framein 0.0.4 → 0.0.5

package/dist/db.js

@@ -1,7 +1,7 @@
-// Thin typed facade over the experimental built-in node:sqlite.
-// Declaring our own minimal surface decouples us from @types/node version drift.
-// @ts-ignore - node:sqlite is experimental; type defs may be absent.
-import { DatabaseSync } from 'node:sqlite';
-export function openDb(path) {
-    return new DatabaseSync(path);
-}
+// Thin typed facade over the experimental built-in node:sqlite.
+// Declaring our own minimal surface decouples us from @types/node version drift.
+// @ts-ignore - node:sqlite is experimental; type defs may be absent.
+import { DatabaseSync } from 'node:sqlite';
+export function openDb(path) {
+    return new DatabaseSync(path);
+}

package/dist/debt.js

@@ -1,42 +1,42 @@
-// Vibe Debt Delta (F-LOOP-9, ADR-0008): show the debt THIS change added — not the codebase's
-// hundreds of pre-existing warnings. Pure: parse a unified git diff into a small delta. Heuristic
-// by design (a hint, not a linter); reading the diff (git) lives in cli.ts.
-import { PLAIN } from './ui/theme.js';
-export function parseDiffDebt(diff) {
-    let addedLines = 0, removedLines = 0, todos = 0;
-    const addedDeps = [];
-    let curFile = '';
-    for (const line of (diff ?? '').split('\n')) {
-        if (line.startsWith('+++ ')) {
-            curFile = line.replace(/^\+\+\+ (b\/)?/, '').trim();
-            continue;
-        }
-        if (line.startsWith('--- ') || line.startsWith('@@') || line.startsWith('diff '))
-            continue;
-        if (line.startsWith('+')) {
-            addedLines++;
-            if (/\b(TODO|FIXME|HACK|XXX)\b/.test(line))
-                todos++;
-            if (/package\.json$/.test(curFile)) {
-                const m = line.match(/^\+\s*"([^"]+)":\s*"[~^]?\d/); // "pkg": "^1.2.3" style additions
-                if (m)
-                    addedDeps.push(m[1]);
-            }
-        }
-        else if (line.startsWith('-')) {
-            removedLines++;
-        }
-    }
-    return { addedLines, removedLines, addedDeps, todos };
-}
-export function renderDebt(d, ui = PLAIN) {
-    const lines = [ui.tone('Debt delta (this change only):', 'muted')];
-    if (d.addedDeps.length)
-        lines.push(ui.tone(`  + ${d.addedDeps.length} runtime dependency${d.addedDeps.length > 1 ? '(ies)' : ''}: ${d.addedDeps.join(', ')}`, 'warning'));
-    if (d.todos)
-        lines.push(ui.tone(`  + ${d.todos} TODO/FIXME`, 'warning'));
-    lines.push(`  ~ ${d.addedLines} added / ${d.removedLines} removed lines`);
-    if (!d.addedDeps.length && !d.todos)
-        lines.push(ui.tone('  (no new deps or TODOs)', 'success'));
-    return lines.join('\n');
-}
+// Vibe Debt Delta (F-LOOP-9, ADR-0008): show the debt THIS change added — not the codebase's
+// hundreds of pre-existing warnings. Pure: parse a unified git diff into a small delta. Heuristic
+// by design (a hint, not a linter); reading the diff (git) lives in cli.ts.
