akm-cli 0.5.0 → 0.6.0-rc2

package/dist/migration-help.js

@@ -1,110 +0,0 @@
-import fs from "node:fs";
-import path from "node:path";
-const CHANGELOG_URL = "https://github.com/itlackey/akm/blob/main/CHANGELOG.md";
-const EMBEDDED_MIGRATION_GUIDES = {
-    "0.5.0": `Migration notes for akm v0.5.0
-
-- New top-level surfaces: \`akm wiki …\`, \`akm workflow …\`, \`akm vault …\`, and \`akm save\`.
-- If you tried the unreleased single-wiki LLM prototype, move to the new \`akm wiki …\` workflow.
-- Removed from the prototype surface: \`akm lint\`, \`akm import --llm\`, \`akm import --dry-run\`, \`knowledge.pageKinds\`, and the old ingest/lint LLM prompts.
-- Existing raw wiki-like content should be moved into \`wikis/<name>/raw/\` and then managed with the new wiki commands.
-`,
-    "0.3.0": `Migration notes for akm v0.3.0
-
-- The old \`stash\` and \`kit\` command groups were folded into the top-level CLI.
-- Use \`akm add\`, \`akm list\`, and \`akm remove\` instead of the older split command surfaces.
-- Documentation and examples from older releases should be updated to the unified source model.
-`,
-    "0.2.0": `Migration notes for akm v0.2.0
-
-- Asset refs are user-facing \`type:name\` values; do not rely on URI-style refs.
-- The old fixed asset-type union was replaced by an extensible asset type system.
-- \`tool\` assets were removed; use \`script\` assets instead.
-- Config and docs should treat remote provider scores and local scores as part of one shared search pipeline.
-`,
-    "0.1.0": `Migration notes for akm v0.1.0
-
-- The package and project were rebranded from Agent-i-Kit to akm.
-- Update package references from \`agent-i-kit\` to \`akm-cli\`.
-- Update config, registry, plugin, path, and environment-variable references from \`agent-i-kit\` / \`AGENT_I_KIT_*\` to \`akm\` / \`AKM_*\`.
-- The \`tool\` asset type and \`submit\` command were removed.
-`,
-    "0.0.13": `Migration notes for akm v0.0.13
-
-- Initial public release.
-- No migration steps are required for earlier akm versions.
-`,
-};
-function loadChangelog() {
-    try {
-        const changelogPath = path.resolve(import.meta.dir, "../CHANGELOG.md");
-        if (fs.existsSync(changelogPath)) {
-            return fs.readFileSync(changelogPath, "utf8");
-        }
-    }
-    catch {
-        // fall through to embedded notes
-    }
-    return undefined;
-}
-function escapeRegexString(value) {
-    return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
-function normalizeRequestedVersion(input) {
-    const value = input.trim();
-    if (!value)
-        return value;
-    if (value.toLowerCase() === "latest")
-        return "latest";
-    const withoutV = value.replace(/^v/i, "");
-    return withoutV;
-}
-function versionCandidates(requested) {
-    if (requested === "latest")
-        return ["latest"];
-    const exact = requested;
-    const stable = requested.replace(/[-+].*$/, "");
-    return stable === exact ? [exact] : [exact, stable];
-}
-function resolveLatestVersion(changelog) {
-    for (const match of changelog.matchAll(/^## \[([^\]]+)\]/gm)) {
-        const version = match[1];
-        if (version !== "Unreleased")
-            return version;
-    }
-    return undefined;
-}
-function extractChangelogSection(changelog, version) {
-    const pattern = new RegExp(`^## \\[${escapeRegexString(version)}\\][^\\n]*\\n([\\s\\S]*?)(?=^## \\[|\\Z)`, "m");
-    const match = changelog.match(pattern);
-    if (!match)
-        return undefined;
-    return `## [${version}]\n${match[1].trim()}\n`;
-}
-function fallbackGuide(version) {
-    const embedded = EMBEDDED_MIGRATION_GUIDES[version];
-    if (embedded)
-        return `${embedded.trim()}\n\nFull changelog: ${CHANGELOG_URL}\n`;
-    return `No dedicated migration note is bundled for akm v${version}.\n\nSee the full changelog: ${CHANGELOG_URL}\n`;
-}
-export function renderMigrationHelp(versionInput, changelogText = loadChangelog()) {
