akm-cli 0.3.1 → 0.4.1

package/dist/install-audit.js

@@ -0,0 +1,324 @@
+import fs from "node:fs";
+import path from "node:path";
+import { filterNonEmptyStrings } from "./common";
+const DEFAULT_INSTALL_AUDIT_CONFIG = {
+    enabled: true,
+    blockOnCritical: true,
+    blockUnlistedRegistries: false,
+    registryAllowlist: [],
+};
+const MAX_SCANNED_FILE_BYTES = 256 * 1024;
+const LIFECYCLE_SCRIPT_NAMES = new Set([
+    "preinstall",
+    "install",
+    "postinstall",
+    "prepublish",
+    "prepublishOnly",
+    "prepare",
+]);
+const TEXT_FILE_EXTENSIONS = new Set([
+    ".cjs",
+    ".cts",
+    ".js",
+    ".json",
+    ".jsonc",
+    ".jsx",
+    ".mjs",
+    ".md",
+    ".ps1",
+    ".py",
+    ".rb",
+    ".sh",
+    ".toml",
+    ".ts",
+    ".tsx",
+    ".txt",
+    ".yaml",
+    ".yml",
+]);
+const CONTENT_RULES = [
+    {
+        id: "prompt-ignore-previous-instructions",
+        severity: "high",
+        category: "prompt-injection",
+        message: "Contains instructions to ignore prior prompts or instructions.",
+        pattern: /\b(ignore|disregard|forget)\b[^.\n]{0,100}\b(previous|prior|earlier)\b[^.\n]{0,100}\b(instructions?|prompts?|messages?)\b/i,
+    },
+    {
+        id: "prompt-reveal-hidden-secrets",
+        severity: "critical",
+        category: "prompt-injection",
+        message: "Contains instructions to reveal hidden prompts or secrets.",
+        pattern: /\b(reveal|print|dump|show|exfiltrat(?:e|ion))\b[^.\n]{0,120}\b(system prompt|hidden instructions?|developer message|api key|token|secret|password)\b/i,
+    },
+    {
+        id: "prompt-bypass-guardrails",
+        severity: "high",
+        category: "prompt-injection",
+        message: "Contains instructions to bypass safety or security controls.",
+        pattern: /\b(bypass|disable|ignore)\b[^.\n]{0,100}\b(safety|security|guardrails|restrictions|policies)\b/i,
+    },
+    {
+        id: "remote-shell-pipe",
+        severity: "critical",
+        category: "malicious-code",
+        message: "Downloads remote content and pipes it directly into a shell.",
+        pattern: /\b(curl|wget)\b[^\n|]{0,200}\|\s*(sh|bash|zsh)\b/i,
+    },
+    {
+        id: "powershell-download-exec",
+        severity: "critical",
+        category: "malicious-code",
+        message: "Downloads remote content and executes it in PowerShell.",
+        pattern: /\b(Invoke-WebRequest|iwr|curl)\b[^\n|]{0,200}\|\s*(iex|Invoke-Expression)\b/i,
+    },
+    {
+        id: "powershell-encoded-command",
+        severity: "critical",
+        category: "malicious-code",
+        message: "Uses an encoded PowerShell command.",
+        pattern: /\bpowershell(?:\.exe)?\b[^\n]{0,120}\s-(?:enc|encodedcommand)\b/i,
+    },
+    {
+        id: "credential-exfiltration-language",
+        severity: "high",
+        category: "malicious-code",
+        message: "Contains language associated with credential or secret exfiltration.",
+        pattern: /\b(exfiltrat(?:e|ion)|harvest|steal)\b[^.\n]{0,120}\b(credentials?|tokens?|secrets?|ssh keys?|passwords?|cookies?)\b/i,
+    },
+];
+export function resolveInstallAuditConfig(config) {
+    const installAudit = config?.security?.installAudit;
+    const allowlist = filterNonEmptyStrings(installAudit?.registryAllowlist) ??
+        filterNonEmptyStrings(installAudit?.registryWhitelist) ??
+        [];
+    return {
+        enabled: installAudit?.enabled ?? DEFAULT_INSTALL_AUDIT_CONFIG.enabled,
+        blockOnCritical: installAudit?.blockOnCritical ?? DEFAULT_INSTALL_AUDIT_CONFIG.blockOnCritical,
+        blockUnlistedRegistries: installAudit?.blockUnlistedRegistries ?? DEFAULT_INSTALL_AUDIT_CONFIG.blockUnlistedRegistries,
+        registryAllowlist: allowlist.map((entry) => entry.trim().toLowerCase()),
+    };
+}
+export function enforceRegistryInstallPolicy(registryLabels, config, ref) {
+    const resolved = resolveInstallAuditConfig(config);
+    if (!resolved.blockUnlistedRegistries)
+        return;
