elsabro 2.3.0 → 3.7.0

package/references/agent-marketplace.md

@@ -0,0 +1,2274 @@
+# ELSABRO Agent Marketplace
+
+> Sistema de marketplace para publicar, descubrir e instalar agentes de la comunidad con verificacion, reviews y sandboxing.
+
+## Arquitectura General
+
+```
++-----------------------------------------------------------------------------+
+|                          Agent Marketplace System                            |
++-----------------------------------------------------------------------------+
+|  +-------------------+  +-------------------+  +-------------------+         |
+|  | MarketplaceRegistry|  |   AgentPackager   |  |PublishingPipeline|         |
+|  |  -----------------  |  |  ---------------  |  |  ---------------  |        |
+|  | * Agent catalog    |  | * Package agents |  | * Submit flow    |         |
+|  | * Search/filter    |  | * Validate code  |  | * Auto review    |         |
+|  | * Versioning       |  | * Sign packages  |  | * Approval       |         |
+|  +-------------------+  +-------------------+  +-------------------+         |
+|                              |                                               |
+|  +---------------------------+-------------------------------+               |
+|  |                      ReviewSystem                          |              |
+|  |  * Ratings (1-5)  * Text reviews  * Usage metrics         |              |
+|  +------------------------------------------------------------+              |
+|                              |                                               |
+|  +---------------------------+-------------------------------+               |
+|  |                  InstallationManager                       |              |
+|  |  * Install/Update  * Dependencies  * Sandboxed execution  |              |
+|  +------------------------------------------------------------+              |
++-----------------------------------------------------------------------------+
+```
+
+---
+
+## 1. MarketplaceRegistry
+
+### Proposito
+
+Registro central de agentes publicados con busqueda, filtrado y versionado semantico.
+
+### Interfaces
+
+```typescript
+interface MarketplaceRegistry {
+  // Catalog operations
+  list(options?: ListOptions): Promise<AgentListing[]>;
+  get(name: string, version?: string): Promise<AgentDetails | null>;
+  search(query: SearchQuery): Promise<SearchResult>;
+
+  // Categories
+  getCategories(): Promise<Category[]>;
+  getByCategory(categoryId: AgentCategory): Promise<AgentListing[]>;
+
+  // Versions
+  getVersions(name: string): Promise<VersionInfo[]>;
+  getLatestVersion(name: string): Promise<string>;
+  checkCompatibility(name: string, version: string): Promise<CompatibilityResult>;
+
+  // Statistics
+  getStats(name: string): Promise<AgentStats>;
+  getTrending(period: TrendingPeriod): Promise<AgentListing[]>;
+
+  // Events
+  onUpdate(callback: (agent: AgentListing) => void): Disposable;
+}
+
+type AgentCategory =
+  | 'exploration'
+  | 'implementation'
+  | 'review'
+  | 'testing'
+  | 'specialized';
+
+interface AgentListing {
+  // Identity
+  name: string;
+  displayName: string;
+  description: string;
+  version: string;
+  author: AuthorInfo;
+
+  // Classification
+  category: AgentCategory;
+  tags: string[];
+
+  // Stats
+  downloads: number;
+  rating: number;
+  reviewCount: number;
+
+  // Metadata
+  createdAt: Date;
+  updatedAt: Date;
+  verified: boolean;
+  featured: boolean;
+
+  // Links
+  repository?: string;
+  homepage?: string;
+  documentation?: string;
+}
+
+interface AuthorInfo {
+  name: string;
+  email?: string;
+  url?: string;
+  verified: boolean;
+  publisherSince: Date;
+}
+
+interface SearchQuery {
+  text?: string;
+  category?: AgentCategory;
+  tags?: string[];
+  minRating?: number;
+  minDownloads?: number;
+  verified?: boolean;
+  compatible?: string;  // ELSABRO version
+  sortBy?: 'relevance' | 'downloads' | 'rating' | 'updated' | 'name';
+  sortOrder?: 'asc' | 'desc';
+  page?: number;
+  limit?: number;
+}
+
+interface SearchResult {
+  items: AgentListing[];
+  total: number;
+  page: number;
+  totalPages: number;
+  facets: {
+    categories: Record<AgentCategory, number>;
+    tags: Record<string, number>;
+    ratings: Record<number, number>;
+  };
+}
+
+interface VersionInfo {
+  version: string;
+  publishedAt: Date;
+  downloads: number;
+  changelog?: string;
+  compatibility: {
+    elsabro: string;
+    node?: string;
+  };
+  deprecated?: boolean;
+  deprecationMessage?: string;
+}
+
+interface CompatibilityResult {
+  compatible: boolean;
+  currentVersion: string;
+  requiredVersion: string;
+  issues: CompatibilityIssue[];
+}
+
+interface CompatibilityIssue {
+  type: 'version' | 'dependency' | 'permission' | 'platform';
+  severity: 'error' | 'warning';
+  message: string;
+}
+```
+
+### Implementacion
+
+```typescript
+class MarketplaceRegistryImpl implements MarketplaceRegistry {
+  private cache: Map<string, CachedEntry> = new Map();
+  private updateCallbacks: Set<Function> = new Set();
+
+  constructor(
+    private config: MarketplaceConfig,
+    private httpClient: HttpClient,
+    private cacheManager: CacheManager
+  ) {}
+
+  async list(options: ListOptions = {}): Promise<AgentListing[]> {
+    const cacheKey = `list:${JSON.stringify(options)}`;
+    const cached = await this.cacheManager.get<AgentListing[]>(cacheKey);
+
+    if (cached && !options.forceRefresh) {
+      return cached;
+    }
+
+    const response = await this.httpClient.get<ApiResponse<AgentListing[]>>(
+      `${this.config.registry.url}/agents`,
+      { params: this.buildListParams(options) }
+    );
+
+    await this.cacheManager.set(cacheKey, response.data, this.config.registry.cacheTTL);
+    return response.data;
+  }
+
+  async get(name: string, version?: string): Promise<AgentDetails | null> {
+    const cacheKey = `agent:${name}:${version || 'latest'}`;
+    const cached = await this.cacheManager.get<AgentDetails>(cacheKey);
+
+    if (cached) return cached;
+
+    try {
+      const url = version
+        ? `${this.config.registry.url}/agents/${name}/versions/${version}`
+        : `${this.config.registry.url}/agents/${name}`;
+
+      const response = await this.httpClient.get<ApiResponse<AgentDetails>>(url);
+      await this.cacheManager.set(cacheKey, response.data, this.config.registry.cacheTTL);
+      return response.data;
+    } catch (error) {
+      if (error.status === 404) return null;
+      throw error;
+    }
+  }
+
+  async search(query: SearchQuery): Promise<SearchResult> {
+    const response = await this.httpClient.post<ApiResponse<SearchResult>>(
+      `${this.config.registry.url}/search`,
+      { body: query }
+    );
+
+    return response.data;
+  }
+
+  async getCategories(): Promise<Category[]> {
+    return this.config.categories.map(cat => ({
+      id: cat.id,
+      name: cat.name,
+      description: cat.description,
+      icon: cat.icon,
+      agentCount: 0  // Populated from API
+    }));
+  }
+
+  async getByCategory(categoryId: AgentCategory): Promise<AgentListing[]> {
+    return this.search({ category: categoryId, limit: 100 }).then(r => r.items);
+  }
+
+  async getVersions(name: string): Promise<VersionInfo[]> {
+    const response = await this.httpClient.get<ApiResponse<VersionInfo[]>>(
+      `${this.config.registry.url}/agents/${name}/versions`
+    );
+    return response.data;
+  }
+
+  async getLatestVersion(name: string): Promise<string> {
+    const agent = await this.get(name);
+    if (!agent) throw new Error(`Agent not found: ${name}`);
+    return agent.version;
+  }
+
+  async checkCompatibility(name: string, version: string): Promise<CompatibilityResult> {
+    const agent = await this.get(name, version);
+    if (!agent) {
+      return {
+        compatible: false,
+        currentVersion: this.config.elsabroVersion,
+        requiredVersion: 'unknown',
+        issues: [{ type: 'version', severity: 'error', message: 'Agent not found' }]
+      };
+    }
+
+    const issues: CompatibilityIssue[] = [];
+    const requiredVersion = agent.manifest.engines?.elsabro || '*';
+
+    if (!semver.satisfies(this.config.elsabroVersion, requiredVersion)) {
+      issues.push({
+        type: 'version',
+        severity: 'error',
+        message: `Requires ELSABRO ${requiredVersion}, current: ${this.config.elsabroVersion}`
+      });
+    }
+
+    // Check dependencies
+    for (const [dep, ver] of Object.entries(agent.manifest.dependencies || {})) {
+      const installed = await this.checkInstalledAgent(dep);
+      if (!installed) {
+        issues.push({
+          type: 'dependency',
+          severity: 'error',
+          message: `Missing dependency: ${dep}@${ver}`
+        });
+      } else if (!semver.satisfies(installed.version, ver)) {
+        issues.push({
+          type: 'dependency',
+          severity: 'warning',
+          message: `Dependency version mismatch: ${dep} requires ${ver}, installed: ${installed.version}`
+        });
+      }
+    }
+
+    return {
+      compatible: issues.filter(i => i.severity === 'error').length === 0,
+      currentVersion: this.config.elsabroVersion,
+      requiredVersion,
+      issues
+    };
+  }
+
+  async getStats(name: string): Promise<AgentStats> {
+    const response = await this.httpClient.get<ApiResponse<AgentStats>>(
+      `${this.config.registry.url}/agents/${name}/stats`
+    );
+    return response.data;
+  }
+
+  async getTrending(period: TrendingPeriod = 'week'): Promise<AgentListing[]> {
+    const response = await this.httpClient.get<ApiResponse<AgentListing[]>>(
+      `${this.config.registry.url}/trending`,
+      { params: { period } }
+    );
+    return response.data;
+  }
+
+  onUpdate(callback: (agent: AgentListing) => void): Disposable {
+    this.updateCallbacks.add(callback);
+    return { dispose: () => this.updateCallbacks.delete(callback) };
+  }
+
+  private buildListParams(options: ListOptions): Record<string, string> {
+    const params: Record<string, string> = {};
+    if (options.page) params.page = String(options.page);
+    if (options.limit) params.limit = String(options.limit);
+    if (options.sortBy) params.sort = options.sortBy;
+    if (options.category) params.category = options.category;
+    return params;
+  }
+}
+```
+
+---
+
+## 2. AgentPackager
+
+### Proposito
+
+Empaquetado de agentes para distribucion con validacion, manifest y firma digital.
