npm - opencode-api-security-testing - Versions diffs - 3.0.3 → 4.0.0 - Mend

opencode-api-security-testing 3.0.3 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "opencode-api-security-testing",
-  "version": "3.0.3",
-  "description": "API Security Testing Plugin for OpenCode - Automated vulnerability scanning and penetration testing",
+  "version": "4.0.0",
+  "description": "API Security Testing Plugin for OpenCode - Tools for vulnerability scanning",
   "type": "module",
   "main": "src/index.ts",
   "files": [
@@ -9,36 +9,21 @@
     "agents/",
     "core/",
     "references/",
-    "examples/",
-    "SKILL.md",
-    "postinstall.mjs",
-    "preuninstall.mjs"
+    "SKILL.md"
   ],
-  "scripts": {
-    "postinstall": "node postinstall.mjs",
-    "preuninstall": "node preuninstall.mjs"
-  },
   "keywords": [
     "opencode",
     "opencode-plugin",
     "security",
-    "api-security",
-    "pentest",
-    "vulnerability-scanning"
+    "api-security"
   ],
   "author": "steveopen1",
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/steveopen1/skill-play"
+    "url": "git+https://github.com/steveopen1/skill-play.git"
   },
-  "homepage": "https://github.com/steveopen1/skill-play/tree/main/agent-plugins/OPENCODE/api-security-testing",
   "peerDependencies": {
-    "@opencode-ai/plugin": "^1.1.19",
-    "@opencode-ai/sdk": "^1.1.19"
-  },
-  "dependencies": {
-    "@opencode-ai/plugin": "^1.1.19",
-    "@opencode-ai/sdk": "^1.1.19"
+    "@opencode-ai/plugin": "^1.1.19"
   }
 }

package/src/index.ts CHANGED Viewed

@@ -1,392 +1,175 @@
 import type { Plugin } from "@opencode-ai/plugin";
 import { tool } from "@opencode-ai/plugin";
-import type { AgentConfig } from "@opencode-ai/sdk";
-import { join } from "path";
-import { existsSync } from "fs";
-const SKILL_DIR = "skills/api-security-testing";
-const CORE_DIR = `${SKILL_DIR}/core`;
-function getCorePath(ctx: { directory: string }): string {
-  return join(ctx.directory, CORE_DIR);
-}
-function checkAndInstallDeps(ctx: { directory: string }): string {
-  const corePath = getCorePath(ctx);
-  const reqFile = join(corePath, "..", "requirements.txt");
-  if (existsSync(reqFile)) {
-    return `pip install -q -r "${reqFile}" 2>/dev/null || pip install -q requests beautifulsoup4 playwright 2>/dev/null; `;
-  }
-  return "";
-}
-async function execPython(ctx: { directory: string }, script: string, timeout = 60): Promise<string> {
-  const corePath = getCorePath(ctx);
-  const deps = checkAndInstallDeps(ctx);
-  try {
-    const result = await ctx.$`${deps}timeout ${timeout} python3 -c ${script}`;
-    return result.toString();
-  } catch (error) {
-    const errorMessage = error instanceof Error ? error.message : String(error);
-    if (errorMessage.includes("timeout")) {
-      return `错误: 执行超时 (${timeout}秒)。目标可能无响应或需要更长时间。`;
-    }
-    if (errorMessage.includes("ModuleNotFoundError")) {
-      return `错误: 缺少 Python 依赖模块。请运行: pip install -r requirements.txt`;
-    }
-    return `错误: ${errorMessage}`;
-  }
+function getCorePath(directory: string): string {
+  return `${directory}/skills/api-security-testing/core`;
 }
-const CYBER_SUPERVISOR_PROMPT = `你是 API 安全测试的**赛博监工**，代号"P9"。
-## 职责
-1. **永不停止** - 任何线索都要追到底
-2. **自动化编排** - 不等待用户，主动推进
-3. **智能委派** - 识别任务类型，委派给最合适的子 agent
-4. **压力升级** - 遇到失败自动换方法 (L1-L4)
-## 可用子 Agent
-| 子 Agent | 职责 |
-|---------|------|
-| @api-probing-miner | 漏洞挖掘 |
-| @api-resource-specialist | 端点发现 |
-| @api-vuln-verifier | 漏洞验证 |
-## 可用工具
-| 工具 | 用途 |
-|------|------|
-| api_security_scan | 完整扫描 |
-| api_fuzz_test | 模糊测试 |
-| browser_collect | 浏览器采集 |
-| js_parse | JS分析 |
-| graphql_test | GraphQL测试 |
-| cloud_storage_test | 云存储测试 |
-| vuln_verify | 漏洞验证 |
-| sqli_test | SQL注入测试 |
-| idor_test | IDOR测试 |
-| auth_test | 认证测试
-## 工作流程
-1. 使用 browser_collect 采集端点
-2. 使用 js_parse 分析 JS 文件
-3. 使用 api_security_scan 进行全面扫描
-4. 使用特定工具进行针对性测试
-## 输出格式
-\`\`\`markdown