+    if (resolved.registryAllowlist.length === 0) {
+        throw new Error(`Install blocked for ${ref}: no registries are allowlisted. Configure security.installAudit.registryAllowlist or disable security.installAudit.blockUnlistedRegistries.`);
+    }
+    const matched = registryLabels.some((label) => resolved.registryAllowlist.includes(label.toLowerCase()));
+    if (matched)
+        return;
+    throw new Error(`Install blocked for ${ref}: registry is not allowlisted. Allowed: ${resolved.registryAllowlist.join(", ")}. Seen: ${registryLabels.join(", ")}.`);
+}
+export function auditInstallCandidate(input) {
+    const resolved = resolveInstallAuditConfig(input.config);
+    if (!resolved.enabled) {
+        return {
+            enabled: false,
+            passed: true,
+            blocked: false,
+            registryLabels: [...input.registryLabels],
+            findings: [],
+            scannedFiles: 0,
+            scannedBytes: 0,
+            summary: buildSummary([]),
+        };
+    }
+    const findings = [];
+    const counters = { scannedFiles: 0, scannedBytes: 0 };
+    scanDirectory(input.rootDir, input.rootDir, findings, counters);
+    const summary = buildSummary(findings);
+    const blocked = resolved.blockOnCritical && summary.critical > 0;
+    return {
+        enabled: true,
+        passed: findings.length === 0,
+        blocked,
+        registryLabels: [...input.registryLabels],
+        findings,
+        scannedFiles: counters.scannedFiles,
+        scannedBytes: counters.scannedBytes,
+        summary,
+    };
+}
+export function formatInstallAuditFailure(ref, report) {
+    const lines = [`Security audit failed for ${ref}.`, formatInstallAuditSummary(report)];
+    for (const finding of report.findings.slice(0, 5)) {
+        lines.push(`- [${finding.severity}] ${finding.message}${finding.file ? ` (${finding.file})` : ""}`);
+    }
+    if (report.findings.length > 5) {
+        lines.push(`- ${report.findings.length - 5} more finding(s) omitted`);
+    }
+    lines.push("Disable blocking with `security.installAudit.blockOnCritical = false`, or disable audits with `security.installAudit.enabled = false`.");
+    return lines.join("\n");
+}
+export function formatInstallAuditSummary(report) {
+    if (!report.enabled)
+        return "Audit: disabled";
+    const severitySummary = [];
+    if (report.summary.critical > 0)
+        severitySummary.push(`${report.summary.critical} critical`);
+    if (report.summary.high > 0)
+        severitySummary.push(`${report.summary.high} high`);
+    if (report.summary.moderate > 0)
+        severitySummary.push(`${report.summary.moderate} moderate`);
+    if (report.summary.low > 0)
+        severitySummary.push(`${report.summary.low} low`);
+    const detail = severitySummary.length > 0 ? severitySummary.join(", ") : "no findings";
+    return `Audit: ${report.blocked ? "blocked" : report.passed ? "passed" : "warnings"} (${detail}; scanned ${report.scannedFiles} file${report.scannedFiles === 1 ? "" : "s"})`;
+}
+export function deriveRegistryLabels(input) {
+    const labels = new Set();
+    labels.add(input.source);
+    if (input.source === "github")
+        labels.add("github.com");
+    if (input.source === "npm")
+        labels.add("npm");
+    addUrlLabels(labels, input.artifactUrl);
+    addUrlLabels(labels, input.gitUrl);
+    if (input.source === "github" && input.ref.startsWith("github:")) {
+        labels.add("github");
+    }
+    return [...labels];
+}
+function scanDirectory(dir, rootDir, findings, counters) {
+    let entries;
+    try {
+        entries = fs.readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return;
+    }
+    for (const entry of entries) {
+        if (entry.name === ".git" || entry.name === "node_modules")
+            continue;
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory()) {
+            scanDirectory(fullPath, rootDir, findings, counters);
+            continue;