+import { PLAIN } from './ui/theme.js';
+export function parseDiffDebt(diff) {
+    let addedLines = 0, removedLines = 0, todos = 0;
+    const addedDeps = [];
+    let curFile = '';
+    for (const line of (diff ?? '').split('\n')) {
+        if (line.startsWith('+++ ')) {
+            curFile = line.replace(/^\+\+\+ (b\/)?/, '').trim();
+            continue;
+        }
+        if (line.startsWith('--- ') || line.startsWith('@@') || line.startsWith('diff '))
+            continue;
+        if (line.startsWith('+')) {
+            addedLines++;
+            if (/\b(TODO|FIXME|HACK|XXX)\b/.test(line))
+                todos++;
+            if (/package\.json$/.test(curFile)) {
+                const m = line.match(/^\+\s*"([^"]+)":\s*"[~^]?\d/); // "pkg": "^1.2.3" style additions
+                if (m)
+                    addedDeps.push(m[1]);
+            }
+        }
+        else if (line.startsWith('-')) {
+            removedLines++;
+        }
+    }
+    return { addedLines, removedLines, addedDeps, todos };
+}
+export function renderDebt(d, ui = PLAIN) {
+    const lines = [ui.tone('Debt delta (this change only):', 'muted')];
+    if (d.addedDeps.length)
+        lines.push(ui.tone(`  + ${d.addedDeps.length} runtime dependency${d.addedDeps.length > 1 ? '(ies)' : ''}: ${d.addedDeps.join(', ')}`, 'warning'));
+    if (d.todos)
+        lines.push(ui.tone(`  + ${d.todos} TODO/FIXME`, 'warning'));
+    lines.push(`  ~ ${d.addedLines} added / ${d.removedLines} removed lines`);
+    if (!d.addedDeps.length && !d.todos)
+        lines.push(ui.tone('  (no new deps or TODOs)', 'success'));
+    return lines.join('\n');
+}

package/dist/delegate.js

@@ -1,64 +1,71 @@
-// Headless delegation (ADR-0007 B-2). The PRIMARY way framein pulls another role into a session:
-// drive each CLI's non-interactive print mode over child_process pipes — NO PTY. This sidesteps the
-// Windows ConPTY/node-pty risk and keeps zero runtime deps. Human-in-the-loop attach uses Node's
-// built-in `stdio:'inherit'` (interactiveCommand below) — a programmatic PTY (node-pty) is
-// deliberately not used (ADR-0009). These builders are pure; the spawn lives in cli.ts and is
-// live-verified against real claude/codex/gemini.
-import { DEFAULT_ROLE_PRIORITY } from './roles.js';
-/**
- * Non-interactive one-shot invocation for each agent (prompt via stdin, response on stdout).
- * `opts.trustFlags` (from trustPlan, F-TRUST) are FIXED per-agent permission-bypass flags appended
- * to argv — still no user input there, so it stays shell-safe under shell:true.
- */
-export function buildInvocation(agent, prompt, opts = {}) {
-    const trust = opts.trustFlags ?? [];
-    switch (agent) {
-        case 'claude': return { command: 'claude', args: ['-p', ...trust], stdin: prompt };
-        case 'codex': return { command: 'codex', args: ['exec', '--skip-git-repo-check', ...trust], stdin: prompt }; // exec refuses untrusted/non-git dirs otherwise
-        // gemini -p takes the prompt as a value and APPENDS stdin; `--prompt=` (empty) + stdin keeps the
-        // prompt off argv (shell-safe), `--skip-trust` is required for headless untrusted dirs. Verified.
-        case 'gemini': return { command: 'gemini', args: ['--prompt=', '--skip-trust', ...trust], stdin: prompt };
-        default: {
-            const _exhaustive = agent;
-            throw new Error(`unknown agent: ${String(_exhaustive)}`);
-        }
-    }
-}
-/** Which agent runs a role: the explicit assignment, else the role's default-priority head. */
-export function resolveAgent(roles, role) {
-    return roles[role] ?? DEFAULT_ROLE_PRIORITY[role][0];
-}
-/** The fixed shell command (flags only, no user input) that runDelegated runs with shell:true. */
-export function invocationCommand(inv) {
-    return [inv.command, ...inv.args].join(' ');
-}
-/**
- * The bare interactive command for an agent — launched with stdio:'inherit' so the human drives the
- * agent's own TUI directly, inside the already-synced frame (ADR-0007 B-2 interactive path, zero-dep).
- * A true programmatic PTY (read/inject/resize the agent's terminal) would need node-pty — a native
- * runtime dependency that breaks framein's zero-dep invariant (ADR-0003) — and framein observes via
- * the store/ledger, not by screen-scraping a TTY, so it is deliberately NOT used.
- */
-// `resume` re-enters the agent's MOST RECENT session in this cwd (handoff continuity, F-CAPSULE/ADR-0009):
-// claude `--continue`, codex `resume --last`, gemini `--resume`. framein decides re-entry from its own
-// ledger (a prior enter/return for this agent) — it never scrapes the printed session id (ADR-0009).
-export function interactiveCommand(agent, resume = false, trustFlags = []) {
-    // F-TRUST placement: codex `resume` is a SUBCOMMAND, so top-level bypass flags must come BEFORE it
-    // (`codex --full-auto resume --last`); appending after the subcommand makes codex reject them. claude
-    // `--continue` and gemini `--resume` are plain flags, so trust flags can follow.