-    const requested = normalizeRequestedVersion(versionInput);
-    if (!requested) {
-        return `Version is required.\n\nUsage: akm help migrate <version>\n`;
-    }
-    const resolvedLatest = changelogText ? resolveLatestVersion(changelogText) : undefined;
-    const candidates = requested === "latest" && resolvedLatest ? [resolvedLatest] : versionCandidates(requested);
-    if (changelogText) {
-        for (const candidate of candidates) {
-            const section = extractChangelogSection(changelogText, candidate);
-            if (section) {
-                const embedded = EMBEDDED_MIGRATION_GUIDES[candidate];
-                if (!embedded)
-                    return `${section.trim()}\n\nFull changelog: ${CHANGELOG_URL}\n`;
-                return `${embedded.trim()}\n\nRelease notes\n-------------\n${section.trim()}\n\nFull changelog: ${CHANGELOG_URL}\n`;
-            }
-        }
-    }
-    const fallbackVersion = candidates.find((candidate) => candidate !== "latest") ?? requested;
-    return fallbackGuide(fallbackVersion);
-}

package/dist/registry-factory.js

@@ -1,19 +0,0 @@
-/**
- * Registry provider factory map.
- *
- * Maps registry provider type identifiers (e.g. "static-index", "skills-sh")
- * to factory functions that create RegistryProvider instances.
- *
- * "Registry" here refers to the kit discovery registries (npm, GitHub, static
- * index files) — not to be confused with the stash provider factory map in
- * stash-provider-factory.ts or the installed-kit operations in installed-kits.ts.
- */
-import { createProviderRegistry } from "./create-provider-registry";
-// ── Factory map ─────────────────────────────────────────────────────────────
-const registry = createProviderRegistry();
-export function registerProvider(type, factory) {
-    registry.register(type, factory);
-}
-export function resolveProviderFactory(type) {
-    return registry.resolve(type);
-}

package/dist/registry-install.js

@@ -1,532 +0,0 @@
-import { spawnSync } from "node:child_process";
-import { createHash } from "node:crypto";
-import fs from "node:fs";
-import path from "node:path";
-import { TYPE_DIRS } from "./asset-spec";
-import { fetchWithRetry, isWithin } from "./common";
-import { loadConfig, loadUserConfig, saveConfig } from "./config";
-import { auditInstallCandidate, deriveRegistryLabels, enforceRegistryInstallPolicy, formatInstallAuditFailure, } from "./install-audit";
-import { copyIncludedPaths, findNearestIncludeConfig } from "./kit-include";
-import { getRegistryCacheDir as _getRegistryCacheDir } from "./paths";
-import { parseRegistryRef, resolveRegistryArtifact, validateGitRef, validateGitUrl } from "./registry-resolve";
-import { warn } from "./warn";
-const REGISTRY_STASH_DIR_NAMES = new Set(Object.values(TYPE_DIRS));
-export async function installRegistryRef(ref, options) {
-    const parsed = parseRegistryRef(ref);
-    const config = loadConfig();
-    if (parsed.source === "local") {
-        return installLocalRegistryRef(parsed, config, options);
-    }
-    if (parsed.source === "git") {
-        return installGitRegistryRef(parsed, config, options);
-    }
-    if (parsed.source === "github") {
-        return installGithubRegistryRef(parsed, config, options);
-    }
-    const resolved = await resolveRegistryArtifact(parsed);
-    const registryLabels = deriveRegistryLabels({
-        source: resolved.source,
-        ref: resolved.ref,
-        artifactUrl: resolved.artifactUrl,
-    });
-    enforceRegistryInstallPolicy(registryLabels, config, ref);
-    const installedAt = (options?.now ?? new Date()).toISOString();
-    const cacheRootDir = options?.cacheRootDir ?? getRegistryCacheRootDir();
-    const cacheDir = buildInstallCacheDir(cacheRootDir, resolved.source, resolved.id, resolved.resolvedVersion ?? resolved.resolvedRevision);
-    const archivePath = path.join(cacheDir, "artifact.tar.gz");