+        }
+        if (!entry.isFile())
+            continue;
+        scanFile(fullPath, rootDir, findings, counters);
+    }
+}
+function scanFile(filePath, rootDir, findings, counters) {
+    const ext = path.extname(filePath).toLowerCase();
+    const basename = path.basename(filePath).toLowerCase();
+    if (basename !== "package.json" && !TEXT_FILE_EXTENSIONS.has(ext))
+        return;
+    let fileSize;
+    try {
+        fileSize = fs.statSync(filePath).size;
+    }
+    catch {
+        return;
+    }
+    const readSize = Math.min(fileSize, MAX_SCANNED_FILE_BYTES);
+    const buf = Buffer.alloc(readSize);
+    let bytesRead;
+    try {
+        const fd = fs.openSync(filePath, "r");
+        try {
+            bytesRead = fs.readSync(fd, buf, 0, readSize, 0);
+        }
+        finally {
+            fs.closeSync(fd);
+        }
+    }
+    catch {
+        return;
+    }
+    if (bytesRead === 0)
+        return;
+    const bytes = buf.subarray(0, bytesRead);
+    if (bytes.includes(0))
+        return;
+    counters.scannedFiles += 1;
+    counters.scannedBytes += bytesRead;
+    const content = bytes.toString("utf8");
+    const relativePath = path.relative(rootDir, filePath) || path.basename(filePath);
+    const genericContent = basename === "package.json" ? stripPackageJsonScripts(content) : content;
+    for (const rule of CONTENT_RULES) {
+        const match = genericContent.match(rule.pattern);
+        if (!match)
+            continue;
+        findings.push({
+            id: rule.id,
+            severity: rule.severity,
+            category: rule.category,
+            message: rule.message,
+            file: relativePath,
+            snippet: clipSnippet(match[0]),
+        });
+    }
+    if (basename === "package.json") {
+        scanPackageJson(content, relativePath, findings);
+    }
+}
+function stripPackageJsonScripts(content) {
+    let parsed;
+    try {
+        parsed = JSON.parse(content);
+    }
+    catch {
+        return content;
+    }
+    if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed))
+        return content;
+    const packageJson = { ...parsed };
+    delete packageJson.scripts;
+    return JSON.stringify(packageJson, null, 2);
+}
+function scanPackageJson(content, relativePath, findings) {
+    let parsed;
+    try {
+        parsed = JSON.parse(content);
+    }
+    catch {
+        return;
+    }
+    if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed))
+        return;
+    const scripts = parsed.scripts;
+    if (typeof scripts !== "object" || scripts === null || Array.isArray(scripts))
+        return;
+    for (const [name, command] of Object.entries(scripts)) {
+        if (!LIFECYCLE_SCRIPT_NAMES.has(name) || typeof command !== "string")
+            continue;
+        for (const rule of CONTENT_RULES) {
+            if (!rule.pattern.test(command))
+                continue;
+            findings.push({
+                id: `lifecycle-${name}-${rule.id}`,
+                severity: rule.severity,
+                category: "install-script",
+                message: `Lifecycle script "${name}" is suspicious: ${rule.message.toLowerCase()}`,
+                file: relativePath,
+                snippet: clipSnippet(command),
+            });
+        }
+    }
+}
+function clipSnippet(value) {
+    const normalized = value.replace(/\s+/g, " ").trim();
+    return normalized.length <= 140 ? normalized : `${normalized.slice(0, 137)}...`;
+}
+function buildSummary(findings) {
+    const summary = { low: 0, moderate: 0, high: 0, critical: 0, total: findings.length };
+    for (const finding of findings) {
+        summary[finding.severity] += 1;
+    }
+    return summary;
+}
+function addUrlLabels(labels, rawUrl) {
+    if (!rawUrl)
+        return;
+    try {
+        const parsed = new URL(rawUrl);
+        labels.add(parsed.hostname.toLowerCase());
+    }
+    catch {
+        // Ignore non-URL refs (for example git@host:path)
+    }
+}