-    const t = trustFlags.length ? ` ${trustFlags.join(' ')}` : '';
-    switch (agent) {
-        case 'claude': return `claude${resume ? ' --continue' : ''}${t}`;
-        case 'codex': return `codex${t}${resume ? ' resume --last' : ''}`;
-        case 'gemini': return `gemini${resume ? ' --resume' : ''}${t}`;
-        default: {
-            const _exhaustive = agent;
-            throw new Error(`unknown agent: ${String(_exhaustive)}`);
-        }
-    }
-}
-/** Human-readable preview for `--show`: the fixed command + a peek at the stdin prompt. */
-export function renderInvocation(inv) {
-    const peek = inv.stdin.length > 60 ? inv.stdin.slice(0, 60) + '…' : inv.stdin;
-    return `${invocationCommand(inv)}  ⟵ stdin: ${JSON.stringify(peek)}`;
-}
+// Headless delegation (ADR-0007 B-2). The PRIMARY way framein pulls another role into a session:
+// drive each CLI's non-interactive print mode over child_process pipes — NO PTY. This sidesteps the
+// Windows ConPTY/node-pty risk and keeps zero runtime deps. Human-in-the-loop attach uses Node's
+// built-in `stdio:'inherit'` (interactiveCommand below) — a programmatic PTY (node-pty) is
+// deliberately not used (ADR-0009). These builders are pure; the spawn lives in cli.ts and is
+// live-verified against real claude/codex/gemini.
+import { DEFAULT_ROLE_PRIORITY } from './roles.js';
+export const HANDOFF_START_PROMPT = 'Framein handoff: run `framein capsule` first, restate the current task contract briefly, then continue from the local facts. Do not ask the user to re-explain context.';
+/**
+ * Non-interactive one-shot invocation for each agent (prompt via stdin, response on stdout).
+ * `opts.trustFlags` (from trustPlan, F-TRUST) are FIXED per-agent permission-bypass flags appended
+ * to argv — still no user input there, so it stays shell-safe under shell:true.
+ */
+export function buildInvocation(agent, prompt, opts = {}) {
+    const trust = opts.trustFlags ?? [];
+    switch (agent) {
+        case 'claude': return { command: 'claude', args: ['-p', ...trust], stdin: prompt };
+        case 'codex': return { command: 'codex', args: ['exec', '--skip-git-repo-check', ...trust], stdin: prompt }; // exec refuses untrusted/non-git dirs otherwise
+        // gemini -p takes the prompt as a value and APPENDS stdin; `--prompt=` (empty) + stdin keeps the
+        // prompt off argv (shell-safe), `--skip-trust` is required for headless untrusted dirs. Verified.
+        case 'gemini': return { command: 'gemini', args: ['--prompt=', '--skip-trust', ...trust], stdin: prompt };
+        default: {
+            const _exhaustive = agent;
+            throw new Error(`unknown agent: ${String(_exhaustive)}`);
+        }
+    }
+}
+/** Which agent runs a role: the explicit assignment, else the role's default-priority head. */
+export function resolveAgent(roles, role) {
+    return roles[role] ?? DEFAULT_ROLE_PRIORITY[role][0];
+}
+/** The fixed shell command (flags only, no user input) that runDelegated runs with shell:true. */
+export function invocationCommand(inv) {
+    return [inv.command, ...inv.args].join(' ');
+}
+/**
+ * The bare interactive command for an agent — launched with stdio:'inherit' so the human drives the
+ * agent's own TUI directly, inside the already-synced frame (ADR-0007 B-2 interactive path, zero-dep).
+ * A true programmatic PTY (read/inject/resize the agent's terminal) would need node-pty — a native
+ * runtime dependency that breaks framein's zero-dep invariant (ADR-0003) — and framein observes via
+ * the store/ledger, not by screen-scraping a TTY, so it is deliberately NOT used.
+ */
+// `resume` re-enters the agent's MOST RECENT session in this cwd (handoff continuity, F-CAPSULE/ADR-0009):
+// claude `--continue`, codex `resume --last`, gemini `--resume`. framein decides re-entry from its own
+// ledger (a prior enter/return for this agent) — it never scrapes the printed session id (ADR-0009).