-    const extractedDir = path.join(cacheDir, "extracted");
-    // Check for cache hit: if extracted dir already exists and has a valid stash root, reuse it
-    if (isDirectory(extractedDir)) {
-        try {
-            const cachedStashRoot = detectStashRoot(extractedDir);
-            if (cachedStashRoot) {
-                const integrity = fs.existsSync(archivePath) ? await computeFileHash(archivePath) : undefined;
-                const audit = runInstallAuditOrThrow(extractedDir, resolved.source, resolved.ref, registryLabels, config, options);
-                return {
-                    id: resolved.id,
-                    source: resolved.source,
-                    ref: resolved.ref,
-                    artifactUrl: resolved.artifactUrl,
-                    resolvedVersion: resolved.resolvedVersion,
-                    resolvedRevision: resolved.resolvedRevision,
-                    installedAt,
-                    cacheDir,
-                    extractedDir,
-                    stashRoot: cachedStashRoot,
-                    integrity,
-                    writable: options?.writable,
-                    audit,
-                };
-            }
-        }
-        catch {
-            // Cache invalid, re-download
-        }
-    }
-    fs.mkdirSync(cacheDir, { recursive: true });
-    let integrity;
-    let provisionalKitRoot;
-    let installRoot;
-    let stashRoot;
-    let audit;
-    try {
-        await downloadArchive(resolved.artifactUrl, archivePath);
-        verifyArchiveIntegrity(archivePath, resolved.resolvedRevision, resolved.source);
-        integrity = await computeFileHash(archivePath);
-        extractTarGzSecure(archivePath, extractedDir);
-        audit = runInstallAuditOrThrow(extractedDir, resolved.source, resolved.ref, registryLabels, config, options);
-        provisionalKitRoot = detectStashRoot(extractedDir);
-        installRoot = applyAkmIncludeConfig(provisionalKitRoot, cacheDir, extractedDir) ?? provisionalKitRoot;
-        stashRoot = detectStashRoot(installRoot);
-    }
-    catch (err) {
-        // Clean up the cache directory so stale or partially-extracted artifacts
-        // don't cause false cache hits on the next install attempt.
-        try {
-            fs.rmSync(cacheDir, { recursive: true, force: true });
-        }
-        catch {
-            // Best-effort cleanup; ignore errors
-        }
-        throw err;
-    }
-    return {
-        id: resolved.id,
-        source: resolved.source,
-        ref: resolved.ref,
-        artifactUrl: resolved.artifactUrl,
-        resolvedVersion: resolved.resolvedVersion,
-        resolvedRevision: resolved.resolvedRevision,
-        installedAt,
-        cacheDir,
-        extractedDir,
-        stashRoot,
-        integrity,
-        writable: options?.writable,
-        audit,
-    };
-}
-async function installGithubRegistryRef(parsed, config, options) {
-    const gitParsed = {
-        source: "git",
-        ref: parsed.ref,
-        id: parsed.id,
-        url: `https://github.com/${parsed.owner}/${parsed.repo}.git`,
-        requestedRef: parsed.requestedRef,
-    };
-    const installed = await installGitRegistryRef(gitParsed, config, options);
-    return {
-        ...installed,
-        source: "github",
-    };
-}
-async function installLocalRegistryRef(parsed, config, options) {
-    const resolved = await resolveRegistryArtifact(parsed);
-    const installedAt = (options?.now ?? new Date()).toISOString();
-    const registryLabels = deriveRegistryLabels({
-        source: resolved.source,
-        ref: resolved.ref,
-        artifactUrl: resolved.artifactUrl,
-    });
-    const audit = runInstallAuditOrThrow(parsed.sourcePath, resolved.source, resolved.ref, registryLabels, config, options);
-    // For local directories, detect the stash root within the source path.
-    // If no nested stash is found, the source path itself is used.