package/dist/installed-kits.js

@@ -247,8 +247,8 @@ function tryResolveInstalledTarget(installed, target) {
     return undefined;
 }
 function toInstalledEntry(status) {
-    // KitInstallStatus extends InstalledKitEntry; omit the extra extractedDir field.
-    const { extractedDir: _extractedDir, ...base } = status;
+    // KitInstallStatus extends InstalledKitEntry; omit transient install-only fields.
+    const { extractedDir: _extractedDir, audit: _audit, ...base } = status;
     return base;
 }
 function toInstallStatus(status) {

package/dist/matchers.js

@@ -7,7 +7,7 @@
  *
  * - `extensionMatcher` (3) -- classifies any file by extension alone.
  *   Ensures every known file type is discoverable regardless of directory.
- * - `directoryMatcher` (10) -- boosts specificity when the first ancestor
+ * - `directoryMatcher` (10) -- boosts specificity when an ancestor
  *   directory matches a known type name (e.g. `scripts/`, `agents/`).
  * - `parentDirHintMatcher` (15) -- boosts specificity based on the
  *   immediate parent directory name.
@@ -43,31 +43,34 @@ export function extensionMatcher(ctx) {
 }
 // ── directoryMatcher (specificity: 10) ──────────────────────────────────────
 /**
- * Directory-based matcher that boosts specificity when the first ancestor
+ * Directory-based matcher that boosts specificity when an ancestor
  * directory segment from the stash root matches a known type name.
+ *
+ * The first matching type-like ancestor wins. This preserves intuitive
+ * behavior for nested kit layouts such as `agent-stash/agents/blog/foo.md`
+ * while still honoring earlier type roots like `commands/agents/foo.md`.
  */
 export function directoryMatcher(ctx) {
-    const topDir = ctx.ancestorDirs[0];
-    if (!topDir)
-        return null;
     const ext = ctx.ext;
-    if (topDir === "scripts" && SCRIPT_EXTENSIONS.has(ext)) {
-        return { type: "script", specificity: 10, renderer: "script-source" };
-    }
-    if (topDir === "skills" && ctx.fileName === "SKILL.md") {
-        return { type: "skill", specificity: 10, renderer: "skill-md" };
-    }
-    if (topDir === "commands" && ext === ".md") {
-        return { type: "command", specificity: 10, renderer: "command-md" };
-    }
-    if (topDir === "agents" && ext === ".md") {
-        return { type: "agent", specificity: 10, renderer: "agent-md" };
-    }
-    if (topDir === "knowledge" && ext === ".md") {
-        return { type: "knowledge", specificity: 10, renderer: "knowledge-md" };
-    }
-    if (topDir === "memories" && ext === ".md") {
-        return { type: "memory", specificity: 10, renderer: "memory-md" };
+    for (const dir of ctx.ancestorDirs) {
+        if (dir === "scripts" && SCRIPT_EXTENSIONS.has(ext)) {
+            return { type: "script", specificity: 10, renderer: "script-source" };
+        }
+        if (dir === "skills" && ctx.fileName === "SKILL.md") {
+            return { type: "skill", specificity: 10, renderer: "skill-md" };
+        }
+        if (dir === "commands" && ext === ".md") {
+            return { type: "command", specificity: 10, renderer: "command-md" };
+        }
+        if (dir === "agents" && ext === ".md") {
+            return { type: "agent", specificity: 10, renderer: "agent-md" };
+        }
+        if (dir === "knowledge" && ext === ".md") {
+            return { type: "knowledge", specificity: 10, renderer: "knowledge-md" };
+        }
+        if (dir === "memories" && ext === ".md") {
+            return { type: "memory", specificity: 10, renderer: "memory-md" };
+        }
     }
     return null;
 }