+
+### Interfaces
+
+```typescript
+interface AgentPackager {
+  // Packaging
+  pack(sourcePath: string, options?: PackOptions): Promise<PackageResult>;
+  validate(sourcePath: string): Promise<ValidationResult>;
+
+  // Manifest
+  generateManifest(sourcePath: string): Promise<AgentManifest>;
+  validateManifest(manifest: AgentManifest): ValidationResult;
+
+  // Signing
+  sign(packagePath: string, privateKey: string): Promise<SignedPackage>;
+  verify(packagePath: string): Promise<VerificationResult>;
+
+  // Unpacking
+  unpack(packagePath: string, destPath: string): Promise<UnpackResult>;
+  inspect(packagePath: string): Promise<PackageInfo>;
+}
+
+interface AgentManifest {
+  // Required fields
+  name: string;
+  version: string;
+  displayName: string;
+  description: string;
+  author: string | AuthorInfo;
+  main: string;
+
+  // Classification
+  category: AgentCategory;
+  tags?: string[];
+  keywords?: string[];
+
+  // Compatibility
+  engines: {
+    elsabro: string;
+    node?: string;
+  };
+
+  // Dependencies
+  dependencies?: Record<string, string>;
+  peerDependencies?: Record<string, string>;
+
+  // Permissions
+  permissions?: AgentPermission[];
+
+  // Contributions
+  contributes?: {
+    tools?: ToolContribution[];
+    commands?: CommandContribution[];
+    hooks?: HookContribution[];
+    config?: ConfigContribution;
+  };
+
+  // Metadata
+  license?: string;
+  repository?: string;
+  homepage?: string;
+  bugs?: string;
+  changelog?: string;
+
+  // Files
+  files?: string[];
+  exclude?: string[];
+}
+
+type AgentPermission =
+  | 'filesystem:read'
+  | 'filesystem:write'
+  | 'network'
+  | 'network:external'
+  | 'shell'
+  | 'shell:restricted'
+  | 'env'
+  | 'secrets'
+  | 'config:read'
+  | 'config:write'
+  | 'agents:spawn'
+  | 'tools:register';
+
+interface PackOptions {
+  outputPath?: string;
+  sign?: boolean;
+  privateKeyPath?: string;
+  includeSourceMaps?: boolean;
+  minify?: boolean;
+  compressionLevel?: number;
+}
+
+interface PackageResult {
+  success: boolean;
+  packagePath: string;
+  size: number;
+  checksum: string;
+  manifest: AgentManifest;
+  files: PackagedFile[];
+  warnings: string[];
+}
+
+interface PackagedFile {
+  path: string;
+  size: number;
+  checksum: string;
+}
+
+interface SignedPackage {
+  packagePath: string;
+  signature: string;
+  signedAt: Date;
+  publicKey: string;
+  algorithm: string;
+}
+
+interface VerificationResult {
+  valid: boolean;
+  signed: boolean;
+  signature?: {
+    algorithm: string;
+    publicKey: string;
+    signedAt: Date;
+    publisher?: string;
+    verified: boolean;
+  };
+  checksum: {
+    expected: string;
+    actual: string;
+    valid: boolean;
+  };
+  issues: string[];
+}
+```
+
+### Implementacion
+
+```typescript
+class AgentPackagerImpl implements AgentPackager {
+  constructor(
+    private config: MarketplaceConfig,
+    private crypto: CryptoService,
+    private validator: ManifestValidator
+  ) {}
+
+  async pack(sourcePath: string, options: PackOptions = {}): Promise<PackageResult> {
+    // Validate first
+    const validation = await this.validate(sourcePath);
+    if (!validation.valid) {
+      throw new PackagingError('Validation failed', validation.errors);
+    }
+
+    // Read manifest
+    const manifestPath = path.join(sourcePath, this.config.packaging.manifestFile);
+    const manifest = await this.readManifest(manifestPath);
+
+    // Determine files to include
+    const files = await this.collectFiles(sourcePath, manifest);
+
+    // Create package
+    const outputPath = options.outputPath ||
+      path.join(sourcePath, `${manifest.name}-${manifest.version}.elsabro`);
+
+    const archive = archiver('zip', {
+      zlib: { level: options.compressionLevel ?? this.config.packaging.compressionLevel }
+    });
+
+    const output = fs.createWriteStream(outputPath);
+    archive.pipe(output);
+
+    // Add manifest
+    archive.append(JSON.stringify(manifest, null, 2), { name: 'agent.manifest.json' });
+
+    // Add files
+    const packagedFiles: PackagedFile[] = [];
+    for (const file of files) {
+      const content = await fs.readFile(path.join(sourcePath, file));
+      const checksum = this.crypto.hash(content, 'sha256');
+
+      archive.append(content, { name: file });
+      packagedFiles.push({
+        path: file,
+        size: content.length,
+        checksum
+      });
+    }
+
+    await archive.finalize();
+
+    // Calculate package checksum
+    const packageContent = await fs.readFile(outputPath);
+    const checksum = this.crypto.hash(packageContent, 'sha256');
+
+    // Sign if requested
+    if (options.sign && options.privateKeyPath) {
+      const privateKey = await fs.readFile(options.privateKeyPath, 'utf-8');
+      await this.sign(outputPath, privateKey);
+    }
+
+    return {
+      success: true,
+      packagePath: outputPath,
+      size: packageContent.length,
+      checksum,
+      manifest,
+      files: packagedFiles,
+      warnings: validation.warnings
+    };
+  }
+
+  async validate(sourcePath: string): Promise<ValidationResult> {
+    const errors: string[] = [];
+    const warnings: string[] = [];
+
+    // Check manifest exists
+    const manifestPath = path.join(sourcePath, this.config.packaging.manifestFile);
+    if (!await this.fileExists(manifestPath)) {
+      errors.push(`Missing manifest file: ${this.config.packaging.manifestFile}`);
+      return { valid: false, errors, warnings };
+    }
+
+    // Validate manifest
+    const manifest = await this.readManifest(manifestPath);
+    const manifestValidation = this.validateManifest(manifest);
+    errors.push(...manifestValidation.errors);
+    warnings.push(...manifestValidation.warnings);
+
+    // Check main entry exists
+    if (manifest.main) {
+      const mainPath = path.join(sourcePath, manifest.main);
+      if (!await this.fileExists(mainPath)) {
+        errors.push(`Main entry file not found: ${manifest.main}`);
+      }
+    }
+
+    // Check package size
+    const totalSize = await this.calculateDirectorySize(sourcePath);
+    if (totalSize > this.config.packaging.maxPackageSize) {
+      errors.push(`Package exceeds maximum size: ${totalSize} > ${this.config.packaging.maxPackageSize}`);
+    }
+
+    // Validate code structure
+    const codeValidation = await this.validateCode(sourcePath, manifest);
+    errors.push(...codeValidation.errors);
+    warnings.push(...codeValidation.warnings);
+
+    return {
+      valid: errors.length === 0,
+      errors,
+      warnings
+    };
+  }
+
+  validateManifest(manifest: AgentManifest): ValidationResult {
+    const errors: string[] = [];
+    const warnings: string[] = [];
+
+    // Required fields
+    for (const field of this.config.packaging.requiredFields) {
+      if (!manifest[field]) {
+        errors.push(`Missing required field: ${field}`);
+      }
+    }
+
+    // Version format
+    if (manifest.version && !semver.valid(manifest.version)) {
+      errors.push(`Invalid version format: ${manifest.version}`);
+    }
+
+    // Name format
+    if (manifest.name && !/^[a-z0-9-]+$/.test(manifest.name)) {
+      errors.push(`Invalid name format: ${manifest.name}. Use lowercase letters, numbers, and hyphens only.`);
+    }
+
+    // Category validation
