ctxbin 0.1.0

package/dist/index.js

@@ -0,0 +1,694 @@
+#!/usr/bin/env node
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  CtxbinError: () => CtxbinError,
+  SKILLPACK_HEADER: () => SKILLPACK_HEADER,
+  SKILLREF_HEADER: () => SKILLREF_HEADER,
+  createSkillpackFromDir: () => createSkillpackFromDir,
+  createSkillrefValue: () => createSkillrefValue,
+  detectSkillValueType: () => detectSkillValueType,
+  formatError: () => formatError,
+  loadSkillrefToDir: () => loadSkillrefToDir,
+  normalizeGithubUrl: () => normalizeGithubUrl,
+  normalizeSkillPath: () => normalizeSkillPath,
+  parseSkillrefValue: () => parseSkillrefValue,
+  resolveSaveInput: () => resolveSaveInput,
+  safeChmod: () => safeChmod,
+  validateCommitSha: () => validateCommitSha
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/validators.ts
+var import_node_path = __toESM(require("path"));
+
+// src/errors.ts
+var CtxbinError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.code = code;
+  }
+};
+function fail(code, message) {
+  throw new CtxbinError(code, message);
+}
+function formatError(err) {
+  if (err instanceof CtxbinError) {
+    return `CTXBIN_ERR ${err.code}: ${err.message}`;
+  }
+  const message = err instanceof Error ? err.message : String(err);
+  return `CTXBIN_ERR IO: ${message}`;
+}
+
+// src/validators.ts
+function normalizeGithubUrl(input) {
+  let url;
+  try {
+    url = new URL(input);
+  } catch {
+    return fail("INVALID_URL", "invalid URL");
+  }
+  if (url.protocol !== "https:") {
+    return fail("INVALID_URL", "URL must use https");
+  }
+  if (url.hostname !== "github.com") {
+    return fail("INVALID_URL", "only github.com is supported");
+  }
+  if (url.search || url.hash) {
+    return fail("INVALID_URL", "URL must not include query or hash");
+  }
+  const parts = url.pathname.split("/").filter(Boolean);
+  if (parts.length !== 2) {
+    return fail("INVALID_URL", "URL must be https://github.com/<owner>/<repo>");
+  }
+  const owner = parts[0];
+  let repo = parts[1];
+  if (repo.endsWith(".git")) {
+    repo = repo.slice(0, -4);
+  }
+  if (!owner || !repo) {
+    return fail("INVALID_URL", "URL must be https://github.com/<owner>/<repo>");
+  }
+  return `https://github.com/${owner}/${repo}`;
+}
+function validateCommitSha(ref) {
+  if (!/^[0-9a-f]{40}$/.test(ref)) {
+    return fail("INVALID_REF", "ref must be a 40-hex commit SHA");
+  }
+  return ref;
+}
+function normalizeSkillPath(input) {
+  const trimmed = input.trim();
+  if (!trimmed) {
+    return fail("INVALID_PATH", "path must be a non-empty directory path");
+  }
+  const cleaned = trimmed.replace(/\\/g, "/");
+  if (cleaned.startsWith("/")) {
+    return fail("INVALID_PATH", "path must be relative, not absolute");
+  }
+  const normalized = import_node_path.default.posix.normalize(cleaned).replace(/^\.\//, "");
+  if (normalized === "." || normalized === "") {
+    return fail("INVALID_PATH", "path must be a non-empty directory path");
+  }
+  if (normalized.startsWith("../") || normalized.includes("/../") || normalized === "..") {
+    return fail("INVALID_PATH", "path must not include .. segments");
+  }
+  if (normalized.endsWith("/")) {
+    return normalized.slice(0, -1);
+  }
+  return normalized;
+}
+function assertSafeTarPath(entryPath) {
+  const cleaned = entryPath.replace(/\\/g, "/");
+  if (cleaned.startsWith("/")) {
+    return fail("INVALID_PATH", `tar entry path must be relative: ${entryPath}`);
+  }
+  const normalized = import_node_path.default.posix.normalize(cleaned);
+  if (normalized.startsWith("../") || normalized === ".." || normalized.includes("/../")) {
+    return fail("INVALID_PATH", `tar entry path contains traversal: ${entryPath}`);
+  }
+}
+
+// src/constants.ts
+var SKILLPACK_HEADER = "ctxbin-skillpack@1\n";
+var SKILLREF_HEADER = "ctxbin-skillref@1\n";
+var MAX_SKILLPACK_BYTES = 7 * 1024 * 1024;