package/dist/registry-install.js

@@ -4,7 +4,8 @@ import fs from "node:fs";
 import path from "node:path";
 import { TYPE_DIRS } from "./asset-spec";
 import { fetchWithRetry, isWithin } from "./common";
-import { loadConfig, saveConfig } from "./config";
+import { loadConfig, loadUserConfig, saveConfig } from "./config";
+import { auditInstallCandidate, deriveRegistryLabels, enforceRegistryInstallPolicy, formatInstallAuditFailure, } from "./install-audit";
 import { copyIncludedPaths, findNearestIncludeConfig } from "./kit-include";
 import { getRegistryCacheDir as _getRegistryCacheDir } from "./paths";
 import { parseRegistryRef, resolveRegistryArtifact, validateGitRef, validateGitUrl } from "./registry-resolve";
@@ -12,13 +13,20 @@ import { warn } from "./warn";
 const REGISTRY_STASH_DIR_NAMES = new Set(Object.values(TYPE_DIRS));
 export async function installRegistryRef(ref, options) {
     const parsed = parseRegistryRef(ref);
+    const config = loadConfig();
     if (parsed.source === "local") {
-        return installLocalRegistryRef(parsed, options);
+        return installLocalRegistryRef(parsed, config, options);
     }
     if (parsed.source === "git") {
-        return installGitRegistryRef(parsed, options);
+        return installGitRegistryRef(parsed, config, options);
     }
     const resolved = await resolveRegistryArtifact(parsed);
+    const registryLabels = deriveRegistryLabels({
+        source: resolved.source,
+        ref: resolved.ref,
+        artifactUrl: resolved.artifactUrl,
+    });
+    enforceRegistryInstallPolicy(registryLabels, config, ref);
     const installedAt = (options?.now ?? new Date()).toISOString();
     const cacheRootDir = options?.cacheRootDir ?? getRegistryCacheRootDir();
     const cacheDir = buildInstallCacheDir(cacheRootDir, resolved.source, resolved.id, resolved.resolvedVersion ?? resolved.resolvedRevision);
@@ -30,6 +38,7 @@ export async function installRegistryRef(ref, options) {
             const cachedStashRoot = detectStashRoot(extractedDir);
             if (cachedStashRoot) {
                 const integrity = fs.existsSync(archivePath) ? await computeFileHash(archivePath) : undefined;
+                const audit = runInstallAuditOrThrow(extractedDir, resolved.source, resolved.ref, registryLabels, config);
                 return {
                     id: resolved.id,
                     source: resolved.source,
@@ -42,6 +51,7 @@ export async function installRegistryRef(ref, options) {
                     extractedDir,
                     stashRoot: cachedStashRoot,
                     integrity,
+                    audit,
                 };
             }
         }
@@ -54,11 +64,13 @@ export async function installRegistryRef(ref, options) {
     let provisionalKitRoot;
     let installRoot;
     let stashRoot;
+    let audit;
     try {
         await downloadArchive(resolved.artifactUrl, archivePath);
         verifyArchiveIntegrity(archivePath, resolved.resolvedRevision, resolved.source);
         integrity = await computeFileHash(archivePath);
         extractTarGzSecure(archivePath, extractedDir);
+        audit = runInstallAuditOrThrow(extractedDir, resolved.source, resolved.ref, registryLabels, config);
         provisionalKitRoot = detectStashRoot(extractedDir);
         installRoot = applyAkmIncludeConfig(provisionalKitRoot, cacheDir, extractedDir) ?? provisionalKitRoot;
         stashRoot = detectStashRoot(installRoot);
@@ -86,11 +98,18 @@ export async function installRegistryRef(ref, options) {
         extractedDir,
         stashRoot,
         integrity,
+        audit,
     };
 }
-async function installLocalRegistryRef(parsed, options) {
+async function installLocalRegistryRef(parsed, config, options) {
     const resolved = await resolveRegistryArtifact(parsed);
     const installedAt = (options?.now ?? new Date()).toISOString();
+    const registryLabels = deriveRegistryLabels({
+        source: resolved.source,
+        ref: resolved.ref,
+        artifactUrl: resolved.artifactUrl,
+    });
+    const audit = runInstallAuditOrThrow(parsed.sourcePath, resolved.source, resolved.ref, registryLabels, config);