+    const validCategories = ['exploration', 'implementation', 'review', 'testing', 'specialized'];
+    if (manifest.category && !validCategories.includes(manifest.category)) {
+      errors.push(`Invalid category: ${manifest.category}`);
+    }
+
+    // Engine compatibility
+    if (!manifest.engines?.elsabro) {
+      warnings.push('No ELSABRO engine version specified');
+    }
+
+    // Permission validation
+    const validPermissions = [
+      'filesystem:read', 'filesystem:write', 'network', 'network:external',
+      'shell', 'shell:restricted', 'env', 'secrets', 'config:read',
+      'config:write', 'agents:spawn', 'tools:register'
+    ];
+
+    for (const perm of manifest.permissions || []) {
+      if (!validPermissions.includes(perm)) {
+        warnings.push(`Unknown permission: ${perm}`);
+      }
+    }
+
+    // High-risk permissions warning
+    const highRiskPerms = ['shell', 'secrets', 'filesystem:write'];
+    const hasHighRisk = (manifest.permissions || []).some(p => highRiskPerms.includes(p));
+    if (hasHighRisk) {
+      warnings.push('Agent requests high-risk permissions. Manual review may be required.');
+    }
+
+    return { valid: errors.length === 0, errors, warnings };
+  }
+
+  async sign(packagePath: string, privateKey: string): Promise<SignedPackage> {
+    const content = await fs.readFile(packagePath);
+    const signature = this.crypto.sign(content, privateKey, this.config.signing.algorithm);
+    const publicKey = this.crypto.derivePublicKey(privateKey);
+
+    // Append signature to package
+    const signatureData = {
+      signature,
+      algorithm: this.config.signing.algorithm,
+      publicKey,
+      signedAt: new Date().toISOString()
+    };
+
+    const signaturePath = packagePath + '.sig';
+    await fs.writeFile(signaturePath, JSON.stringify(signatureData, null, 2));
+
+    return {
+      packagePath,
+      signature,
+      signedAt: new Date(),
+      publicKey,
+      algorithm: this.config.signing.algorithm
+    };
+  }
+
+  async verify(packagePath: string): Promise<VerificationResult> {
+    const issues: string[] = [];
+    const content = await fs.readFile(packagePath);
+
+    // Check checksum
+    const actualChecksum = this.crypto.hash(content, 'sha256');
+    const info = await this.inspect(packagePath);
+    const expectedChecksum = info.checksum;
+    const checksumValid = actualChecksum === expectedChecksum;
+
+    if (!checksumValid) {
+      issues.push('Checksum mismatch - package may be corrupted or tampered');
+    }
+
+    // Check signature
+    const signaturePath = packagePath + '.sig';
+    let signatureInfo = undefined;
+    let signed = false;
+
+    if (await this.fileExists(signaturePath)) {
+      signed = true;
+      const sigData = JSON.parse(await fs.readFile(signaturePath, 'utf-8'));
+      const verified = this.crypto.verify(content, sigData.signature, sigData.publicKey, sigData.algorithm);
+
+      signatureInfo = {
+        algorithm: sigData.algorithm,
+        publicKey: sigData.publicKey,
+        signedAt: new Date(sigData.signedAt),
+        verified
+      };
+
+      if (!verified) {
+        issues.push('Signature verification failed');
+      }
+    } else if (this.config.signing.required) {
+      issues.push('Package is not signed but signing is required');
+    }
+
+    return {
+      valid: issues.length === 0,
+      signed,
+      signature: signatureInfo,
+      checksum: {
+        expected: expectedChecksum,
+        actual: actualChecksum,
+        valid: checksumValid
+      },
+      issues
+    };
+  }
+
+  async unpack(packagePath: string, destPath: string): Promise<UnpackResult> {
+    // Verify before unpacking
+    const verification = await this.verify(packagePath);
+    if (!verification.valid && !this.config.signing.allowUnsigned) {
+      throw new PackagingError('Package verification failed', verification.issues);
+    }
+
+    await fs.mkdir(destPath, { recursive: true });
+
+    const zip = new AdmZip(packagePath);
+    zip.extractAllTo(destPath, true);
+
+    const manifest = await this.readManifest(path.join(destPath, 'agent.manifest.json'));
+
+    return {
+      success: true,
+      destPath,
+      manifest,
+      verification
+    };
+  }
+
+  async inspect(packagePath: string): Promise<PackageInfo> {
+    const zip = new AdmZip(packagePath);
+    const manifestEntry = zip.getEntry('agent.manifest.json');
+
+    if (!manifestEntry) {
+      throw new PackagingError('Invalid package: missing manifest');
+    }
+
+    const manifest = JSON.parse(manifestEntry.getData().toString('utf-8'));
+    const entries = zip.getEntries();
+
+    const content = await fs.readFile(packagePath);
+
+    return {
+      manifest,
+      size: content.length,
+      checksum: this.crypto.hash(content, 'sha256'),
+      files: entries.map(e => ({
+        path: e.entryName,
+        size: e.header.size,
+        compressed: e.header.compressedSize
+      })),
+      createdAt: new Date(entries[0]?.header.time || Date.now())
+    };
+  }
+
+  private async collectFiles(sourcePath: string, manifest: AgentManifest): Promise<string[]> {
+    const includePatterns = manifest.files || ['**/*'];
+    const excludePatterns = [
+      ...this.config.packaging.excludePatterns,
+      ...(manifest.exclude || [])
+    ];
+
+    const files = await glob(includePatterns, {
+      cwd: sourcePath,
+      ignore: excludePatterns,
+      nodir: true
+    });
+
+    // Filter by allowed file types
+    return files.filter(f => {
+      const ext = path.extname(f);
+      return this.config.packaging.allowedFileTypes.includes(ext) || ext === '';
+    });
+  }
+
+  private async validateCode(sourcePath: string, manifest: AgentManifest): Promise<ValidationResult> {
+    const errors: string[] = [];
+    const warnings: string[] = [];
+
+    // Check for potentially dangerous patterns
+    const mainPath = path.join(sourcePath, manifest.main);
+    if (await this.fileExists(mainPath)) {
+      const content = await fs.readFile(mainPath, 'utf-8');
+
+      // Check for dynamic code execution patterns (security validation)
+      if (/\bFunction\s*\(/.test(content)) {
+        warnings.push('Code contains Function constructor which may pose security risks');
+      }
+
+      // Check for dynamic requires without permissions
+      if (/require\s*\([^'"]+\)/.test(content) && !manifest.permissions?.includes('shell')) {
+        warnings.push('Code contains dynamic requires');
+      }
+    }
+
+    return { valid: errors.length === 0, errors, warnings };
+  }
+
+  private async fileExists(filePath: string): Promise<boolean> {
+    try {
+      await fs.access(filePath);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+
+  private async readManifest(manifestPath: string): Promise<AgentManifest> {
+    const content = await fs.readFile(manifestPath, 'utf-8');
+    return JSON.parse(content);
+  }
+
+  private async calculateDirectorySize(dirPath: string): Promise<number> {
+    let size = 0;
+    const files = await glob('**/*', { cwd: dirPath, nodir: true });
+
+    for (const file of files) {
+      const stat = await fs.stat(path.join(dirPath, file));
+      size += stat.size;
+    }
+
+    return size;
+  }
+}
+```
+
+---
+
+## 3. PublishingPipeline
+
+### Proposito
+
+Flujo de publicacion con validacion automatica, review y rollback.