+var MAX_SKILLREF_DOWNLOAD_BYTES = 20 * 1024 * 1024;
+var MAX_SKILLREF_EXTRACT_BYTES = 100 * 1024 * 1024;
+var MAX_SKILLREF_FILES = 5e3;
+var SKILLREF_CONNECT_TIMEOUT_MS = 5e3;
+var SKILLREF_DOWNLOAD_TIMEOUT_MS = 3e4;
+var DEFAULT_EXCLUDES = [".git", "node_modules", ".DS_Store"];
+
+// src/value.ts
+function detectSkillValueType(value) {
+  if (value.startsWith(SKILLPACK_HEADER)) return "skillpack";
+  if (value.startsWith(SKILLREF_HEADER)) return "skillref";
+  return "string";
+}
+
+// src/skillpack.ts
+var import_promises4 = __toESM(require("fs/promises"));
+var import_node_fs = require("fs");
+var import_node_path4 = __toESM(require("path"));
+var import_node_os = __toESM(require("os"));
+var import_node_zlib = __toESM(require("zlib"));
+var import_promises5 = require("stream/promises");
+var import_tar2 = __toESM(require("tar"));
+
+// src/fs-ops.ts
+var import_promises2 = __toESM(require("fs/promises"));
+var import_node_path2 = __toESM(require("path"));
+
+// src/chmod.ts
+var import_promises = __toESM(require("fs/promises"));
+async function safeChmod(path6, mode) {
+  try {
+    await import_promises.default.chmod(path6, mode);
+  } catch (err) {
+    if (process.platform === "win32") {
+      return;
+    }
+    throw err;
+  }
+}
+
+// src/fs-ops.ts
+async function ensureDir(dir) {
+  await import_promises2.default.mkdir(dir, { recursive: true });
+}
+function toPosix(p) {
+  return p.split(import_node_path2.default.sep).join("/");
+}
+async function copyDirContents(src, dest) {
+  await ensureDir(dest);
+  const entries = await import_promises2.default.readdir(src, { withFileTypes: true });
+  for (const entry of entries) {
+    const srcPath = import_node_path2.default.join(src, entry.name);
+    const destPath = import_node_path2.default.join(dest, entry.name);
+    if (entry.isDirectory()) {
+      await copyDirContents(srcPath, destPath);
+      const stat = await import_promises2.default.stat(srcPath);
+      await safeChmod(destPath, stat.mode & 511);
+      continue;
+    }
+    if (entry.isFile()) {
+      await ensureDir(import_node_path2.default.dirname(destPath));
+      await import_promises2.default.copyFile(srcPath, destPath);
+      const stat = await import_promises2.default.stat(srcPath);
+      await safeChmod(destPath, stat.mode & 511);
+      continue;
+    }
+    return fail("IO", `unsupported file type during copy: ${srcPath}`);
+  }
+}
+
+// src/perm.ts
+var import_promises3 = __toESM(require("fs/promises"));
+var import_node_path3 = __toESM(require("path"));
+async function applyNormalizedPermissions(root, execSet) {
+  async function walk(absDir) {
+    const entries = await import_promises3.default.readdir(absDir, { withFileTypes: true });
+    for (const entry of entries) {
+      const absPath = import_node_path3.default.join(absDir, entry.name);
+      if (entry.isDirectory()) {
+        await safeChmod(absPath, 493);
+        await walk(absPath);
+        continue;
+      }
+      if (entry.isFile()) {
+        const rel = toPosix(import_node_path3.default.relative(root, absPath));
+        const mode = execSet.has(rel) ? 493 : 420;
+        await safeChmod(absPath, mode);
+        continue;
+      }
+      return fail("IO", `unsupported file type after extract: ${absPath}`);
+    }
+  }
+  await walk(root);
+}
+
+// src/tar-utils.ts
+var import_tar = __toESM(require("tar"));
+async function listTarEntries(file) {
+  const entries = [];
+  await import_tar.default.t({
+    file,
+    onentry(entry) {
+      entries.push({
+        path: entry.path,
+        type: entry.type,
+        size: entry.size ?? 0,
+        mode: entry.mode ?? 0
+      });
+    }
+  });
+  return entries;
+}
+
+// src/skillpack.ts
+async function createSkillpackFromDir(dirPath) {
+  const stats = await import_promises4.default.stat(dirPath).catch(() => null);
+  if (!stats || !stats.isDirectory()) {