+function shellQuote(arg) {
+    if (process.platform === 'win32')
+        return `"${arg.replace(/"/g, '\\"')}"`;
+    return `'${arg.replace(/'/g, `'\\''`)}'`;
+}
+export function interactiveCommand(agent, resume = false, trustFlags = [], initialPrompt) {
+    // F-TRUST placement: codex `resume` is a SUBCOMMAND, so top-level bypass flags must come BEFORE it
+    // (`codex --full-auto resume --last`); appending after the subcommand makes codex reject them. claude
+    // `--continue` and gemini `--resume` are plain flags, so trust flags can follow.
+    const t = trustFlags.length ? ` ${trustFlags.join(' ')}` : '';
+    const p = initialPrompt ? ` ${shellQuote(initialPrompt)}` : '';
+    switch (agent) {
+        case 'claude': return `claude${resume ? ' --continue' : ''}${t}${p}`;
+        case 'codex': return `codex${t}${resume ? ' resume --last' : ''}${p}`;
+        case 'gemini': return `gemini${resume ? ' --resume' : ''}${t}${initialPrompt ? ` --prompt-interactive${p}` : ''}`;
+        default: {
+            const _exhaustive = agent;
+            throw new Error(`unknown agent: ${String(_exhaustive)}`);
+        }
+    }
+}
+/** Human-readable preview for `--show`: the fixed command + a peek at the stdin prompt. */
+export function renderInvocation(inv) {
+    const peek = inv.stdin.length > 60 ? inv.stdin.slice(0, 60) + '…' : inv.stdin;
+    return `${invocationCommand(inv)}  ⟵ stdin: ${JSON.stringify(peek)}`;
+}

package/dist/detect.js

@@ -1,118 +1,118 @@
-// Reuse-first (ADR-0002/0004): DETECT each agent's existing MCP servers and skills and
-// surface them; never proxy or reimplement them. Parsers are pure (fixture-testable);
-// the disk layer is best-effort and swallows missing/malformed files.
-import { existsSync, readFileSync, readdirSync } from 'node:fs';
-import { homedir } from 'node:os';
-import { join } from 'node:path';
-// --- pure parsers (one per CLI's config format) ---
-/** Claude project `.mcp.json`: { "mcpServers": { name: { command, args } } } */
-export function parseClaudeMcpJson(text) {
-    const servers = (JSON.parse(text)?.mcpServers ?? {});
-    return Object.entries(servers).map(([name, def]) => ({ agent: 'claude', name, command: def?.command ?? '' }));
-}
-/** Gemini `settings.json`: { "mcpServers": { name: { command, args } } } */
-export function parseGeminiMcpJson(text) {
-    const servers = (JSON.parse(text)?.mcpServers ?? {});
-    return Object.entries(servers).map(([name, def]) => ({ agent: 'gemini', name, command: def?.command ?? '' }));
-}
-/**
- * Codex `~/.codex/config.toml`: top-level `[mcp_servers.<name>]` tables (sub-tables like
- * `[mcp_servers.<name>.env]` are NOT servers). Minimal line-based reader (zero-dep).
- */
-export function parseCodexMcpToml(text) {
-    const out = [];
-    let cur = null;
-    for (const raw of text.split('\n')) {
-        // strip a trailing ` # comment` (best effort: not quote-aware, but tolerates the common case)
-        const line = raw.replace(/\s+#.*$/, '').trim();
-        const sec = line.match(/^\[mcp_servers\.([^.\]]+)\]$/);
-        if (sec) {
-            cur = { agent: 'codex', name: sec[1], command: '' };
-            out.push(cur);
-            continue;
-        }
-        if (line.startsWith('[')) {
-            cur = null;
-            continue;
-        } // any other section ends the current server
-        if (cur) {
-            const m = line.match(/^command\s*=\s*['"](.*?)['"]\s*$/);
-            if (m)
-                cur.command = m[1];
-        }
-    }
-    return out;
-}
-/** Server names configured for more than one agent (surfaced, not auto-resolved). */
-export function findConflicts(servers) {
-    const byName = new Map();
-    for (const s of servers) {
-        if (!byName.has(s.name))
-            byName.set(s.name, new Set());
-        byName.get(s.name).add(s.agent);
-    }
-    return [...byName.entries()].filter(([, agents]) => agents.size > 1).map(([name]) => name).sort();
-}
-/**
- * The config patches that would register framein's OWN MCP server into each CLI. Generated
- * for the user to apply after approval (§6.3) — framein does not write them automatically.