     // For local directories, detect the stash root within the source path.
     // If no nested stash is found, the source path itself is used.
     const stashRoot = detectStashRoot(parsed.sourcePath);
@@ -105,10 +124,18 @@ async function installLocalRegistryRef(parsed, options) {
         cacheDir: parsed.sourcePath,
         extractedDir: parsed.sourcePath,
         stashRoot,
+        audit,
     };
 }
-async function installGitRegistryRef(parsed, options) {
+async function installGitRegistryRef(parsed, config, options) {
     const resolved = await resolveRegistryArtifact(parsed);
+    const registryLabels = deriveRegistryLabels({
+        source: resolved.source,
+        ref: resolved.ref,
+        artifactUrl: resolved.artifactUrl,
+        gitUrl: parsed.url,
+    });
+    enforceRegistryInstallPolicy(registryLabels, config, parsed.ref);
     const installedAt = (options?.now ?? new Date()).toISOString();
     const cacheRootDir = options?.cacheRootDir ?? getRegistryCacheRootDir();
     const cacheDir = buildInstallCacheDir(cacheRootDir, parsed.source, parsed.id, resolved.resolvedRevision);
@@ -121,6 +148,7 @@ async function installGitRegistryRef(parsed, options) {
             const installRoot = applyAkmIncludeConfig(provisionalKitRoot, cacheDir, extractedDir) ?? provisionalKitRoot;
             const stashRoot = detectStashRoot(installRoot);
             if (stashRoot) {
+                const audit = runInstallAuditOrThrow(extractedDir, resolved.source, resolved.ref, registryLabels, config);
                 return {
                     id: resolved.id,
                     source: resolved.source,
@@ -132,6 +160,7 @@ async function installGitRegistryRef(parsed, options) {
                     cacheDir,
                     extractedDir,
                     stashRoot,
+                    audit,
                 };
             }
         }
@@ -147,6 +176,7 @@ async function installGitRegistryRef(parsed, options) {
     let provisionalKitRoot;
     let installRoot;
     let stashRoot;
+    let audit;
     try {
         const cloneArgs = ["clone", "--depth", "1"];
         if (parsed.requestedRef) {
@@ -163,6 +193,7 @@ async function installGitRegistryRef(parsed, options) {
         copyDirectoryContents(cloneDir, extractedDir);
         // Clean up the clone dir
         fs.rmSync(cloneDir, { recursive: true, force: true });
+        audit = runInstallAuditOrThrow(extractedDir, resolved.source, resolved.ref, registryLabels, config);
         provisionalKitRoot = detectStashRoot(extractedDir);
         installRoot = applyAkmIncludeConfig(provisionalKitRoot, cacheDir, extractedDir) ?? provisionalKitRoot;
         stashRoot = detectStashRoot(installRoot);
@@ -189,10 +220,11 @@ async function installGitRegistryRef(parsed, options) {
         cacheDir,
         extractedDir,
         stashRoot,
+        audit,
     };
 }
 export function upsertInstalledRegistryEntry(entry) {
-    const current = loadConfig();
+    const current = loadUserConfig();
     const currentInstalled = current.installed ?? [];
     const withoutExisting = currentInstalled.filter((item) => item.id !== entry.id);
     const nextInstalled = [...withoutExisting, normalizeInstalledEntry(entry)];
@@ -204,7 +236,7 @@ export function upsertInstalledRegistryEntry(entry) {
     return nextConfig;
 }
 export function removeInstalledRegistryEntry(id) {
-    const current = loadConfig();
+    const current = loadUserConfig();
     const currentInstalled = current.installed ?? [];
     const nextInstalled = currentInstalled.filter((item) => item.id !== id);
     const nextConfig = {
@@ -462,3 +494,10 @@ async function computeFileHash(filePath) {
     const hash = createHash("sha256").update(data).digest("hex");
     return `sha256:${hash}`;
 }
+function runInstallAuditOrThrow(rootDir, source, ref, registryLabels, config) {
+    const audit = auditInstallCandidate({ rootDir, source, ref, registryLabels, config });
+    if (audit.blocked) {
+        throw new Error(formatInstallAuditFailure(ref, audit));
+    }
+    return audit;
+}