-    const stashRoot = detectStashRoot(parsed.sourcePath);
-    return {
-        id: resolved.id,
-        source: resolved.source,
-        ref: resolved.ref,
-        artifactUrl: resolved.artifactUrl,
-        resolvedVersion: resolved.resolvedVersion,
-        resolvedRevision: resolved.resolvedRevision,
-        installedAt,
-        cacheDir: parsed.sourcePath,
-        extractedDir: parsed.sourcePath,
-        stashRoot,
-        writable: options?.writable,
-        audit,
-    };
-}
-async function installGitRegistryRef(parsed, config, options) {
-    const resolved = await resolveRegistryArtifact(parsed);
-    const registryLabels = deriveRegistryLabels({
-        source: resolved.source,
-        ref: resolved.ref,
-        artifactUrl: resolved.artifactUrl,
-        gitUrl: parsed.url,
-    });
-    enforceRegistryInstallPolicy(registryLabels, config, parsed.ref);
-    const installedAt = (options?.now ?? new Date()).toISOString();
-    const cacheRootDir = options?.cacheRootDir ?? getRegistryCacheRootDir();
-    const cacheDir = buildInstallCacheDir(cacheRootDir, parsed.source, parsed.id, resolved.resolvedRevision);
-    const cloneDir = path.join(cacheDir, "clone");
-    const extractedDir = path.join(cacheDir, "extracted");
-    // Check for cache hit
-    if (isDirectory(extractedDir)) {
-        try {
-            const provisionalKitRoot = detectStashRoot(extractedDir);
-            const installRoot = applyAkmIncludeConfig(provisionalKitRoot, cacheDir, extractedDir) ?? provisionalKitRoot;
-            const stashRoot = detectStashRoot(installRoot);
-            if (stashRoot) {
-                const audit = runInstallAuditOrThrow(extractedDir, resolved.source, resolved.ref, registryLabels, config, options);
-                return {
-                    id: resolved.id,
-                    source: resolved.source,
-                    ref: resolved.ref,
-                    artifactUrl: resolved.artifactUrl,
-                    resolvedVersion: resolved.resolvedVersion,
-                    resolvedRevision: resolved.resolvedRevision,
-                    installedAt,
-                    cacheDir,
-                    extractedDir,
-                    stashRoot,
-                    writable: options?.writable,
-                    audit,
-                };
-            }
-        }
-        catch {
-            // Cache invalid, re-clone
-        }
-    }
-    fs.mkdirSync(cacheDir, { recursive: true });
-    // Validate URL and ref before passing to git to prevent command injection
-    validateGitUrl(parsed.url);
-    if (parsed.requestedRef)
-        validateGitRef(parsed.requestedRef);
-    let provisionalKitRoot;
-    let installRoot;
-    let stashRoot;
-    let audit;
-    try {
-        const cloneArgs = ["clone", "--depth", "1"];
-        if (parsed.requestedRef) {
-            cloneArgs.push("--branch", parsed.requestedRef);
-        }
-        cloneArgs.push(parsed.url, cloneDir);
-        const cloneResult = spawnSync("git", cloneArgs, { encoding: "utf8", timeout: 120_000 });
-        if (cloneResult.status !== 0) {
-            const err = cloneResult.stderr?.trim() || cloneResult.error?.message || "unknown error";
-            throw new Error(`Failed to clone ${parsed.url}: ${err}`);
-        }
-        // Copy contents to extracted dir without .git
-        fs.mkdirSync(extractedDir, { recursive: true });
-        copyDirectoryContents(cloneDir, extractedDir);
-        // Clean up the clone dir
-        fs.rmSync(cloneDir, { recursive: true, force: true });
-        audit = runInstallAuditOrThrow(extractedDir, resolved.source, resolved.ref, registryLabels, config, options);
-        provisionalKitRoot = detectStashRoot(extractedDir);
-        installRoot = applyAkmIncludeConfig(provisionalKitRoot, cacheDir, extractedDir) ?? provisionalKitRoot;
-        stashRoot = detectStashRoot(installRoot);
-    }
-    catch (err) {
-        // Clean up the cache directory so stale or partially-cloned artifacts
-        // don't cause false cache hits on the next install attempt.