+    return fail("INVALID_INPUT", `--dir is not a directory: ${dirPath}`);
+  }
+  const entries = await collectEntries(dirPath);
+  const tmpDir = await import_promises4.default.mkdtemp(import_node_path4.default.join(import_node_os.default.tmpdir(), "ctxbin-skillpack-"));
+  const tarPath = import_node_path4.default.join(tmpDir, "skillpack.tar.gz");
+  try {
+    const tarStream = import_tar2.default.c(
+      {
+        cwd: dirPath,
+        portable: true,
+        mtime: /* @__PURE__ */ new Date(0)
+      },
+      entries
+    );
+    const gzip = import_node_zlib.default.createGzip({ mtime: 0 });
+    await (0, import_promises5.pipeline)(tarStream, gzip, (0, import_node_fs.createWriteStream)(tarPath));
+    const stat = await import_promises4.default.stat(tarPath);
+    if (stat.size > MAX_SKILLPACK_BYTES) {
+      return fail(
+        "SIZE_LIMIT",
+        `skillpack tar.gz size ${stat.size} bytes exceeds ${MAX_SKILLPACK_BYTES} bytes`
+      );
+    }
+    const data = await import_promises4.default.readFile(tarPath);
+    const b64 = data.toString("base64");
+    return SKILLPACK_HEADER + b64;
+  } finally {
+    await import_promises4.default.rm(tmpDir, { recursive: true, force: true });
+  }
+}
+async function collectEntries(root) {
+  const results = [];
+  async function walk(absDir, relDir) {
+    const entries = await import_promises4.default.readdir(absDir, { withFileTypes: true });
+    entries.sort((a, b) => a.name.localeCompare(b.name));
+    for (const entry of entries) {
+      if (DEFAULT_EXCLUDES.includes(entry.name)) {
+        if (entry.isDirectory()) {
+          continue;
+        }
+        if (entry.isFile() && entry.name === ".DS_Store") {
+          continue;
+        }
+      }
+      const absPath = import_node_path4.default.join(absDir, entry.name);
+      const relPath = relDir ? import_node_path4.default.posix.join(relDir, entry.name) : entry.name;
+      const stat = await import_promises4.default.lstat(absPath);
+      if (stat.isSymbolicLink()) {
+        return fail("IO", `symlink not allowed in skillpack: ${absPath}`);
+      }
+      if (entry.isDirectory()) {
+        results.push(relPath);
+        await walk(absPath, relPath);
+        continue;
+      }
+      if (entry.isFile()) {
+        if (entry.name === ".DS_Store") {
+          continue;
+        }
+        results.push(relPath);
+        continue;
+      }
+      return fail("IO", `unsupported file type in skillpack: ${absPath}`);
+    }
+  }
+  await walk(root, "");
+  results.sort();
+  return results;
+}
+
+// src/skillref.ts
+var import_promises6 = __toESM(require("fs/promises"));
+var import_node_path5 = __toESM(require("path"));
+var import_node_os2 = __toESM(require("os"));
+var import_node_fs2 = require("fs");
+var import_tar3 = __toESM(require("tar"));
+var ALLOWED_TYPES = /* @__PURE__ */ new Set(["File", "Directory"]);
+function createSkillrefValue(url, skillPath, ref) {
+  const normalizedUrl = normalizeGithubUrl(url);
+  const normalizedPath = normalizeSkillPath(skillPath);
+  const payload = ref ? JSON.stringify({ url: normalizedUrl, path: normalizedPath, ref: validateCommitSha(ref) }) : JSON.stringify({ url: normalizedUrl, path: normalizedPath, track: "default" });
+  return SKILLREF_HEADER + payload;
+}
+function parseSkillrefValue(value) {
+  if (!value.startsWith(SKILLREF_HEADER)) {
+    return fail("TYPE_MISMATCH", "value is not a skillref");
+  }
+  const raw = value.slice(SKILLREF_HEADER.length);
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return fail("IO", "invalid skillref payload JSON");
+  }
+  if (!parsed || typeof parsed.url !== "string" || typeof parsed.path !== "string") {
+    return fail("IO", "invalid skillref payload fields");
+  }
+  const normalized = {
+    url: normalizeGithubUrl(parsed.url),
+    path: normalizeSkillPath(parsed.path)