+
+### Interfaces
+
+```typescript
+interface PublishingPipeline {
+  // Submission
+  submit(packagePath: string, options?: SubmitOptions): Promise<Submission>;
+  getSubmission(id: string): Promise<Submission | null>;
+  cancelSubmission(id: string): Promise<void>;
+
+  // Review process
+  startReview(submissionId: string): Promise<ReviewProcess>;
+  getReviewStatus(submissionId: string): Promise<ReviewStatus>;
+
+  // Publishing
+  approve(submissionId: string, reviewerId: string): Promise<void>;
+  reject(submissionId: string, reason: string, reviewerId: string): Promise<void>;
+  publish(submissionId: string): Promise<PublishResult>;
+
+  // Rollback
+  unpublish(name: string, version: string, reason: string): Promise<void>;
+  rollback(name: string, toVersion: string): Promise<RollbackResult>;
+
+  // Webhooks
+  onStageChange(callback: (submission: Submission, stage: PublishStage) => void): Disposable;
+}
+
+type PublishStage = 'submit' | 'validate' | 'review' | 'approve' | 'publish' | 'rejected';
+
+interface Submission {
+  id: string;
+  packagePath: string;
+  manifest: AgentManifest;
+  submittedBy: string;
+  submittedAt: Date;
+  stage: PublishStage;
+  stageHistory: StageHistoryEntry[];
+  validation?: ValidationResult;
+  review?: ReviewProcess;
+  publishedAt?: Date;
+  rejectionReason?: string;
+}
+
+interface StageHistoryEntry {
+  stage: PublishStage;
+  timestamp: Date;
+  actor?: string;
+  notes?: string;
+}
+
+interface SubmitOptions {
+  releaseNotes?: string;
+  prerelease?: boolean;
+  tags?: string[];
+}
+
+interface ReviewProcess {
+  id: string;
+  submissionId: string;
+  startedAt: Date;
+  completedAt?: Date;
+  status: 'pending' | 'in_progress' | 'passed' | 'failed';
+
+  // Automated checks
+  automatedChecks: AutomatedCheck[];
+  automatedScore: number;
+
+  // Manual review (if needed)
+  requiresManualReview: boolean;
+  manualReviewer?: string;
+  manualReviewNotes?: string;
+}
+
+interface AutomatedCheck {
+  name: string;
+  description: string;
+  status: 'pending' | 'running' | 'passed' | 'failed' | 'skipped';
+  result?: {
+    passed: boolean;
+    score: number;
+    details: string;
+    duration: number;
+  };
+}
+
+interface ReviewStatus {
+  stage: PublishStage;
+  automatedChecks: {
+    total: number;
+    passed: number;
+    failed: number;
+    pending: number;
+  };
+  score: number;
+  requiresManualReview: boolean;
+  estimatedCompletion?: Date;
+}
+
+interface PublishResult {
+  success: boolean;
+  name: string;
+  version: string;
+  publishedAt: Date;
+  url: string;
+}
+
+interface RollbackResult {
+  success: boolean;
+  previousVersion: string;
+  newVersion: string;
+  affectedInstalls: number;
+}
+```
+
+### Implementacion
+
+```typescript
+class PublishingPipelineImpl implements PublishingPipeline {
+  private submissions: Map<string, Submission> = new Map();
+  private stageCallbacks: Set<Function> = new Set();
+
+  constructor(
+    private config: MarketplaceConfig,
+    private packager: AgentPackager,
+    private registry: MarketplaceRegistry,
+    private testRunner: TestRunner,
+    private notifier: NotificationService
+  ) {}
+
+  async submit(packagePath: string, options: SubmitOptions = {}): Promise<Submission> {
+    // Inspect package
+    const info = await this.packager.inspect(packagePath);
+
+    // Check if version already exists
+    const existing = await this.registry.get(info.manifest.name, info.manifest.version);
+    if (existing) {
+      throw new PublishError(`Version ${info.manifest.version} already exists for ${info.manifest.name}`);
+    }
+
+    const submission: Submission = {
+      id: this.generateId(),
+      packagePath,
+      manifest: info.manifest,
+      submittedBy: this.getCurrentUser(),
+      submittedAt: new Date(),
+      stage: 'submit',
+      stageHistory: [{
+        stage: 'submit',
+        timestamp: new Date()
+      }]
+    };
+
+    this.submissions.set(submission.id, submission);
+
+    // Start validation automatically
+    this.processSubmission(submission);
+
+    return submission;
+  }
+
+  private async processSubmission(submission: Submission): Promise<void> {
+    try {
+      // Stage: Validate
+      await this.transitionStage(submission, 'validate');
+      submission.validation = await this.packager.validate(
+        path.dirname(submission.packagePath)
+      );
+
+      if (!submission.validation.valid) {
+        await this.transitionStage(submission, 'rejected', {
+          notes: `Validation failed: ${submission.validation.errors.join(', ')}`
+        });
+        return;
+      }
+
+      // Stage: Review
+      await this.transitionStage(submission, 'review');
+      const review = await this.startReview(submission.id);
+
+      // Wait for automated checks
+      await this.waitForAutomatedChecks(review);
+
+      // Check if manual review is needed
+      if (review.requiresManualReview) {
+        this.notifier.notifyReviewers(submission);
+        return; // Wait for manual approval
+      }
+
+      // Auto-approve if score is high enough
+      if (review.automatedScore >= this.config.publishing.manualReviewThreshold) {
+        await this.approve(submission.id, 'system');
+      }
+
+    } catch (error) {
+      await this.transitionStage(submission, 'rejected', {
+        notes: `Processing error: ${error.message}`
+      });
+    }
+  }
+
+  async startReview(submissionId: string): Promise<ReviewProcess> {
+    const submission = this.submissions.get(submissionId);
+    if (!submission) throw new Error('Submission not found');
+
+    const review: ReviewProcess = {
+      id: this.generateId(),
+      submissionId,
+      startedAt: new Date(),
+      status: 'in_progress',
+      automatedChecks: this.createAutomatedChecks(),
+      automatedScore: 0,
+      requiresManualReview: false
+    };
+
+    submission.review = review;
+
+    // Run automated checks
+    await this.runAutomatedChecks(submission, review);
+
+    return review;
+  }
+
+  private createAutomatedChecks(): AutomatedCheck[] {
+    return [
+      { name: 'manifest_validation', description: 'Validate manifest structure', status: 'pending' },
+      { name: 'code_security', description: 'Security analysis of code', status: 'pending' },
+      { name: 'dependency_check', description: 'Check dependencies for vulnerabilities', status: 'pending' },
+      { name: 'unit_tests', description: 'Run unit tests', status: 'pending' },
+      { name: 'integration_tests', description: 'Run integration tests', status: 'pending' },
+      { name: 'compatibility_tests', description: 'Test ELSABRO version compatibility', status: 'pending' },
+      { name: 'performance_check', description: 'Basic performance benchmarks', status: 'pending' },
+      { name: 'documentation_check', description: 'Verify documentation exists', status: 'pending' }
+    ];
+  }
+
+  private async runAutomatedChecks(submission: Submission, review: ReviewProcess): Promise<void> {
+    let totalScore = 0;
+    let checkCount = 0;
+
+    for (const check of review.automatedChecks) {
+      check.status = 'running';
+      const startTime = Date.now();
+
+      try {
+        const result = await this.runCheck(check.name, submission);
+        check.status = result.passed ? 'passed' : 'failed';
+        check.result = {
+          ...result,
+          duration: Date.now() - startTime
+        };
+
+        totalScore += result.score;
+        checkCount++;
+
+        // If critical check fails, require manual review
+        if (!result.passed && ['code_security', 'dependency_check'].includes(check.name)) {
+          review.requiresManualReview = true;
+        }
+
+      } catch (error) {
+        check.status = 'failed';
+        check.result = {
+          passed: false,
+          score: 0,
+          details: error.message,