-## 安全测试报告
-### 目标
-- URL: {target}
-### 发现漏洞
-| 类型 | 端点 | 严重程度 |
-|------|------|---------|
-| SQL注入 | /api/user?id=1 | HIGH |
-\`\`\`
-`;
-const PROBING_MINER_PROMPT = `你是**API漏洞挖掘专家**，专注于发现和验证安全漏洞。
-## 职责
-1. **针对性测试** - 根据端点特征选择最佳测试方法
-2. **快速验证** - 确认漏洞存在
-3. **PoC 生成** - 提供可执行的测试命令
-## 测试方法库
-### SQL 注入
-- 布尔盲注: ' OR 1=1 --
-- 联合查询: ' UNION SELECT NULL--
-- 错误注入: ' AND 1=CONVERT(int,...)--
-- 时间盲注: '; WAITFOR DELAY '00:00:05'--
-### IDOR
-- 替换 ID: /api/user/1 → /api/user/2
-- 水平/垂直越权测试
-### JWT
-- 空算法: alg: none
-- 密钥混淆: HS256 → HS512`;
-const RESOURCE_SPECIALIST_PROMPT = `你是**API资源探测专家**，专注于发现和采集 API 端点。
-## 职责
-1. **全面发现** - 不遗漏任何端点
-2. **动态采集** - 拦截真实请求
-3. **静态分析** - 提取 API 模式
-## 采集技术
-### 1. 浏览器动态采集
-使用 browser_collect 拦截 XHR/Fetch 请求
-### 2. JS 静态分析
-使用 js_parse 解析 JS 文件
-### 3. 目录探测
-常见路径: /api/v1/*, /graphql, /swagger, /.well-known/*
-## 端点分类
-| 风险 | 类型 | 示例 |
-|------|------|------|
-| 高 | 认证 | /login, /oauth/* |
-| 高 | 数据 | /api/*/list |
-| 中 | 用户 | /users, /profile |
-| 极高 | 管理 | /admin, /manage`;
-const VULN_VERIFIER_PROMPT = `你是**漏洞验证专家**，专注于验证和确认安全漏洞。
-## 职责
-1. **快速验证** - 确认漏洞是否存在
-2. **风险评估** - 判断实际影响
-3. **PoC 生成** - 提供可执行的证明
-## 验证流程
-1. 构造 payload
-2. 发送测试请求
-3. 分析响应
-4. 判断结果
-5. 生成 PoC`;
 const ApiSecurityTestingPlugin: Plugin = async (ctx) => {
-  console.log("[api-security-testing] Plugin loaded, version: 3.0.2");
   return {
     tool: {
       api_security_scan: tool({
-        description: "完整 API 安全扫描。参数: target(目标URL), scan_type(full/quick/targeted)",
+        description: "完整 API 安全扫描",
         args: {
           target: tool.schema.string(),
           scan_type: tool.schema.enum(["full", "quick", "targeted"]).optional(),
         },
         async execute(args, ctx) {
+          const corePath = getCorePath(ctx.directory);
           const script = `
 import sys
-sys.path.insert(0, '${getCorePath(ctx)}')
-from deep_api_tester_v55 import DeepAPITesterV55
-tester = DeepAPITesterV55(target='${args.target}', headless=True)
-results = tester.run_test()
-print(results)
+sys.path.insert(0, '${corePath}')
+try:
+    from deep_api_tester_v55 import DeepAPITesterV55
+    tester = DeepAPITesterV55(target='${args.target}', headless=True)
+    print(tester.run_test())
+except Exception as e:
+    print(f"Error: {e}")
 `;
-          return await execPython(ctx, script, 120);
+          const result = await ctx.$`python3 -c ${script}`;
+          return result.toString();
         },
       }),
       api_fuzz_test: tool({
-        description: "API 模糊测试。参数: endpoint(端点URL), method(HTTP方法)",
+        description: "API 模糊测试",
         args: {
           endpoint: tool.schema.string(),
           method: tool.schema.enum(["GET", "POST", "PUT", "DELETE", "PATCH"]).optional(),
         },
         async execute(args, ctx) {
+          const corePath = getCorePath(ctx.directory);
           const script = `
 import sys
-sys.path.insert(0, '${getCorePath(ctx)}')
-from api_fuzzer import APIFuzzer
-fuzzer = APIFuzzer('${args.endpoint}')
-results = fuzzer.fuzz(method='${args.method || 'GET'}')
-print(results)
+sys.path.insert(0, '${corePath}')
+try:
+    from api_fuzzer import APIFuzzer
+    fuzzer = APIFuzzer('${args.endpoint}')
+    print(fuzzer.fuzz(method='${args.method || "GET"}'))
+except Exception as e:
+    print(f"Error: {e}")
 `;
-          return await execPython(ctx, script, 60);
+          const result = await ctx.$`python3 -c ${script}`;
+          return result.toString();
         },
       }),
       vuln_verify: tool({
-        description: "漏洞验证。参数: vuln_type(漏洞类型), endpoint(端点)",
+        description: "漏洞验证",
         args: {
           vuln_type: tool.schema.string(),
           endpoint: tool.schema.string(),
         },
         async execute(args, ctx) {
+          const corePath = getCorePath(ctx.directory);
           const script = `
 import sys
-sys.path.insert(0, '${getCorePath(ctx)}')