-        try {
-            fs.rmSync(cacheDir, { recursive: true, force: true });
-        }
-        catch {
-            // Best-effort cleanup; ignore errors
-        }
-        throw err;
-    }
-    return {
-        id: resolved.id,
-        source: resolved.source,
-        ref: resolved.ref,
-        artifactUrl: resolved.artifactUrl,
-        resolvedVersion: resolved.resolvedVersion,
-        resolvedRevision: resolved.resolvedRevision,
-        installedAt,
-        cacheDir,
-        extractedDir,
-        stashRoot,
-        writable: options?.writable,
-        audit,
-    };
-}
-export function upsertInstalledRegistryEntry(entry) {
-    const current = loadUserConfig();
-    const currentInstalled = current.installed ?? [];
-    const withoutExisting = currentInstalled.filter((item) => item.id !== entry.id);
-    const nextInstalled = [...withoutExisting, normalizeInstalledEntry(entry)];
-    const nextConfig = {
-        ...current,
-        installed: nextInstalled,
-    };
-    saveConfig(nextConfig);
-    return nextConfig;
-}
-export function removeInstalledRegistryEntry(id) {
-    const current = loadUserConfig();
-    const currentInstalled = current.installed ?? [];
-    const nextInstalled = currentInstalled.filter((item) => item.id !== id);
-    const nextConfig = {
-        ...current,
-        installed: nextInstalled.length > 0 ? nextInstalled : undefined,
-    };
-    saveConfig(nextConfig);
-    return nextConfig;
-}
-export function getRegistryCacheRootDir() {
-    return _getRegistryCacheDir();
-}
-export function detectStashRoot(extractedDir) {
-    const root = path.resolve(extractedDir);
-    const rootDotStash = path.join(root, ".stash");
-    if (isDirectory(rootDotStash)) {
-        return root;
-    }
-    if (hasStashDirs(root)) {
-        return root;
-    }
-    const shallowest = findShallowestStashRoot(root);
-    if (shallowest)
-        return shallowest;
-    return root;
-}
-function buildInstallCacheDir(cacheRootDir, source, id, version) {
-    const slug = `${source}-${id.replace(/[^a-zA-Z0-9_.-]+/g, "-").replace(/^-+|-+$/g, "")}`;
-    const versionSlug = source === "local"
-        ? `${Date.now()}-${Math.random().toString(36).slice(2, 10)}`
-        : (version?.replace(/[^a-zA-Z0-9_.-]+/g, "-") ?? `${Date.now()}-${Math.random().toString(36).slice(2, 10)}`);
-    return path.join(cacheRootDir, slug || source, versionSlug);
-}
-function applyAkmIncludeConfig(sourceRoot, cacheDir, searchRoot = sourceRoot) {
-    const includeConfig = findNearestIncludeConfig(sourceRoot, searchRoot);
-    if (!includeConfig)
-        return undefined;
-    const selectedDir = path.join(cacheDir, "selected");
-    fs.rmSync(selectedDir, { recursive: true, force: true });
-    fs.mkdirSync(selectedDir, { recursive: true });
-    copyIncludedPaths(includeConfig.include, includeConfig.baseDir, selectedDir);
-    return selectedDir;
-}
-async function downloadArchive(url, destination) {
-    const response = await fetchWithRetry(url, undefined, { timeout: 120_000 });
-    if (!response.ok) {
-        throw new Error(`Failed to download archive (${response.status}) from ${url}`);
-    }
-    // Stream response to disk instead of buffering the entire archive in memory.
-    // Uses Bun.write which handles Response streaming natively.
-    const BunRuntime = globalThis
-        .Bun;
-    if (BunRuntime?.write) {
-        await BunRuntime.write(destination, response);
-    }
-    else {
-        // Fallback for non-Bun environments (e.g., tests)
-        const arrayBuffer = await response.arrayBuffer();
-        fs.writeFileSync(destination, Buffer.from(arrayBuffer));
-    }
-}
-export function verifyArchiveIntegrity(archivePath, expected, source) {
-    if (!expected)
-        return;
-    // For GitHub and git sources, resolvedRevision is a commit SHA, not a content hash.
-    // Content integrity cannot be verified from a commit hash, so skip verification.