+          duration: Date.now() - startTime
+        };
+      }
+    }
+
+    review.automatedScore = checkCount > 0 ? totalScore / checkCount : 0;
+    review.status = review.automatedChecks.every(c => c.status === 'passed') ? 'passed' : 'failed';
+
+    // High-risk permissions always require manual review
+    const highRiskPerms = ['shell', 'secrets'];
+    if (submission.manifest.permissions?.some(p => highRiskPerms.includes(p))) {
+      review.requiresManualReview = true;
+    }
+  }
+
+  private async runCheck(checkName: string, submission: Submission): Promise<{passed: boolean; score: number; details: string}> {
+    switch (checkName) {
+      case 'manifest_validation':
+        const validation = this.packager.validateManifest(submission.manifest);
+        return {
+          passed: validation.valid,
+          score: validation.valid ? 1 : 0,
+          details: validation.errors.join('; ') || 'Manifest is valid'
+        };
+
+      case 'unit_tests':
+        const testResult = await this.testRunner.runTests(submission.packagePath, 'unit');
+        return {
+          passed: testResult.passed && testResult.coverage >= this.config.testing.minCoverage,
+          score: testResult.coverage / 100,
+          details: `${testResult.passed}/${testResult.total} tests passed, ${testResult.coverage}% coverage`
+        };
+
+      case 'code_security':
+        const securityResult = await this.runSecurityScan(submission.packagePath);
+        return {
+          passed: securityResult.vulnerabilities.high === 0,
+          score: securityResult.score,
+          details: `Found ${securityResult.vulnerabilities.total} vulnerabilities`
+        };
+
+      default:
+        return { passed: true, score: 1, details: 'Check passed' };
+    }
+  }
+
+  async approve(submissionId: string, reviewerId: string): Promise<void> {
+    const submission = this.submissions.get(submissionId);
+    if (!submission) throw new Error('Submission not found');
+
+    if (submission.stage !== 'review') {
+      throw new Error(`Cannot approve submission in stage: ${submission.stage}`);
+    }
+
+    await this.transitionStage(submission, 'approve', { actor: reviewerId });
+
+    // Auto-publish after approval
+    await this.publish(submissionId);
+  }
+
+  async reject(submissionId: string, reason: string, reviewerId: string): Promise<void> {
+    const submission = this.submissions.get(submissionId);
+    if (!submission) throw new Error('Submission not found');
+
+    submission.rejectionReason = reason;
+    await this.transitionStage(submission, 'rejected', {
+      actor: reviewerId,
+      notes: reason
+    });
+
+    // Notify submitter
+    this.notifier.notifyRejection(submission, reason);
+  }
+
+  async publish(submissionId: string): Promise<PublishResult> {
+    const submission = this.submissions.get(submissionId);
+    if (!submission) throw new Error('Submission not found');
+
+    if (submission.stage !== 'approve') {
+      throw new Error(`Cannot publish submission in stage: ${submission.stage}`);
+    }
+
+    try {
+      // Upload to registry
+      const result = await this.uploadToRegistry(submission);
+
+      submission.publishedAt = new Date();
+      await this.transitionStage(submission, 'publish');
+
+      // Trigger webhooks
+      await this.triggerWebhook('onPublish', submission);
+
+      return result;
+
+    } catch (error) {
+      // Automatic rollback on failure
+      await this.transitionStage(submission, 'rejected', {
+        notes: `Publish failed: ${error.message}`
+      });
+      throw error;
+    }
+  }
+
+  async unpublish(name: string, version: string, reason: string): Promise<void> {
+    await this.registry.removeVersion(name, version);
+    this.notifier.notifyUnpublish(name, version, reason);
+  }
+
+  async rollback(name: string, toVersion: string): Promise<RollbackResult> {
+    const versions = await this.registry.getVersions(name);
+    const currentVersion = versions[0]?.version;
+
+    if (!currentVersion) {
+      throw new Error('No published versions found');
+    }
+
+    // Mark newer versions as deprecated
+    for (const ver of versions) {
+      if (semver.gt(ver.version, toVersion)) {
+        await this.registry.deprecateVersion(name, ver.version, `Rolled back to ${toVersion}`);
+      }
+    }
+
+    return {
+      success: true,
+      previousVersion: currentVersion,
+      newVersion: toVersion,
+      affectedInstalls: await this.countAffectedInstalls(name, currentVersion)
+    };
+  }
+
+  private async transitionStage(
+    submission: Submission,
+    stage: PublishStage,
+    options: { actor?: string; notes?: string } = {}
+  ): Promise<void> {
+    submission.stage = stage;
+    submission.stageHistory.push({
+      stage,
+      timestamp: new Date(),
+      actor: options.actor,
+      notes: options.notes
+    });
+
+    this.stageCallbacks.forEach(cb => cb(submission, stage));
+  }
+
+  onStageChange(callback: (submission: Submission, stage: PublishStage) => void): Disposable {
+    this.stageCallbacks.add(callback);
+    return { dispose: () => this.stageCallbacks.delete(callback) };
+  }
+
+  private generateId(): string {
+    return `sub_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+  }
+}
+```
+
+---
+
+## 4. ReviewSystem
+
+### Proposito
+
+Sistema de ratings, reviews de texto y metricas de uso.
+
+### Interfaces
+
+```typescript
+interface ReviewSystem {
+  // Reviews
+  submitReview(agentName: string, review: ReviewInput): Promise<Review>;
+  updateReview(reviewId: string, updates: Partial<ReviewInput>): Promise<Review>;
+  deleteReview(reviewId: string): Promise<void>;
+  getReviews(agentName: string, options?: ReviewQueryOptions): Promise<ReviewResult>;
+
+  // Ratings
+  getRating(agentName: string): Promise<RatingSummary>;
+  getUserRating(agentName: string, userId: string): Promise<number | null>;
+
+  // Metrics
+  getMetrics(agentName: string): Promise<AgentMetrics>;
+  trackUsage(agentName: string, event: UsageEvent): Promise<void>;
+
+  // Reporting
+  reportIssue(agentName: string, report: IssueReport): Promise<ReportResult>;
+  getReports(agentName: string): Promise<IssueReport[]>;
+}
+
+interface ReviewInput {
+  rating: number;  // 1-5
+  title?: string;
+  body?: string;
+  pros?: string[];
+  cons?: string[];
+  version: string;
+}
+
+interface Review {
+  id: string;
+  agentName: string;
+  userId: string;
+  userName: string;
+  rating: number;
+  title?: string;
+  body?: string;
+  pros?: string[];
+  cons?: string[];
+  version: string;
+  createdAt: Date;
+  updatedAt?: Date;
+  helpful: number;
+  verified: boolean;  // User actually installed the agent
+
+  // Publisher response
+  response?: {
+    body: string;
+    respondedAt: Date;
+  };
+}
+
+interface ReviewQueryOptions {
+  sortBy?: 'recent' | 'helpful' | 'rating_high' | 'rating_low';
+  filterRating?: number;
+  filterVersion?: string;
+  verified?: boolean;
+  page?: number;
+  limit?: number;
+}
+
+interface ReviewResult {
+  items: Review[];
+  total: number;
+  page: number;
+  summary: RatingSummary;
+}
+
+interface RatingSummary {
+  average: number;
+  total: number;
+  distribution: {
+    1: number;
+    2: number;
+    3: number;
+    4: number;
+    5: number;
+  };
+  trend: 'up' | 'down' | 'stable';
+  trendValue: number;
+}
+
+interface AgentMetrics {
+  // Downloads
+  downloads: {
+    total: number;
+    lastWeek: number;
+    lastMonth: number;
+    trend: number;  // percentage change
+  };
+
+  // Active users
+  activeUsers: {
+    daily: number;
+    weekly: number;
+    monthly: number;
+  };
+
+  // Success rate
+  successRate: {
+    overall: number;
+    lastWeek: number;
+    byVersion: Record<string, number>;
+  };
+
+  // Performance
+  performance: {
+    avgExecutionTime: number;