- */
-export function frameinMcpRegistration(command = 'framein', args = ['mcp', 'serve']) {
-    const json = JSON.stringify({ mcpServers: { framein: { command, args } } }, null, 2);
-    const codex = `[mcp_servers.framein]\ncommand = ${JSON.stringify(command)}\nargs = [${args.map((a) => JSON.stringify(a)).join(', ')}]`;
-    return { claude: json, codex, gemini: json };
-}
-export const FRAMEIN_SKILLS = [
-    { source: 'framein', name: 'adr-flow', description: 'record a decision as an ADR and re-sync all agents' },
-    { source: 'framein', name: 'delegate', description: 'hand a task to another role; it reads the shared store' },
-    { source: 'framein', name: 'cross-review', description: 'ask the reviewer role to audit the current change' },
-];
-/** Parse the `name`/`description` from a SKILL.md YAML-ish frontmatter block. */
-export function parseSkillFrontmatter(md) {
-    const fm = md.match(/^---\r?\n([\s\S]*?)\r?\n---/);
-    if (!fm)
-        return {};
-    const name = fm[1].match(/^name:\s*(.+)$/m)?.[1]?.trim();
-    const description = fm[1].match(/^description:\s*(.+)$/m)?.[1]?.trim();
-    return { name, description };
-}
-// --- best-effort disk layer ---
-function tryParse(path, parse, into) {
-    try {
-        if (existsSync(path))
-            into.push(...parse(readFileSync(path, 'utf8')));
-    }
-    catch { /* ignore malformed/missing */ }
-}
-export function detectMcpFromDisk(opts = {}) {
-    const cwd = opts.cwd ?? process.cwd();
-    const home = opts.home ?? homedir();
-    const servers = [];
-    tryParse(join(cwd, '.mcp.json'), parseClaudeMcpJson, servers);
-    tryParse(join(home, '.codex', 'config.toml'), parseCodexMcpToml, servers);
-    tryParse(join(home, '.gemini', 'settings.json'), parseGeminiMcpJson, servers);
-    tryParse(join(cwd, '.gemini', 'settings.json'), parseGeminiMcpJson, servers);
-    return servers;
-}
-export function detectSkillsFromDisk(opts = {}) {
-    const cwd = opts.cwd ?? process.cwd();
-    const home = opts.home ?? homedir();
-    const out = [];
-    for (const base of [join(cwd, '.claude', 'skills'), join(home, '.claude', 'skills')]) {
-        try {
-            if (!existsSync(base))
-                continue;
-            for (const entry of readdirSync(base, { withFileTypes: true })) {
-                if (!entry.isDirectory())
-                    continue;
-                const md = join(base, entry.name, 'SKILL.md');
-                if (!existsSync(md))
-                    continue;
-                const { name, description } = parseSkillFrontmatter(readFileSync(md, 'utf8'));
-                out.push({ source: 'claude', name: name ?? entry.name, description: description ?? '' });
-            }
-        }
-        catch { /* ignore */ }
-    }
-    return out;
-}
+// Reuse-first (ADR-0002/0004): DETECT each agent's existing MCP servers and skills and
+// surface them; never proxy or reimplement them. Parsers are pure (fixture-testable);
+// the disk layer is best-effort and swallows missing/malformed files.
+import { existsSync, readFileSync, readdirSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+// --- pure parsers (one per CLI's config format) ---
+/** Claude project `.mcp.json`: { "mcpServers": { name: { command, args } } } */
+export function parseClaudeMcpJson(text) {
+    const servers = (JSON.parse(text)?.mcpServers ?? {});
+    return Object.entries(servers).map(([name, def]) => ({ agent: 'claude', name, command: def?.command ?? '' }));
+}
+/** Gemini `settings.json`: { "mcpServers": { name: { command, args } } } */
+export function parseGeminiMcpJson(text) {
+    const servers = (JSON.parse(text)?.mcpServers ?? {});
+    return Object.entries(servers).map(([name, def]) => ({ agent: 'gemini', name, command: def?.command ?? '' }));
+}
+/**
+ * Codex `~/.codex/config.toml`: top-level `[mcp_servers.<name>]` tables (sub-tables like
+ * `[mcp_servers.<name>.env]` are NOT servers). Minimal line-based reader (zero-dep).