+  };
+  if (typeof parsed.ref === "string") {
+    return { ...normalized, ref: validateCommitSha(parsed.ref) };
+  }
+  if (parsed.track === "default") {
+    return { ...normalized, track: "default" };
+  }
+  return fail("IO", "invalid skillref payload fields");
+}
+async function loadSkillrefToDir(value, targetDir) {
+  const skillref = parseSkillrefValue(value);
+  const resolvedRef = skillref.ref ?? await fetchDefaultBranch(skillref.url);
+  const tmpRoot = await import_promises6.default.mkdtemp(import_node_path5.default.join(import_node_os2.default.tmpdir(), "ctxbin-skillref-"));
+  const tarPath = import_node_path5.default.join(tmpRoot, "skillref.tar.gz");
+  try {
+    await downloadArchive(skillref.url, resolvedRef, tarPath);
+    const entries = await listTarEntries(tarPath).catch(() => fail("IO", "failed to parse tar archive"));
+    const analysis = analyzeEntries(entries, skillref.path);
+    const extractDir = import_node_path5.default.join(tmpRoot, "extract");
+    await ensureDir(extractDir);
+    const stripCount = 1 + skillref.path.split("/").length;
+    await import_tar3.default.x({
+      file: tarPath,
+      cwd: extractDir,
+      preserveOwner: false,
+      noMtime: true,
+      strip: stripCount,
+      filter: (p, entry) => {
+        const entryPath = entry?.path ?? p;
+        return isUnderPath(entryPath, analysis.prefix, skillref.path);
+      }
+    });
+    await applyNormalizedPermissions(extractDir, analysis.execSet);
+    await ensureDir(targetDir);
+    await copyDirContents(extractDir, targetDir);
+  } finally {
+    await import_promises6.default.rm(tmpRoot, { recursive: true, force: true });
+  }
+}
+async function downloadArchive(repoUrl, ref, outPath) {
+  const { owner, repo } = splitGithubUrl(repoUrl);
+  const url = `https://codeload.github.com/${owner}/${repo}/tar.gz/${ref}`;
+  const controller = new AbortController();
+  const totalTimer = setTimeout(() => controller.abort(), SKILLREF_DOWNLOAD_TIMEOUT_MS);
+  let res;
+  try {
+    res = await fetchWithRedirect(url, 1, controller, ["github.com", "codeload.github.com"]);
+  } catch (err) {
+    clearTimeout(totalTimer);
+    return fail("NETWORK", `download failed: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  if (!res.ok) {
+    clearTimeout(totalTimer);
+    const text = await res.text();
+    return fail("NETWORK", `download failed (${res.status}): ${text}`);
+  }
+  if (!res.body) {
+    clearTimeout(totalTimer);
+    return fail("NETWORK", "download failed: empty response body");
+  }
+  const fileStream = (0, import_node_fs2.createWriteStream)(outPath);
+  let total = 0;
+  let magic = Buffer.alloc(0);
+  try {
+    for await (const chunk of res.body) {
+      if (magic.length < 2) {
+        const needed = 2 - magic.length;
+        magic = Buffer.concat([magic, chunk.subarray(0, needed)]);
+        if (magic.length === 2) {
+          if (magic[0] !== 31 || magic[1] !== 139) {
+            fileStream.close();
+            controller.abort();
+            return fail("IO", "downloaded file is not gzip data");
+          }
+        }
+      }
+      total += chunk.length;
+      if (total > MAX_SKILLREF_DOWNLOAD_BYTES) {
+        fileStream.close();
+        controller.abort();
+        return fail(
+          "SIZE_LIMIT",
+          `downloaded archive size ${total} exceeds ${MAX_SKILLREF_DOWNLOAD_BYTES} bytes`
+        );
+      }
+      fileStream.write(chunk);
+    }
+  } catch (err) {
+    fileStream.close();
+    clearTimeout(totalTimer);
+    if (err instanceof CtxbinError) {
+      throw err;
+    }
+    return fail("NETWORK", `download failed: ${err instanceof Error ? err.message : String(err)}`);
+  } finally {
+    clearTimeout(totalTimer);
+  }
+  if (magic.length < 2) {
+    fileStream.close();
+    return fail("IO", "downloaded file is incomplete");
+  }
+  await new Promise((resolve, reject) => {