+    p95ExecutionTime: number;
+    errorRate: number;
+  };
+
+  // Retention
+  retention: {
+    day1: number;
+    day7: number;
+    day30: number;
+  };
+}
+
+interface UsageEvent {
+  type: 'install' | 'uninstall' | 'update' | 'execute' | 'error';
+  version: string;
+  duration?: number;
+  success?: boolean;
+  errorCode?: string;
+  metadata?: Record<string, unknown>;
+}
+
+interface IssueReport {
+  id: string;
+  agentName: string;
+  type: 'bug' | 'security' | 'inappropriate' | 'license';
+  title: string;
+  description: string;
+  reportedBy: string;
+  reportedAt: Date;
+  status: 'open' | 'investigating' | 'resolved' | 'dismissed';
+  severity: 'low' | 'medium' | 'high' | 'critical';
+  version?: string;
+  evidence?: string[];
+}
+```
+
+### Implementacion
+
+```typescript
+class ReviewSystemImpl implements ReviewSystem {
+  constructor(
+    private config: MarketplaceConfig,
+    private db: Database,
+    private installationManager: InstallationManager,
+    private moderator: ContentModerator
+  ) {}
+
+  async submitReview(agentName: string, input: ReviewInput): Promise<Review> {
+    const userId = this.getCurrentUserId();
+
+    // Validate rating
+    if (input.rating < 1 || input.rating > 5) {
+      throw new ValidationError('Rating must be between 1 and 5');
+    }
+
+    // Check if user has installed the agent
+    const hasInstalled = await this.installationManager.hasInstalled(agentName, userId);
+
+    // Check for existing review
+    const existing = await this.db.reviews.findOne({ agentName, userId });
+    if (existing) {
+      throw new ValidationError('You have already reviewed this agent. Use updateReview instead.');
+    }
+
+    // Moderate content if enabled
+    if (this.config.reviews.moderationEnabled && input.body) {
+      const moderation = await this.moderator.check(input.body);
+      if (!moderation.approved) {
+        throw new ModerationError('Review content violates community guidelines');
+      }
+    }
+
+    const review: Review = {
+      id: this.generateId(),
+      agentName,
+      userId,
+      userName: await this.getUserName(userId),
+      rating: input.rating,
+      title: input.title,
+      body: input.body,
+      pros: input.pros,
+      cons: input.cons,
+      version: input.version,
+      createdAt: new Date(),
+      helpful: 0,
+      verified: hasInstalled
+    };
+
+    await this.db.reviews.insert(review);
+    await this.updateRatingCache(agentName);
+
+    return review;
+  }
+
+  async getRating(agentName: string): Promise<RatingSummary> {
+    const reviews = await this.db.reviews.find({ agentName });
+
+    if (reviews.length === 0) {
+      return {
+        average: 0,
+        total: 0,
+        distribution: { 1: 0, 2: 0, 3: 0, 4: 0, 5: 0 },
+        trend: 'stable',
+        trendValue: 0
+      };
+    }
+
+    const distribution = { 1: 0, 2: 0, 3: 0, 4: 0, 5: 0 };
+    let sum = 0;
+
+    for (const review of reviews) {
+      distribution[review.rating as 1|2|3|4|5]++;
+      sum += review.rating;
+    }
+
+    const average = sum / reviews.length;
+
+    // Calculate trend (last 30 days vs previous 30 days)
+    const now = new Date();
+    const thirtyDaysAgo = new Date(now.getTime() - 30 * 24 * 60 * 60 * 1000);
+    const sixtyDaysAgo = new Date(now.getTime() - 60 * 24 * 60 * 60 * 1000);
+
+    const recentReviews = reviews.filter(r => r.createdAt > thirtyDaysAgo);
+    const previousReviews = reviews.filter(r => r.createdAt > sixtyDaysAgo && r.createdAt <= thirtyDaysAgo);
+
+    const recentAvg = recentReviews.length > 0
+      ? recentReviews.reduce((s, r) => s + r.rating, 0) / recentReviews.length
+      : average;
+    const previousAvg = previousReviews.length > 0
+      ? previousReviews.reduce((s, r) => s + r.rating, 0) / previousReviews.length
+      : average;
+
+    const trendValue = recentAvg - previousAvg;
+    const trend = trendValue > 0.1 ? 'up' : trendValue < -0.1 ? 'down' : 'stable';
+
+    return {
+      average: Math.round(average * 10) / 10,
+      total: reviews.length,
+      distribution,
+      trend,
+      trendValue: Math.round(trendValue * 100) / 100
+    };
+  }
+
+  async getMetrics(agentName: string): Promise<AgentMetrics> {
+    const now = new Date();
+    const weekAgo = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000);
+    const monthAgo = new Date(now.getTime() - 30 * 24 * 60 * 60 * 1000);
+
+    // Get usage events
+    const events = await this.db.usageEvents.find({ agentName });
+
+    // Calculate downloads
+    const installs = events.filter(e => e.type === 'install');
+    const lastWeekInstalls = installs.filter(e => e.timestamp > weekAgo);
+    const lastMonthInstalls = installs.filter(e => e.timestamp > monthAgo);
+
+    // Calculate success rate
+    const executions = events.filter(e => e.type === 'execute');
+    const successfulExecs = executions.filter(e => e.success);
+
+    // Calculate performance
+    const durations = executions.filter(e => e.duration).map(e => e.duration!);
+    durations.sort((a, b) => a - b);
+
+    const errors = events.filter(e => e.type === 'error');
+
+    return {
+      downloads: {
+        total: installs.length,
+        lastWeek: lastWeekInstalls.length,
+        lastMonth: lastMonthInstalls.length,
+        trend: 0
+      },
+      activeUsers: {
+        daily: await this.countActiveUsers(agentName, 1),
+        weekly: await this.countActiveUsers(agentName, 7),
+        monthly: await this.countActiveUsers(agentName, 30)
+      },
+      successRate: {
+        overall: executions.length > 0 ? (successfulExecs.length / executions.length) * 100 : 100,
+        lastWeek: this.calculateSuccessRate(executions.filter(e => e.timestamp > weekAgo)),
+        byVersion: this.calculateSuccessRateByVersion(executions)
+      },
+      performance: {
+        avgExecutionTime: durations.length > 0 ? durations.reduce((a, b) => a + b, 0) / durations.length : 0,
+        p95ExecutionTime: durations.length > 0 ? durations[Math.floor(durations.length * 0.95)] : 0,
+        errorRate: executions.length > 0 ? (errors.length / executions.length) * 100 : 0
+      },
+      retention: await this.calculateRetention(agentName)
+    };
+  }
+
+  async trackUsage(agentName: string, event: UsageEvent): Promise<void> {
+    await this.db.usageEvents.insert({
+      agentName,
+      userId: this.getCurrentUserId(),
+      timestamp: new Date(),
+      ...event
+    });
+  }
+
+  async reportIssue(agentName: string, report: Omit<IssueReport, 'id' | 'reportedBy' | 'reportedAt' | 'status'>): Promise<ReportResult> {
+    // Validate description length
+    if (report.description.length < this.config.reporting.minDescriptionLength) {
+      throw new ValidationError(`Description must be at least ${this.config.reporting.minDescriptionLength} characters`);
+    }
+
+    const issueReport: IssueReport = {
+      id: this.generateId(),
+      agentName,
+      ...report,
+      reportedBy: this.getCurrentUserId(),
+      reportedAt: new Date(),
+      status: 'open'
+    };
+
+    await this.db.reports.insert(issueReport);
+
+    // Notify publisher if configured
+    if (this.config.reporting.notifyPublisher) {
+      await this.notifyPublisher(agentName, issueReport);
+    }
+
+    // Auto-escalate security issues
+    if (report.type === 'security' && report.severity === 'critical') {
+      await this.escalateToSecurityTeam(issueReport);
+    }
+
+    return {
+      id: issueReport.id,
+      status: 'submitted',
+      message: 'Your report has been submitted and will be reviewed.'
+    };
+  }
+
+  private generateId(): string {
+    return `rev_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+  }
+}
+```
+
+---
+
+## 5. InstallationManager
+
+### Proposito
+
+Gestion de instalacion, actualizacion y ejecucion sandboxed de agentes.
