oathbound 0.11.0 → 0.12.0

package/cli.ts

@@ -20,13 +20,14 @@ import { isValidSemver, compareSemver } from './semver';
 import { verify, verifyCheck, findSkillsDir } from './verify';
 import { login, logout, whoami } from './auth';
 import { push } from './push';
+import { search, parseSearchArgs } from './search';
 
 // Re-exports for tests
 export { stripJsoncComments, writeOathboundConfig, mergeClaudeSettings, type MergeResult } from './config';
 export { isNewer } from './update';
-export { installDevDependency, type InstallResult, setup, addPrepareScript, type PrepareResult };
+export { installDevDependency, type InstallResult, setup, addPrepareScript, type PrepareResult, addTrustedDependency, type TrustedDepResult };
 
-const VERSION = '0.11.0';
+const VERSION = '0.12.0';
 
 // --- Supabase ---
 const SUPABASE_URL = 'https://mjnfqagwuewhgwbtrdgs.supabase.co';
@@ -106,6 +107,27 @@ function setup(): void {
   }
 }
 
+type TrustedDepResult = 'added' | 'skipped';
+
+function addTrustedDependency(): TrustedDepResult {
+  const pkgPath = join(process.cwd(), 'package.json');
+  if (!existsSync(pkgPath)) return 'skipped';
+
+  let pkg: Record<string, unknown>;
+  try {
+    pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+  } catch {
+    return 'skipped';
+  }
+
+  const trusted = Array.isArray(pkg.trustedDependencies) ? pkg.trustedDependencies as string[] : [];
+  if (trusted.includes('oathbound')) return 'skipped';
+
+  pkg.trustedDependencies = [...trusted, 'oathbound'];
+  writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + '\n');
+  return 'added';
+}
+
 type PrepareResult = 'added' | 'appended' | 'skipped';
 
 function addPrepareScript(): PrepareResult {
@@ -194,6 +216,15 @@ async function init(): Promise<void> {
       process.exit(1);
   }
 
+  // For bun/pnpm: add trustedDependencies so postinstall runs
+  const pm = detectPackageManager();
+  if (pm === 'bun' || pm === 'pnpm') {
+    const trustResult = addTrustedDependency();
+    if (trustResult === 'added') {
+      process.stderr.write(`${GREEN} ✓ Added oathbound to trustedDependencies (required by ${pm})${RESET}\n`);
+    }
+  }
+
   // Add prepare script to package.json
   const prepareResult = addPrepareScript();
   if (prepareResult === 'added' || prepareResult === 'appended') {
@@ -380,6 +411,12 @@ if (subcommand === 'init') {
     const msg = err instanceof Error ? err.message : 'Unknown error';
     fail('Push failed', msg);
   });
+} else if (subcommand === 'search' || subcommand === 'list' || subcommand === 'ls') {
+  const searchOpts = parseSearchArgs(args.slice(1));
+  search(searchOpts).catch((err: unknown) => {
+    const msg = err instanceof Error ? err.message : 'Unknown error';
+    fail('Search failed', msg);
+  });
 } else {
   const PULL_ALIASES = new Set(['pull', 'i', 'install']);
   const skillArg = args[1];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oathbound",
-  "version": "0.11.0",
+  "version": "0.12.0",
   "description": "Install verified Claude Code skills from the Oath Bound registry",
   "license": "BUSL-1.1",
   "author": "Josh Anderson",
@@ -31,6 +31,7 @@
     "content-hash.ts",
     "auth.ts",
     "push.ts",
+    "search.ts",
     "semver.ts",
     "bin/cli.cjs",
     "install.cjs"