+    fileStream.end(() => resolve());
+    fileStream.on("error", reject);
+  });
+}
+async function fetchWithRedirect(url, redirectsLeft, controller, allowedHosts, init) {
+  const connectTimer = setTimeout(() => controller.abort(), SKILLREF_CONNECT_TIMEOUT_MS);
+  const res = await fetch(url, {
+    ...init,
+    signal: controller.signal,
+    redirect: "manual"
+  });
+  clearTimeout(connectTimer);
+  if (isRedirect(res.status)) {
+    if (redirectsLeft <= 0) {
+      return fail("NETWORK", "too many redirects");
+    }
+    const location = res.headers.get("location");
+    if (!location) {
+      return fail("NETWORK", "redirect without location header");
+    }
+    const nextUrl = new URL(location, url).toString();
+    const host = new URL(nextUrl).hostname;
+    if (!allowedHosts.includes(host)) {
+      return fail("NETWORK", `redirected to unsupported host: ${host}`);
+    }
+    return fetchWithRedirect(nextUrl, redirectsLeft - 1, controller, allowedHosts, init);
+  }
+  return res;
+}
+function isRedirect(status) {
+  return [301, 302, 303, 307, 308].includes(status);
+}
+function splitGithubUrl(repoUrl) {
+  const url = new URL(repoUrl);
+  const parts = url.pathname.split("/").filter(Boolean);
+  if (parts.length !== 2) {
+    return fail("INVALID_URL", "URL must be https://github.com/<owner>/<repo>");
+  }
+  return { owner: parts[0], repo: parts[1] };
+}
+async function fetchDefaultBranch(repoUrl) {
+  const { owner, repo } = splitGithubUrl(repoUrl);
+  const url = `https://api.github.com/repos/${owner}/${repo}`;
+  const controller = new AbortController();
+  const totalTimer = setTimeout(() => controller.abort(), SKILLREF_DOWNLOAD_TIMEOUT_MS);
+  let res;
+  try {
+    res = await fetchWithRedirect(url, 1, controller, ["github.com", "api.github.com"], {
+      headers: {
+        "User-Agent": "ctxbin",
+        Accept: "application/vnd.github+json"
+      }
+    });
+  } catch (err) {
+    clearTimeout(totalTimer);
+    return fail("NETWORK", `default branch lookup failed: ${err instanceof Error ? err.message : String(err)}`);
+  }
+  if (!res.ok) {
+    clearTimeout(totalTimer);
+    const text = await res.text();
+    return fail("NETWORK", `default branch lookup failed (${res.status}): ${text}`);
+  }
+  let data;
+  try {
+    data = await res.json();
+  } catch {
+    clearTimeout(totalTimer);
+    return fail("NETWORK", "default branch lookup returned invalid JSON");
+  }
+  clearTimeout(totalTimer);
+  if (!data || typeof data.default_branch !== "string" || data.default_branch.length === 0) {
+    return fail("NETWORK", "default branch lookup returned no default_branch");
+  }
+  return data.default_branch;
+}
+function analyzeEntries(entries, requestedPath) {
+  if (entries.length === 0) {
+    return fail("NOT_FOUND", "archive contained no entries");
+  }
+  const prefix = entries[0].path.split("/")[0];
+  if (!prefix) {
+    return fail("IO", "unable to determine archive prefix");
+  }
+  const execSet = /* @__PURE__ */ new Set();
+  let entryCount = 0;
+  let totalSize = 0;
+  let matched = false;
+  for (const entry of entries) {
+    assertSafeTarPath(entry.path);
+    if (!ALLOWED_TYPES.has(entry.type)) {
+      return fail("IO", `unsupported entry type in archive: ${entry.path}`);
+    }
+    if (entry.path === prefix) {
+      continue;
+    }
+    if (!entry.path.startsWith(`${prefix}/`)) {
+      return fail("IO", "archive has unexpected top-level layout");
+    }
+    const rel = entry.path.slice(prefix.length + 1);
+    if (!rel) {
+      continue;
+    }
+    const relToReq = stripRequestedPath(rel, requestedPath);
+    if (relToReq === null) {
+      continue;
+    }
+    matched = true;
+    entryCount += 1;
+    if (rel === requestedPath && entry.type === "File") {
+      return fail("INVALID_PATH", "requested path is not a directory");