+
+### Interfaces
+
+```typescript
+interface InstallationManager {
+  // Installation
+  install(name: string, version?: string, options?: InstallOptions): Promise<InstalledAgent>;
+  installFromPath(packagePath: string, options?: InstallOptions): Promise<InstalledAgent>;
+  uninstall(name: string): Promise<void>;
+
+  // Updates
+  update(name: string, version?: string): Promise<InstalledAgent>;
+  checkUpdates(): Promise<UpdateInfo[]>;
+  updateAll(): Promise<UpdateResult[]>;
+
+  // Queries
+  list(): Promise<InstalledAgent[]>;
+  get(name: string): Promise<InstalledAgent | null>;
+  isInstalled(name: string): Promise<boolean>;
+
+  // Dependencies
+  resolveDependencies(name: string, version: string): Promise<DependencyTree>;
+
+  // Execution
+  load(name: string): Promise<LoadedAgent>;
+  execute(name: string, input: AgentInput): Promise<AgentOutput>;
+
+  // Sandbox
+  createSandbox(agent: InstalledAgent): AgentSandbox;
+}
+
+interface InstalledAgent {
+  name: string;
+  version: string;
+  displayName: string;
+  description: string;
+  category: AgentCategory;
+
+  // Paths
+  installPath: string;
+  mainPath: string;
+
+  // Metadata
+  installedAt: Date;
+  updatedAt?: Date;
+  installedBy: string;
+
+  // State
+  enabled: boolean;
+  loaded: boolean;
+
+  // Manifest
+  manifest: AgentManifest;
+
+  // Dependencies
+  dependencies: InstalledDependency[];
+}
+
+interface InstalledDependency {
+  name: string;
+  version: string;
+  required: string;
+  satisfied: boolean;
+}
+
+interface InstallOptions {
+  global?: boolean;
+  force?: boolean;
+  skipDependencies?: boolean;
+  skipVerification?: boolean;
+}
+
+interface UpdateInfo {
+  name: string;
+  currentVersion: string;
+  latestVersion: string;
+  updateType: 'major' | 'minor' | 'patch';
+  breaking: boolean;
+  changelog?: string;
+}
+
+interface DependencyTree {
+  name: string;
+  version: string;
+  dependencies: DependencyTree[];
+  conflicts: DependencyConflict[];
+}
+
+interface DependencyConflict {
+  package: string;
+  required: string[];
+  installed?: string;
+  resolution: 'upgrade' | 'downgrade' | 'unresolvable';
+}
+
+interface AgentSandbox {
+  // Permissions
+  permissions: Set<AgentPermission>;
+
+  // Resource limits
+  limits: {
+    memory: number;
+    cpu: number;
+    timeout: number;
+  };
+
+  // Execution
+  execute<T>(fn: () => Promise<T>): Promise<T>;
+
+  // Cleanup
+  dispose(): void;
+}
+```
+
+### Implementacion
+
+```typescript
+class InstallationManagerImpl implements InstallationManager {
+  private installed: Map<string, InstalledAgent> = new Map();
+  private loaded: Map<string, LoadedAgent> = new Map();
+  private lockfile: Lockfile;
+
+  constructor(
+    private config: MarketplaceConfig,
+    private registry: MarketplaceRegistry,
+    private packager: AgentPackager,
+    private reviewSystem: ReviewSystem
+  ) {
+    this.lockfile = new Lockfile(this.config.installation.lockFile);
+  }
+
+  async install(name: string, version?: string, options: InstallOptions = {}): Promise<InstalledAgent> {
+    // Get agent info from registry
+    const targetVersion = version || await this.registry.getLatestVersion(name);
+    const agentInfo = await this.registry.get(name, targetVersion);
+
+    if (!agentInfo) {
+      throw new InstallError(`Agent not found: ${name}@${targetVersion}`);
+    }
+
+    // Check compatibility
+    const compatibility = await this.registry.checkCompatibility(name, targetVersion);
+    if (!compatibility.compatible && !options.force) {
+      throw new InstallError(`Incompatible agent: ${compatibility.issues.map(i => i.message).join(', ')}`);
+    }
+
+    // Resolve dependencies
+    if (!options.skipDependencies) {
+      const depTree = await this.resolveDependencies(name, targetVersion);
+
+      if (depTree.conflicts.some(c => c.resolution === 'unresolvable')) {
+        throw new DependencyError('Unresolvable dependency conflicts', depTree.conflicts);
+      }
+
+      // Install dependencies first
+      await this.installDependencies(depTree);
+    }
+
+    // Download package
+    const packagePath = await this.downloadPackage(name, targetVersion);
+
+    // Verify package
+    if (!options.skipVerification) {
+      const verification = await this.packager.verify(packagePath);
+      if (!verification.valid) {
+        throw new VerificationError('Package verification failed', verification.issues);
+      }
+
+      if (!verification.signed && this.config.signing.warnUnsigned) {
+        console.warn(`Warning: Installing unsigned package ${name}@${targetVersion}`);
+      }
+    }
+
+    // Determine install path
+    const installPath = options.global
+      ? path.join(this.config.installation.globalPath, name)
+      : path.join(this.config.installation.defaultPath, name);
+
+    // Backup existing if updating
+    const existing = await this.get(name);
+    if (existing && this.config.installation.backupBeforeUpdate) {
+      await this.backupAgent(existing);
+    }
+
+    // Unpack
+    const unpackResult = await this.packager.unpack(packagePath, installPath);
+
+    // Create installed agent record
+    const installedAgent: InstalledAgent = {
+      name,
+      version: targetVersion,
+      displayName: unpackResult.manifest.displayName,
+      description: unpackResult.manifest.description,
+      category: unpackResult.manifest.category,
+      installPath,
+      mainPath: path.join(installPath, unpackResult.manifest.main),
+      installedAt: new Date(),
+      installedBy: this.getCurrentUserId(),
+      enabled: true,
+      loaded: false,
+      manifest: unpackResult.manifest,
+      dependencies: await this.getInstalledDependencies(unpackResult.manifest)
+    };
+
+    // Save to lockfile
+    this.installed.set(name, installedAgent);
+    await this.lockfile.add(installedAgent);
+
+    // Track installation
+    await this.reviewSystem.trackUsage(name, {
+      type: 'install',
+      version: targetVersion
+    });
+
+    return installedAgent;
+  }
+
+  async uninstall(name: string): Promise<void> {
+    const agent = await this.get(name);
+    if (!agent) {
+      throw new Error(`Agent not installed: ${name}`);
+    }
+
+    // Check if other agents depend on this one
+    const dependents = await this.findDependents(name);
+    if (dependents.length > 0) {
+      throw new DependencyError(
+        `Cannot uninstall: other agents depend on ${name}`,
+        dependents.map(d => ({ name: d.name, required: d.manifest.dependencies?.[name] || '*' }))
+      );
+    }
+
+    // Unload if loaded
+    if (this.loaded.has(name)) {
+      await this.unload(name);
+    }
+
+    // Remove files
+    await fs.rm(agent.installPath, { recursive: true, force: true });
+
+    // Update records
+    this.installed.delete(name);
+    await this.lockfile.remove(name);
+
+    // Track uninstall
+    await this.reviewSystem.trackUsage(name, {
+      type: 'uninstall',
+      version: agent.version
+    });
+  }
+
+  async checkUpdates(): Promise<UpdateInfo[]> {
+    const updates: UpdateInfo[] = [];
+
+    for (const [name, agent] of this.installed) {
+      try {
+        const latestVersion = await this.registry.getLatestVersion(name);
+
+        if (semver.gt(latestVersion, agent.version)) {
+          const diff = semver.diff(agent.version, latestVersion);
+          const agentInfo = await this.registry.get(name, latestVersion);
+
+          updates.push({
+            name,
+            currentVersion: agent.version,
+            latestVersion,
+            updateType: diff as 'major' | 'minor' | 'patch',
+            breaking: diff === 'major',
+            changelog: agentInfo?.changelog
+          });
+        }
+      } catch (error) {
+        // Skip agents that can't be checked
+      }
+    }
+
+    return updates;
+  }
+
+  createSandbox(agent: InstalledAgent): AgentSandbox {
+    const permissions = new Set<AgentPermission>(agent.manifest.permissions || []);
+
+    return new AgentSandboxImpl({
+      permissions,
+      limits: {
+        memory: this.config.sandbox.resourceLimits.memory,
+        cpu: this.config.sandbox.resourceLimits.cpu,
+        timeout: this.config.sandbox.resourceLimits.timeout
+      },
+      allowedHosts: this.config.sandbox.allowedHosts,
+      blockedHosts: this.config.sandbox.blockedHosts,
+      isolationLevel: this.config.sandbox.isolationLevel
+    });
+  }
+
+  async list(): Promise<InstalledAgent[]> {
+    return Array.from(this.installed.values());
+  }
+
+  async get(name: string): Promise<InstalledAgent | null> {
+    return this.installed.get(name) || null;
+  }
+
+  async isInstalled(name: string): Promise<boolean> {
+    return this.installed.has(name);
+  }
+}
+```
+
+---
+
+## 6. CLI Commands
+
+### Comandos Disponibles
+
+```
+/elsabro:marketplace list [options]
+  Lista agentes del marketplace
+
+  Opciones:
+    --category <cat>    Filtrar por categoria
+    --sort <field>      Ordenar por: downloads, rating, updated, name
+    --limit <n>         Numero maximo de resultados
+    --installed         Mostrar solo agentes instalados
+    --updates           Mostrar agentes con actualizaciones disponibles
+
+  Ejemplos:
+    /elsabro:marketplace list
+    /elsabro:marketplace list --category testing --sort rating
+    /elsabro:marketplace list --installed --updates
+```
+
+```
+/elsabro:marketplace search <query> [options]
+  Busca agentes en el marketplace
+
+  Opciones:
+    --category <cat>    Filtrar por categoria
+    --tags <t1,t2>      Filtrar por tags
+    --min-rating <n>    Rating minimo (1-5)
+    --verified          Solo agentes verificados
+
+  Ejemplos:
+    /elsabro:marketplace search "code review"
+    /elsabro:marketplace search testing --category testing --min-rating 4