-    if (source === "github" || source === "git")
-        return;
-    const fileBuffer = fs.readFileSync(archivePath);
-    // SRI hash format: sha256-<base64> or sha512-<base64>
-    if (expected.startsWith("sha256-") || expected.startsWith("sha512-")) {
-        const dashIndex = expected.indexOf("-");
-        const algorithm = expected.slice(0, dashIndex);
-        const expectedBase64 = expected.slice(dashIndex + 1);
-        const actualBase64 = createHash(algorithm).update(fileBuffer).digest("base64");
-        if (actualBase64 !== expectedBase64) {
-            fs.unlinkSync(archivePath);
-            throw new Error(`Integrity check failed for ${archivePath}: expected ${algorithm} digest ${expectedBase64}, got ${actualBase64}`);
-        }
-        return;
-    }
-    // Hex shasum (SHA-1 from npm)
-    if (/^[0-9a-f]{40}$/i.test(expected)) {
-        const actualHex = createHash("sha1").update(fileBuffer).digest("hex");
-        if (actualHex.toLowerCase() !== expected.toLowerCase()) {
-            fs.unlinkSync(archivePath);
-            throw new Error(`Integrity check failed for ${archivePath}: expected sha1 ${expected}, got ${actualHex}`);
-        }
-        return;
-    }
-    // Unrecognized format — warn and skip verification
-    warn("Unrecognized integrity format: %s — verification skipped", expected);
-}
-export function extractTarGzSecure(archivePath, destinationDir) {
-    const listResult = spawnSync("tar", ["tzf", archivePath], { encoding: "utf8" });
-    if (listResult.status !== 0) {
-        const err = listResult.stderr?.trim() || listResult.error?.message || "unknown error";
-        throw new Error(`Failed to inspect archive ${archivePath}: ${err}`);
-    }
-    validateTarEntries(listResult.stdout);
-    fs.rmSync(destinationDir, { recursive: true, force: true });
-    fs.mkdirSync(destinationDir, { recursive: true });
-    const extractResult = spawnSync("tar", ["xzf", archivePath, "--no-same-owner", "--strip-components=1", "-C", destinationDir], { encoding: "utf8" });
-    if (extractResult.status !== 0) {
-        const err = extractResult.stderr?.trim() || extractResult.error?.message || "unknown error";
-        throw new Error(`Failed to extract archive ${archivePath}: ${err}`);
-    }
-    // Post-extraction scan: verify all extracted files are within destinationDir
-    // This mitigates TOCTOU between validateTarEntries (list) and tar extract.
-    scanExtractedFiles(destinationDir, destinationDir);
-}
-function scanExtractedFiles(dir, root) {
-    let entries;
-    try {
-        entries = fs.readdirSync(dir, { withFileTypes: true });
-    }
-    catch {
-        return;
-    }
-    for (const entry of entries) {
-        const fullPath = path.join(dir, entry.name);
-        // Check for ".." segments in names (e.g. symlink tricks or crafted filenames)
-        if (entry.name.includes("..")) {
-            throw new Error(`Post-extraction scan: suspicious entry name: ${fullPath}`);
-        }
-        // Resolve symlinks to detect escapes outside the destination directory
-        if (entry.isSymbolicLink()) {
-            const target = fs.realpathSync(fullPath);
-            if (!isWithin(target, root)) {
-                throw new Error(`Post-extraction scan: symlink escapes destination directory: ${fullPath} -> ${target}`);
-            }
-        }
-        if (entry.isDirectory()) {
-            scanExtractedFiles(fullPath, root);
-        }
-    }
-}
-export function validateTarEntries(listOutput) {
-    const lines = listOutput.split(/\r?\n/).filter(Boolean);
-    for (const rawLine of lines) {
-        const entry = rawLine.trim();
-        if (!entry || entry.includes("\0")) {
-            throw new Error(`Archive contains an invalid entry: ${JSON.stringify(rawLine)}`);
-        }
-        if (entry.startsWith("/")) {
-            throw new Error(`Archive contains an absolute path entry: ${entry}`);
-        }
-        const normalized = path.posix.normalize(entry);
-        if (normalized === ".." || normalized.startsWith("../")) {
-            throw new Error(`Archive contains a path traversal entry: ${entry}`);
-        }
-        const parts = normalized.split("/").filter(Boolean);
-        const stripped = parts.slice(1).join("/");
-        if (!stripped)
-            continue;
-        const normalizedStripped = path.posix.normalize(stripped);
-        if (normalizedStripped === ".." ||
-            normalizedStripped.startsWith("../") ||
-            path.posix.isAbsolute(normalizedStripped)) {
-            throw new Error(`Archive contains an unsafe entry after strip-components: ${entry}`);
-        }
-    }
-}
-function isDirectory(target) {
-    try {
-        return fs.statSync(target).isDirectory();
-    }
-    catch {
-        return false;
-    }
-}
-function hasStashDirs(dirPath) {
-    if (!isDirectory(dirPath))
-        return false;
-    const entries = fs.readdirSync(dirPath, { withFileTypes: true });
-    return entries.some((entry) => entry.isDirectory() && REGISTRY_STASH_DIR_NAMES.has(entry.name));
-}
-function countStashDirs(dirPath) {
-    if (!isDirectory(dirPath))
-        return 0;
-    const entries = fs.readdirSync(dirPath, { withFileTypes: true });
-    return entries.filter((entry) => entry.isDirectory() && REGISTRY_STASH_DIR_NAMES.has(entry.name)).length;
-}
-/**
- * BFS to find the shallowest directory that looks like a stash root.