+    }
+    if (entry.type === "File") {
+      totalSize += entry.size ?? 0;
+      if (entry.mode & 73) {
+        execSet.add(relToReq);
+      }
+    }
+  }
+  if (!matched) {
+    return fail("NOT_FOUND", "requested path not found in archive");
+  }
+  if (entryCount > MAX_SKILLREF_FILES) {
+    return fail("SIZE_LIMIT", `extracted entry count ${entryCount} exceeds ${MAX_SKILLREF_FILES}`);
+  }
+  if (totalSize > MAX_SKILLREF_EXTRACT_BYTES) {
+    return fail("SIZE_LIMIT", `extracted size ${totalSize} exceeds ${MAX_SKILLREF_EXTRACT_BYTES}`);
+  }
+  return { prefix, execSet };
+}
+function stripRequestedPath(rel, requestedPath) {
+  if (rel === requestedPath) {
+    return "";
+  }
+  const prefix = requestedPath + "/";
+  if (rel.startsWith(prefix)) {
+    return rel.slice(prefix.length);
+  }
+  return null;
+}
+function isUnderPath(entryPath, prefix, requestedPath) {
+  if (entryPath === prefix) {
+    return false;
+  }
+  if (!entryPath.startsWith(`${prefix}/`)) {
+    return false;
+  }
+  const rel = entryPath.slice(prefix.length + 1);
+  if (!rel) {
+    return false;
+  }
+  if (rel === requestedPath || rel.startsWith(requestedPath + "/")) {
+    return true;
+  }
+  return false;
+}
+
+// src/input.ts
+var import_promises7 = __toESM(require("fs/promises"));
+var import_node_process = __toESM(require("process"));
+async function resolveSaveInput(resource, opts, stdinIsTTY = Boolean(import_node_process.default.stdin.isTTY)) {
+  const hasFile = typeof opts.file === "string";
+  const hasValue = typeof opts.value === "string";
+  const hasDir = typeof opts.dir === "string";
+  const urlFlagsUsed = Boolean(opts.url || opts.ref || opts.path);
+  const hasUrl = Boolean(opts.url && opts.path);
+  const explicitCount = [hasFile, hasValue, hasDir, hasUrl].filter(Boolean).length;
+  const hasStdin = !stdinIsTTY && explicitCount === 0;
+  if (urlFlagsUsed && !hasUrl) {
+    return fail("INVALID_INPUT", "--url and --path must be provided together");
+  }
+  const methods = explicitCount + (hasStdin ? 1 : 0);
+  if (methods !== 1) {
+    return fail("INVALID_INPUT", "exactly one input method must be used");
+  }
+  if (hasDir && resource !== "skill") {
+    return fail("INVALID_INPUT", "--dir is only valid for skill save");
+  }
+  if (hasUrl && resource !== "skill") {
+    return fail("INVALID_INPUT", "--url/--ref/--path are only valid for skill save");
+  }
+  if (opts.append && (hasDir || hasUrl)) {
+    return fail("INVALID_INPUT", "--append cannot be used with --dir or --url");
+  }
+  if (hasDir) {
+    const value = await createSkillpackFromDir(opts.dir);
+    return { kind: "skillpack", value };
+  }
+  if (hasUrl) {
+    const value = createSkillrefValue(opts.url, opts.path, opts.ref);
+    return { kind: "skillref", value };
+  }
+  if (hasFile) {
+    const content = await import_promises7.default.readFile(opts.file, "utf8");
+    return { kind: "string", value: content };
+  }
+  if (hasValue) {
+    return { kind: "string", value: opts.value };
+  }
+  const stdin = await readStdin();
+  return { kind: "string", value: stdin };
+}
+async function readStdin() {
+  return new Promise((resolve, reject) => {
+    let data = "";
+    import_node_process.default.stdin.setEncoding("utf8");
+    import_node_process.default.stdin.on("data", (chunk) => {
+      data += chunk;
+    });
+    import_node_process.default.stdin.on("end", () => resolve(data));
+    import_node_process.default.stdin.on("error", reject);
+  });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  CtxbinError,
+  SKILLPACK_HEADER,
+  SKILLREF_HEADER,
+  createSkillpackFromDir,
+  createSkillrefValue,
+  detectSkillValueType,
+  formatError,
+  loadSkillrefToDir,
+  normalizeGithubUrl,
+  normalizeSkillPath,
+  parseSkillrefValue,
+  resolveSaveInput,
+  safeChmod,
+  validateCommitSha
+});
+//# sourceMappingURL=index.js.map