+```
+
+```
+/elsabro:marketplace install <name>[@version] [options]
+  Instala un agente del marketplace
+
+  Opciones:
+    --global            Instalar globalmente
+    --force             Forzar instalacion
+    --skip-deps         No instalar dependencias
+
+  Ejemplos:
+    /elsabro:marketplace install elsabro-reviewer
+    /elsabro:marketplace install elsabro-tester@2.1.0 --global
+```
+
+```
+/elsabro:marketplace publish <path> [options]
+  Publica un agente al marketplace
+
+  Opciones:
+    --prerelease        Marcar como prerelease
+    --notes <text>      Notas de release
+    --sign <keyfile>    Firmar con clave privada
+
+  Ejemplos:
+    /elsabro:marketplace publish ./my-agent
+    /elsabro:marketplace publish ./my-agent --sign ~/.keys/private.pem
+```
+
+```
+/elsabro:marketplace info <name>
+  Muestra informacion detallada de un agente
+
+  Ejemplos:
+    /elsabro:marketplace info elsabro-reviewer
+```
+
+```
+/elsabro:marketplace update [name]
+  Actualiza agentes instalados
+
+  Opciones:
+    --all               Actualizar todos los agentes
+    --check             Solo verificar actualizaciones
+
+  Ejemplos:
+    /elsabro:marketplace update elsabro-reviewer
+    /elsabro:marketplace update --all
+    /elsabro:marketplace update --check
+```
+
+```
+/elsabro:marketplace uninstall <name>
+  Desinstala un agente
+
+  Ejemplos:
+    /elsabro:marketplace uninstall elsabro-reviewer
+```
+
+```
+/elsabro:marketplace review <name>
+  Escribe una review para un agente
+
+  Opciones:
+    --rating <1-5>      Rating (requerido)
+    --title <text>      Titulo de la review
+    --body <text>       Cuerpo de la review
+
+  Ejemplos:
+    /elsabro:marketplace review elsabro-reviewer --rating 5 --title "Excelente"
+```
+
+---
+
+## 7. Marketplace Dashboard
+
+```
++-----------------------------------------------------------------------------+
+|                      ELSABRO Agent Marketplace                               |
++-----------------------------------------------------------------------------+
+|  Catalog: 1,247 agents | Installed: 12 | Updates: 3                         |
+|  Categories: exploration(342) implementation(456) review(189)                |
+|              testing(198) specialized(62)                                    |
++-----------------------------------------------------------------------------+
+
+                            TRENDING THIS WEEK
++------------------------+--------+--------+----------+-----------------------+
+| Agent                  | Rating | DLs/wk | Category | Description           |
++------------------------+--------+--------+----------+-----------------------+
+| elsabro-code-reviewer  |  4.8   | 2,341  | review   | AI-powered code review|
+| elsabro-test-generator |  4.6   | 1,892  | testing  | Auto test generation  |
+| elsabro-doc-writer     |  4.7   | 1,654  | impl     | Documentation gen     |
+| elsabro-security-scan  |  4.9   | 1,423  | review   | Security analysis     |
+| elsabro-refactorer     |  4.5   | 1,201  | impl     | Code refactoring      |
++------------------------+--------+--------+----------+-----------------------+
+
+                            INSTALLED AGENTS
++------------------------+---------+--------+------------+---------------------+
+| Agent                  | Version | Status | Updated    | Updates             |
++------------------------+---------+--------+------------+---------------------+
+| elsabro-code-reviewer  | 2.3.1   | Active | 2024-01-15 | 2.4.0 available     |
+| elsabro-test-generator | 1.8.0   | Active | 2024-01-10 | Up to date          |
+| elsabro-linter         | 3.1.2   | Active | 2024-01-08 | 3.2.0 available     |
+| elsabro-formatter      | 1.2.0   | Idle   | 2024-01-05 | Up to date          |
+| my-custom-agent        | 0.1.0   | Dev    | 2024-01-18 | Local               |
++------------------------+---------+--------+------------+---------------------+
+
+                         RECENT ACTIVITY
++-----------------------------------------------------------------------------+
+| [15:32] Installed elsabro-doc-writer@2.1.0                                  |
+| [14:15] Updated elsabro-test-generator 1.7.0 -> 1.8.0                       |
+| [12:45] Published my-custom-agent@0.1.0 to marketplace                      |
+| [11:20] Review submitted for elsabro-code-reviewer (5 stars)                |
++-----------------------------------------------------------------------------+
+
+Commands: list | search | install | publish | update | info | review
+```
+
+---
+
+## 8. Agent Package Structure
+
+```
+my-agent/
++-- agent.manifest.json      # Manifest del agente
++-- src/
+|   +-- index.ts             # Entry point principal
+|   +-- agent.ts             # Implementacion del agente
+|   +-- tools/               # Herramientas custom
+|   |   +-- my-tool.ts
+|   +-- prompts/             # System prompts
+|       +-- main.md
++-- tests/
+|   +-- agent.test.ts        # Tests unitarios
+|   +-- integration.test.ts  # Tests de integracion
++-- docs/
+|   +-- README.md            # Documentacion
+|   +-- CHANGELOG.md         # Historial de cambios
++-- LICENSE
++-- package.json             # Dependencias npm
+```
+
+### Manifest de Ejemplo
+
+```json
+{
+  "name": "elsabro-code-reviewer",
+  "version": "2.4.0",
+  "displayName": "Code Reviewer",
+  "description": "AI-powered code review with best practices analysis",
+  "author": {
+    "name": "ELSABRO Team",
+    "email": "team@elsabro.dev",
+    "url": "https://elsabro.dev"
+  },
+  "main": "dist/index.js",
+  "category": "review",
+  "tags": ["code-review", "best-practices", "quality"],
+  "keywords": ["review", "lint", "quality", "analysis"],
+
+  "engines": {
+    "elsabro": ">=3.4.0",
+    "node": ">=18.0.0"
+  },
+
+  "dependencies": {
+    "elsabro-linter": "^3.0.0"
+  },
+
+  "permissions": [
+    "filesystem:read",
+    "config:read"
+  ],
+
+  "contributes": {
+    "tools": [
+      {
+        "name": "analyze-code",
+        "displayName": "Analyze Code",
+        "description": "Perform deep code analysis",
+        "inputSchema": {
+          "type": "object",
+          "properties": {
+            "path": { "type": "string" },
+            "depth": { "type": "string", "enum": ["shallow", "deep"] }
+          },
+          "required": ["path"]
+        }
+      }
+    ],
+    "commands": [
+      {
+        "command": "review.start",
+        "title": "Start Code Review",
+        "category": "Review"
+      }
+    ]
+  },
+
+  "license": "MIT",
+  "repository": "https://github.com/elsabro/code-reviewer",
+  "homepage": "https://elsabro.dev/agents/code-reviewer",
+  "bugs": "https://github.com/elsabro/code-reviewer/issues"
+}
+```
+
+---
+
+## 9. Security Model
+
+### Niveles de Aislamiento
+
+```
++-----------------------------------------------------------------------------+
+|                        Sandbox Isolation Levels                              |
++-----------------------------------------------------------------------------+
+
+STRICT (Default para agentes de terceros)
++----------------------------------+
+| * VM aislada                     |
+| * Sin acceso a filesystem        |
+| * Network solo whitelist         |
+| * Sin shell                      |
+| * Memory/CPU limitados           |
++----------------------------------+
+
+MODERATE (Agentes verificados)
++----------------------------------+
+| * Proceso separado               |
+| * Filesystem read-only           |
+| * Network con restricciones      |
+| * Shell denegado                 |
+| * Limits menos estrictos         |
++----------------------------------+
+
+TRUSTED (Agentes oficiales)
++----------------------------------+
+| * Mismo proceso                  |
+| * Filesystem segun permisos      |
+| * Network permitido              |
+| * Shell con restricciones        |
+| * Sin limits de recursos         |
++----------------------------------+
+```
+
+### Permission Flow
+
+```
+                    +-------------------+
+                    | Agent requests    |
+                    | permission        |
+                    +---------+---------+
+                              |
+                    +---------v---------+
+                    | Check manifest    |
+                    | declarations      |
+                    +---------+---------+
+                              |
+              +---------------+---------------+
+              |                               |
+    +---------v---------+           +---------v---------+
+    | Declared in       |           | Not declared      |
+    | manifest          |           |                   |
+    +---------+---------+           +---------+---------+
+              |                               |
+    +---------v---------+                     |
+    | User approved?    |                     |
+    +---------+---------+                     |
+              |                               |
+      +-------+-------+                       |
+      |               |                       |
++-----v-----+   +-----v-----+           +-----v-----+
+|  GRANTED  |   |  DENIED   |           |  DENIED   |
++-----------+   +-----------+           +-----------+
+```
+
+---
+
+## Referencias
+
+- **REF-024**: Plugin System (base architecture)
+- **REF-022**: Security System (sandbox implementation)
+- **REF-023**: Configuration Management
+- **REF-025**: Esta referencia (Agent Marketplace)
+
+## Changelog
+
+### v3.6.0
+- Initial marketplace implementation
+- Registry with search and filtering
+- Package signing and verification
+- Publishing pipeline with automated review
+- Rating and review system
+- Sandboxed execution for third-party agents