- * Checks for both `.stash` directories and well-known type directories
- * (scripts/, skills/, etc.), so nested layouts like `project/my-kit/scripts/`
- * are discovered even without a `.stash` marker.
- *
- * Skips `root` itself since the caller already checked it via `hasStashDirs`.
- */
-const BFS_MAX_DEPTH = 5;
-function findShallowestStashRoot(root) {
-    const queue = [{ dir: root, depth: 0 }];
-    while (queue.length > 0) {
-        const item = queue.shift();
-        if (!item) {
-            continue;
-        }
-        const { dir: current, depth } = item;
-        if (current !== root) {
-            // .stash directory is a strong stash marker
-            if (isDirectory(path.join(current, ".stash"))) {
-                return current;
-            }
-            // Require 2+ type dirs for BFS candidates to avoid false positives.
-            // A single "scripts/" is too common (skill dirs, npm packages, etc.).
-            if (countStashDirs(current) >= 2) {
-                return current;
-            }
-        }
-        if (depth >= BFS_MAX_DEPTH)
-            continue;
-        let children;
-        try {
-            children = fs.readdirSync(current, { withFileTypes: true });
-        }
-        catch {
-            continue;
-        }
-        for (const child of children) {
-            if (!child.isDirectory())
-                continue;
-            if (child.name === ".git" || child.name === "node_modules")
-                continue;
-            queue.push({ dir: path.join(current, child.name), depth: depth + 1 });
-        }
-    }
-    return undefined;
-}
-function normalizeInstalledEntry(entry) {
-    return {
-        ...entry,
-        stashRoot: path.resolve(entry.stashRoot),
-        cacheDir: path.resolve(entry.cacheDir),
-    };
-}
-function copyDirectoryContents(sourceDir, destinationDir) {
-    for (const entry of fs.readdirSync(sourceDir, { withFileTypes: true })) {
-        if (entry.name === ".git")
-            continue;
-        const src = path.join(sourceDir, entry.name);
-        const dest = path.join(destinationDir, entry.name);
-        fs.mkdirSync(path.dirname(dest), { recursive: true });
-        if (entry.isDirectory()) {
-            fs.cpSync(src, dest, { recursive: true, force: true });
-        }
-        else {
-            fs.copyFileSync(src, dest);
-        }
-    }
-}
-async function computeFileHash(filePath) {
-    const data = fs.readFileSync(filePath);
-    const hash = createHash("sha256").update(data).digest("hex");
-    return `sha256:${hash}`;
-}
-function runInstallAuditOrThrow(rootDir, source, ref, registryLabels, config, options) {
-    const audit = auditInstallCandidate({
-        rootDir,
-        source,
-        ref,
-        registryLabels,
-        config,
-        trustThisInstall: options?.trustThisInstall,
-    });
-    if (audit.blocked) {
-        throw new Error(formatInstallAuditFailure(ref, audit));
-    }
-    return audit;
-}

package/dist/ripgrep.js

@@ -1,2 +0,0 @@
-export { ensureRg } from "./ripgrep-install";
-export { isRgAvailable, resolveRg } from "./ripgrep-resolve";