-from verifiers.vuln_verifier import VulnVerifier
-verifier = VulnVerifier()
-result = verifier.verify('${args.vuln_type}', '${args.endpoint}')
-print(result)
+sys.path.insert(0, '${corePath}')
+try:
+    from verifiers.vuln_verifier import VulnVerifier
+    verifier = VulnVerifier()
+    print(verifier.verify('${args.vuln_type}', '${args.endpoint}'))
+except Exception as e:
+    print(f"Error: {e}")
 `;
-          return await execPython(ctx, script, 30);
+          const result = await ctx.$`python3 -c ${script}`;
+          return result.toString();
         },
       }),
       browser_collect: tool({
-        description: "浏览器采集动态内容。参数: url(目标URL)",
+        description: "浏览器采集动态内容",
         args: {
           url: tool.schema.string(),
         },
         async execute(args, ctx) {
+          const corePath = getCorePath(ctx.directory);
           const script = `
 import sys
-sys.path.insert(0, '${getCorePath(ctx)}')
-from collectors.browser_collect import BrowserCollector
-collector = BrowserCollector(headless=True)
-endpoints = collector.collect('${args.url}')
-print(f'发现 {len(endpoints)} 个端点:')
-for ep in endpoints:
-    print(ep)
-`;
-          return await execPython(ctx, script, 90);
-        },
-      }),
-      js_parse: tool({
-        description: "解析 JavaScript 文件。参数: file_path(文件路径)",
-        args: {
-          file_path: tool.schema.string(),
-        },
-        async execute(args, ctx) {
-          const script = `
-import sys
-sys.path.insert(0, '${getCorePath(ctx)}')
-from collectors.js_parser import JSParser
-parser = JSParser()
-endpoints = parser.parse_file('${args.file_path}')
-print(f'从 JS 发现 {len(endpoints)} 个端点')
+sys.path.insert(0, '${corePath}')
+try:
+    from collectors.browser_collect import BrowserCollector
+    collector = BrowserCollector(headless=True)
+    endpoints = collector.collect('${args.url}')
+    print(f'发现 {len(endpoints)} 个端点')
+    for ep in endpoints:
+        print(ep)
+except Exception as e:
+    print(f"Error: {e}")
 `;
-          return await execPython(ctx, script, 30);
+          const result = await ctx.$`python3 -c ${script}`;
+          return result.toString();
         },
       }),
       graphql_test: tool({
-        description: "GraphQL 安全测试。参数: endpoint(GraphQL端点)",
+        description: "GraphQL 安全测试",
         args: {
           endpoint: tool.schema.string(),
         },
         async execute(args, ctx) {
+          const corePath = getCorePath(ctx.directory);
           const script = `
 import sys
-sys.path.insert(0, '${getCorePath(ctx)}')
-from smart_analyzer import SmartAnalyzer
-analyzer = SmartAnalyzer()
-result = analyzer.graphql_test('${args.endpoint}')
-print(result)
+sys.path.insert(0, '${corePath}')
+try:
+    from smart_analyzer import SmartAnalyzer
+    analyzer = SmartAnalyzer()
+    print(analyzer.graphql_test('${args.endpoint}'))
+except Exception as e:
+    print(f"Error: {e}")
 `;
-          return await execPython(ctx, script, 60);
-        },
-      }),
-      cloud_storage_test: tool({
-        description: "云存储安全测试。参数: bucket_url(存储桶URL)",
-        args: {
-          bucket_url: tool.schema.string(),
-        },
-        async execute(args, ctx) {
-          const script = `
-import sys
-sys.path.insert(0, '${getCorePath(ctx)}')
-from cloud_storage_tester import CloudStorageTester
-tester = CloudStorageTester()
-result = tester.full_test('${args.bucket_url}')
-print(result)
-`;
-          return await execPython(ctx, script, 60);
-        },
-      }),
-      idor_test: tool({
-        description: "IDOR 越权测试。参数: endpoint, resource_id",
-        args: {
-          endpoint: tool.schema.string(),
-          resource_id: tool.schema.string(),
-        },
-        async execute(args, ctx) {
-          const script = `
-import sys
-sys.path.insert(0, '${getCorePath(ctx)}')
-from testers.idor_tester import IDORTester