package/dist/setup.js

@@ -8,7 +8,7 @@
 import path from "node:path";
 import * as p from "@clack/prompts";
 import { isHttpUrl } from "./common";
-import { DEFAULT_CONFIG, getConfigPath, loadConfig, saveConfig } from "./config";
+import { DEFAULT_CONFIG, getConfigPath, loadUserConfig, saveConfig } from "./config";
 import { closeDatabase, isVecAvailable, openDatabase } from "./db";
 import { detectAgentPlatforms, detectOllama, detectOpenViking } from "./detect";
 import { checkEmbeddingAvailability, DEFAULT_LOCAL_MODEL, isTransformersAvailable } from "./embedder";
@@ -568,7 +568,7 @@ async function stepAgentPlatforms(current) {
 // ── Main Wizard ─────────────────────────────────────────────────────────────
 export async function runSetupWizard() {
     p.intro("akm setup");
-    const current = loadConfig();
+    const current = loadUserConfig();
     const configPath = getConfigPath();
     // Step 1: Stash directory
     p.log.step("Step 1: Stash Directory");

package/dist/stash-add.js

@@ -1,7 +1,7 @@
 import fs from "node:fs";
 import path from "node:path";
 import { isHttpUrl, resolveStashDir } from "./common";
-import { loadConfig, saveConfig } from "./config";
+import { loadConfig, loadUserConfig, saveConfig } from "./config";
 import { UsageError } from "./errors";
 import { akmIndex } from "./indexer";
 import { upsertLockEntry } from "./lockfile";
@@ -36,7 +36,7 @@ export async function akmAdd(input) {
 async function addLocalStashSource(ref, sourcePath, stashDir) {
     const stashRoot = detectStashRoot(sourcePath);
     const resolvedPath = path.resolve(stashRoot);
-    const config = loadConfig();
+    const config = loadUserConfig();
     // Check for duplicates in stashes[]
     const stashes = [...(config.stashes ?? [])];
     const existing = stashes.find((s) => s.type === "filesystem" && s.path && path.resolve(s.path) === resolvedPath);
@@ -75,7 +75,7 @@ async function addLocalStashSource(ref, sourcePath, stashDir) {
 }
 async function addWebsiteStashSource(ref, stashDir, name, options) {
     const normalizedUrl = validateWebsiteInputUrl(ref);
-    const config = loadConfig();
+    const config = loadUserConfig();
     const stashes = [...(config.stashes ?? [])];
     let entry = stashes.find((stash) => stash.type === "website" && stash.url === normalizedUrl);
     if (!entry) {
@@ -167,6 +167,7 @@ async function addRegistryKit(ref, stashDir) {
             cacheDir: installed.cacheDir,
             extractedDir: installed.extractedDir,
             installedAt: installed.installedAt,
+            audit: installed.audit,
         },
         config: {
             stashCount: config.stashes?.length ?? 0,

package/dist/stash-source-manage.js

@@ -1,5 +1,5 @@
 import path from "node:path";
-import { loadConfig, saveConfig } from "./config";
+import { loadConfig, loadUserConfig, saveConfig } from "./config";
 import { UsageError } from "./errors";
 import { resolveStashSources } from "./search-source";
 // ── Operations ──────────────────────────────────────────────────────────────
@@ -12,7 +12,7 @@ import { resolveStashSources } from "./search-source";
  */
 export function addStash(opts) {
     const { target, name, providerType, options: providerOptions } = opts;
-    const config = loadConfig();
+    const config = loadUserConfig();
     const stashes = [...(config.stashes ?? [])];
     const isUrl = target.startsWith("http://") || target.startsWith("https://");
     let entry;
@@ -49,7 +49,7 @@ export function addStash(opts) {
  * Match priority: URL > path > name (most specific first).
  */
 export function removeStash(target) {
-    const config = loadConfig();
+    const config = loadUserConfig();
     const stashes = [...(config.stashes ?? [])];
     const isUrl = target.startsWith("http://") || target.startsWith("https://");
     const resolvedPath = !isUrl ? path.resolve(target) : undefined;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "akm-cli",
-  "version": "0.3.1",
+  "version": "0.4.1",
   "type": "module",
   "description": "akm (Agent Kit Manager) — A package manager for AI agent skills, commands, tools, and knowledge. Works with Claude Code, OpenCode, Cursor, and any AI coding assistant.",
   "keywords": [