    const extractResult = spawnSync("tar", ["xzf", archivePath, "--strip-components=1", "-C", destinationDir], {
-        encoding: "utf8",
-    });
+    const extractResult = spawnSync("tar", ["xzf", archivePath, "--no-same-owner", "--strip-components=1", "-C", destinationDir], { encoding: "utf8" });
     if (extractResult.status !== 0) {
         const err = extractResult.stderr?.trim() || extractResult.error?.message || "unknown error";
         throw new Error(`Failed to extract archive ${archivePath}: ${err}`);
     }
+    // Post-extraction scan: verify all extracted files are within destinationDir
+    // This mitigates TOCTOU between validateTarEntries (list) and tar extract.
+    scanExtractedFiles(destinationDir, destinationDir);
+}
+function scanExtractedFiles(dir, root) {
+    let entries;
+    try {
+        entries = fs.readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return;
+    }
+    for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        // Check for ".." segments in names (e.g. symlink tricks or crafted filenames)
+        if (entry.name.includes("..")) {
+            throw new Error(`Post-extraction scan: suspicious entry name: ${fullPath}`);
+        }
+        // Resolve symlinks to detect escapes outside the destination directory
+        if (entry.isSymbolicLink()) {
+            const target = fs.realpathSync(fullPath);
+            if (!isWithin(target, root)) {
+                throw new Error(`Post-extraction scan: symlink escapes destination directory: ${fullPath} -> ${target}`);
+            }
+        }
+        if (entry.isDirectory()) {
+            scanExtractedFiles(fullPath, root);
+        }
+    }
 }
-function validateTarEntries(listOutput) {
+export function validateTarEntries(listOutput) {
     const lines = listOutput.split(/\r?\n/).filter(Boolean);
     for (const rawLine of lines) {
         const entry = rawLine.trim();
@@ -313,83 +380,6 @@ function isDirectory(target) {
         return false;
     }
 }
-function readAgentikitIncludeConfigAtDir(dirPath) {
-    const packageJsonPath = path.join(dirPath, "package.json");
-    if (!fs.existsSync(packageJsonPath))
-        return undefined;
-    let pkg;
-    try {
-        pkg = JSON.parse(fs.readFileSync(packageJsonPath, "utf8"));
-    }
-    catch {
-        return undefined;
-    }
-    if (typeof pkg !== "object" || pkg === null || Array.isArray(pkg))
-        return undefined;
-    const akmConfig = pkg.akm;
-    if (typeof akmConfig !== "object" || akmConfig === null || Array.isArray(akmConfig))
-        return undefined;
-    const include = akmConfig.include;
-    if (!Array.isArray(include))
-        return undefined;
-    const parsedInclude = include
-        .filter((value) => typeof value === "string")
-        .map((value) => value.trim())
-        .filter(Boolean);
-    return parsedInclude.length > 0 ? { baseDir: dirPath, include: parsedInclude } : undefined;
-}
-function findNearestAgentikitIncludeConfig(startDir, stopDir) {
-    let current = path.resolve(startDir);
-    const boundary = path.resolve(stopDir);
-    while (isWithin(current, boundary)) {
-        const config = readAgentikitIncludeConfigAtDir(current);
-        if (config)
-            return config;
-        if (current === boundary)
-            break;
-        const parent = path.dirname(current);
-        if (parent === current)
-            break;
-        current = parent;
-    }
-    return undefined;
-}
-function copyIncludedPaths(baseDir, include, destinationDir) {
-    for (const entry of include) {
-        const resolvedSource = path.resolve(baseDir, entry);
-        if (!isWithin(resolvedSource, baseDir)) {
-            throw new Error(`Path in akm.include escapes the package root: ${entry}`);
-        }
-        if (!fs.existsSync(resolvedSource)) {
-            throw new Error(`Path in akm.include does not exist: ${entry}`);
-        }
-        if (path.basename(resolvedSource) === ".git") {
-            continue;
-        }
-        const relativePath = path.relative(baseDir, resolvedSource);
-        if (!relativePath || relativePath === ".") {
-            copyDirectoryContents(baseDir, destinationDir);
-            continue;
-        }
-        copyPath(resolvedSource, path.join(destinationDir, relativePath));
-    }
-}
-function copyDirectoryContents(sourceDir, destinationDir) {
-    for (const entry of fs.readdirSync(sourceDir, { withFileTypes: true })) {
-        if (entry.name === ".git")
-            continue;
-        copyPath(path.join(sourceDir, entry.name), path.join(destinationDir, entry.name));
-    }
-}
-function copyPath(sourcePath, destinationPath) {
-    const stat = fs.statSync(sourcePath);
-    fs.mkdirSync(path.dirname(destinationPath), { recursive: true });
-    if (stat.isDirectory()) {
-        fs.cpSync(sourcePath, destinationPath, { recursive: true, force: true });
-        return;
-    }
-    fs.copyFileSync(sourcePath, destinationPath);
-}
 function hasStashDirs(dirPath) {
     if (!isDirectory(dirPath))
         return false;
@@ -452,6 +442,21 @@ function normalizeInstalledEntry(entry) {
         cacheDir: path.resolve(entry.cacheDir),
     };
 }
+function copyDirectoryContents(sourceDir, destinationDir) {
+    for (const entry of fs.readdirSync(sourceDir, { withFileTypes: true })) {
+        if (entry.name === ".git")
+            continue;
+        const src = path.join(sourceDir, entry.name);
+        const dest = path.join(destinationDir, entry.name);
+        fs.mkdirSync(path.dirname(dest), { recursive: true });
+        if (entry.isDirectory()) {
+            fs.cpSync(src, dest, { recursive: true, force: true });
+        }
+        else {
+            fs.copyFileSync(src, dest);
+        }
+    }
+}
 async function computeFileHash(filePath) {
     const data = fs.readFileSync(filePath);
     const hash = createHash("sha256").update(data).digest("hex");