+ */
+export function parseCodexMcpToml(text) {
+    const out = [];
+    let cur = null;
+    for (const raw of text.split('\n')) {
+        // strip a trailing ` # comment` (best effort: not quote-aware, but tolerates the common case)
+        const line = raw.replace(/\s+#.*$/, '').trim();
+        const sec = line.match(/^\[mcp_servers\.([^.\]]+)\]$/);
+        if (sec) {
+            cur = { agent: 'codex', name: sec[1], command: '' };
+            out.push(cur);
+            continue;
+        }
+        if (line.startsWith('[')) {
+            cur = null;
+            continue;
+        } // any other section ends the current server
+        if (cur) {
+            const m = line.match(/^command\s*=\s*['"](.*?)['"]\s*$/);
+            if (m)
+                cur.command = m[1];
+        }
+    }
+    return out;
+}
+/** Server names configured for more than one agent (surfaced, not auto-resolved). */
+export function findConflicts(servers) {
+    const byName = new Map();
+    for (const s of servers) {
+        if (!byName.has(s.name))
+            byName.set(s.name, new Set());
+        byName.get(s.name).add(s.agent);
+    }
+    return [...byName.entries()].filter(([, agents]) => agents.size > 1).map(([name]) => name).sort();
+}
+/**
+ * The config patches that would register framein's OWN MCP server into each CLI. Generated
+ * for the user to apply after approval (§6.3) — framein does not write them automatically.
+ */
+export function frameinMcpRegistration(command = 'framein', args = ['mcp', 'serve']) {
+    const json = JSON.stringify({ mcpServers: { framein: { command, args } } }, null, 2);
+    const codex = `[mcp_servers.framein]\ncommand = ${JSON.stringify(command)}\nargs = [${args.map((a) => JSON.stringify(a)).join(', ')}]`;
+    return { claude: json, codex, gemini: json };
+}
+export const FRAMEIN_SKILLS = [
+    { source: 'framein', name: 'adr-flow', description: 'record a decision as an ADR and re-sync all agents' },
+    { source: 'framein', name: 'delegate', description: 'hand a task to another role; it reads the shared store' },
+    { source: 'framein', name: 'cross-review', description: 'ask the reviewer role to audit the current change' },
+];
+/** Parse the `name`/`description` from a SKILL.md YAML-ish frontmatter block. */
+export function parseSkillFrontmatter(md) {
+    const fm = md.match(/^---\r?\n([\s\S]*?)\r?\n---/);
+    if (!fm)
+        return {};
+    const name = fm[1].match(/^name:\s*(.+)$/m)?.[1]?.trim();
+    const description = fm[1].match(/^description:\s*(.+)$/m)?.[1]?.trim();
+    return { name, description };
+}
+// --- best-effort disk layer ---
+function tryParse(path, parse, into) {
+    try {
+        if (existsSync(path))
+            into.push(...parse(readFileSync(path, 'utf8')));
+    }
+    catch { /* ignore malformed/missing */ }
+}
+export function detectMcpFromDisk(opts = {}) {
+    const cwd = opts.cwd ?? process.cwd();
+    const home = opts.home ?? homedir();
+    const servers = [];
+    tryParse(join(cwd, '.mcp.json'), parseClaudeMcpJson, servers);
+    tryParse(join(home, '.codex', 'config.toml'), parseCodexMcpToml, servers);
+    tryParse(join(home, '.gemini', 'settings.json'), parseGeminiMcpJson, servers);
+    tryParse(join(cwd, '.gemini', 'settings.json'), parseGeminiMcpJson, servers);
+    return servers;
+}
+export function detectSkillsFromDisk(opts = {}) {
+    const cwd = opts.cwd ?? process.cwd();
+    const home = opts.home ?? homedir();
+    const out = [];
+    for (const base of [join(cwd, '.claude', 'skills'), join(home, '.claude', 'skills')]) {
+        try {
+            if (!existsSync(base))
+                continue;
+            for (const entry of readdirSync(base, { withFileTypes: true })) {
+                if (!entry.isDirectory())
+                    continue;
+                const md = join(base, entry.name, 'SKILL.md');
+                if (!existsSync(md))
+                    continue;
+                const { name, description } = parseSkillFrontmatter(readFileSync(md, 'utf8'));
+                out.push({ source: 'claude', name: name ?? entry.name, description: description ?? '' });
+            }
+        }
+        catch { /* ignore */ }
+    }
+    return out;
+}