package/search.ts

@@ -0,0 +1,152 @@
+import { BRAND, TEAL, GREEN, DIM, BOLD, RESET, fail, spinner } from './ui';
+
+const API_BASE = process.env.OATHBOUND_API_URL ?? 'https://www.oathbound.ai';
+
+export interface SearchOptions {
+  query?: string;
+  namespace?: string;
+  sparse?: boolean;
+  limit?: number;
+  offset?: number;
+}
+
+export function parseSearchArgs(args: string[]): SearchOptions {
+  const opts: SearchOptions = {};
+  let i = 0;
+
+  while (i < args.length) {
+    const arg = args[i];
+
+    if (arg === '--user' || arg === '-u') {
+      opts.namespace = args[++i];
+    } else if (arg === '--sparse' || arg === '-s') {
+      opts.sparse = true;
+    } else if (arg === '--limit') {
+      opts.limit = parseInt(args[++i], 10);
+    } else if (arg === '--offset') {
+      opts.offset = parseInt(args[++i], 10);
+    } else if (!arg.startsWith('-')) {
+      opts.query = arg;
+    }
+
+    i++;
+  }
+
+  return opts;
+}
+
+interface SkillAuthor {
+  username: string;
+  display_name: string | null;
+  verified: boolean;
+}
+
+interface SkillResult {
+  name: string;
+  namespace: string;
+  description: string;
+  version: string;
+  license?: string;
+  visibility?: string;
+  author?: SkillAuthor;
+  audit_status?: 'passed' | 'failed' | 'none';
+}
+
+interface SearchResponse {
+  ok: boolean;
+  skills: SkillResult[];
+  total: number;
+  limit: number;
+  offset: number;
+  error?: string;
+}
+
+export async function search(opts: SearchOptions): Promise<void> {
+  const params = new URLSearchParams();
+  if (opts.query) params.set('q', opts.query);
+  if (opts.namespace) params.set('namespace', opts.namespace);
+  if (opts.sparse) params.set('sparse', 'true');
+  if (opts.limit != null) params.set('limit', String(opts.limit));
+  if (opts.offset != null) params.set('offset', String(opts.offset));
+
+  const url = `${API_BASE}/api/skills?${params}`;
+
+  const sp = spinner('Searching...');
+
+  let res: Response;
+  try {
+    res = await fetch(url);
+  } catch (err) {
+    sp.stop();
+    const msg = err instanceof Error ? err.message : 'Unknown error';
+    fail('Search failed', msg);
+  }
+
+  sp.stop();
+
+  if (!res.ok) {
+    let detail = `HTTP ${res.status}`;
+    try {
+      const body = await res.json() as { error?: string };
+      if (body.error) detail = body.error;
+    } catch { /* ignore parse errors */ }
+    fail('Search failed', detail);
+  }
+
+  const data = await res.json() as SearchResponse;
+
+  if (!data.ok || !data.skills) {
+    fail('Search failed', data.error ?? 'Unexpected response');
+  }
+
+  const { skills, total, offset } = data;
+
+  if (skills.length === 0) {
+    console.log(`\n${BRAND} ${DIM}No skills found.${RESET}`);
+    return;
+  }
+
+  const showing = offset > 0
+    ? `Showing ${offset + 1}–${offset + skills.length} of ${total}`
+    : `${total} skill${total === 1 ? '' : 's'} found`;
+
+  console.log(`\n${BRAND} ${TEAL}${showing}${RESET}\n`);
+
+  for (const skill of skills) {
+    const id = `${skill.namespace}/${skill.name}`;
+    const ver = `v${skill.version}`;
+
+    // Line 1: name + version
+    console.log(`  ${BOLD}${id}${RESET} ${DIM}${ver}${RESET}`);
+
+    // Line 2: description
+    if (skill.description) {
+      console.log(`  ${DIM}${skill.description}${RESET}`);
+    }
+
+    // Line 3: metadata (non-sparse only)
+    if (!opts.sparse && (skill.author || skill.audit_status || skill.license)) {
+      const parts: string[] = [];
+      if (skill.author) {
+        const name = skill.author.display_name || skill.author.username;
+        parts.push(`by ${name}${skill.author.verified ? ' ✓' : ''}`);
+      }
+      if (skill.license) parts.push(skill.license);
+      if (skill.audit_status && skill.audit_status !== 'none') {
+        parts.push(skill.audit_status === 'passed' ? `${GREEN}audited${RESET}` : 'audit failed');
+      }
+      if (skill.visibility === 'private') parts.push('private');
+      if (parts.length > 0) {
+        console.log(`  ${DIM}${parts.join(' · ')}${RESET}`);
+      }
+    }
+
+    console.log(); // blank line between skills
+  }
+
+  // Pagination hint
+  if (offset + skills.length < total) {
+    const nextOffset = offset + skills.length;
+    console.log(`${DIM}  Use --offset ${nextOffset} to see more${RESET}\n`);
+  }
+}

package/ui.ts

@@ -25,6 +25,8 @@ ${DIM}Usage:${RESET}
   oathbound pull <namespace/skill-name[@version]>
   oathbound install <namespace/skill-name[@version]>
   oathbound push [path] [--private]  ${DIM}Publish a skill to the registry${RESET}
+  oathbound search [query]            ${DIM}Search skills in the registry${RESET}
+  oathbound list                      ${DIM}List all public skills${RESET}
   oathbound login               ${DIM}Authenticate with oathbound.ai${RESET}
   oathbound logout              ${DIM}Clear stored credentials${RESET}
   oathbound whoami              ${DIM}Show current user${RESET}