-tester = IDORTester()
-result = tester.test('${args.endpoint}', '${args.resource_id}')
-print(result)
-`;
-          return await execPython(ctx, script, 30);
+          const result = await ctx.$`python3 -c ${script}`;
+          return result.toString();
         },
       }),
       sqli_test: tool({
-        description: "SQL 注入测试。参数: endpoint, param",
+        description: "SQL 注入测试",
         args: {
           endpoint: tool.schema.string(),
           param: tool.schema.string(),
         },
         async execute(args, ctx) {
+          const corePath = getCorePath(ctx.directory);
           const script = `
 import sys
-sys.path.insert(0, '${getCorePath(ctx)}')
-from testers.sqli_tester import SQLiTester
-tester = SQLiTester()
-result = tester.test('${args.endpoint}', '${args.param}')
-print(result)
+sys.path.insert(0, '${corePath}')
+try:
+    from testers.sqli_tester import SQLiTester
+    tester = SQLiTester()
+    print(tester.test('${args.endpoint}', '${args.param}'))
+except Exception as e:
+    print(f"Error: {e}")
 `;
-          return await execPython(ctx, script, 30);
+          const result = await ctx.$`python3 -c ${script}`;
+          return result.toString();
         },
       }),
-      auth_test: tool({
-        description: "认证安全测试。参数: endpoint",
+      idor_test: tool({
+        description: "IDOR 越权测试",
         args: {
           endpoint: tool.schema.string(),
+          resource_id: tool.schema.string(),
         },
         async execute(args, ctx) {
+          const corePath = getCorePath(ctx.directory);
           const script = `
 import sys
-sys.path.insert(0, '${getCorePath(ctx)}')
-from testers.auth_tester import AuthTester
-tester = AuthTester()
-result = tester.test('${args.endpoint}')
-print(result)
+sys.path.insert(0, '${corePath}')
+try:
+    from testers.idor_tester import IDORTester
+    tester = IDORTester()
+    print(tester.test('${args.endpoint}', '${args.resource_id}'))
+except Exception as e:
+    print(f"Error: {e}")
 `;
-          return await execPython(ctx, script, 30);
+          const result = await ctx.$`python3 -c ${script}`;
+          return result.toString();
         },
       }),
     },
-    config: async (config) => {
-      if (!config.agent) {
-        config.agent = {};
-      }
-      const agents = config.agent as Record<string, AgentConfig>;
-      agents["api-cyber-supervisor"] = {
-        description: "API安全测试编排者。协调完整扫描流程，永不停止。",
-        mode: "primary",
-        prompt: CYBER_SUPERVISOR_PROMPT,
-      };
-      agents["api-probing-miner"] = {
-        description: "漏洞挖掘专家。专注发现和验证 API 漏洞。",
-        mode: "subagent",
-        prompt: PROBING_MINER_PROMPT,
-      };
-      agents["api-resource-specialist"] = {
-        description: "资源探测专家。专注采集和发现 API 端点。",
-        mode: "subagent",
-        prompt: RESOURCE_SPECIALIST_PROMPT,
-      };
-      agents["api-vuln-verifier"] = {
-        description: "漏洞验证专家。验证和确认安全漏洞。",
-        mode: "subagent",
-        prompt: VULN_VERIFIER_PROMPT,
-      };
-      console.log("[api-security-testing] Agents registered:", Object.keys(agents));
-    },
   };
 };

package/examples/basic-usage.md DELETED Viewed

@@ -1,127 +0,0 @@
-# API Security Testing Examples
-## 快速开始
-### 1. 基础扫描
-```
-@api-cyber-supervisor 对 https://example.com 进行全面安全扫描
-```
-### 2. 针对特定端点扫描
-```
-@api-cyber-supervisor 扫描 https://api.example.com/v1 端点
-```
-### 3. 使用工具直接扫描
-```
-api_security_scan target="https://api.example.com" scan_type="full"
-```
----
-## 工具使用示例
-### 浏览器采集
-```
-browser_collect url="https://example.com"
-```
-### SQL 注入测试
-```
-sqli_test endpoint="https://api.example.com/user?id=1" param="id"
-```
-### IDOR 测试
-```
-idor_test endpoint="https://api.example.com/user/1" resource_id="1"
-```
-### GraphQL 测试
-```
-graphql_test endpoint="https://api.example.com/graphql"
-```
-### 云存储测试
-```
-cloud_storage_test bucket_url="https://bucket.s3.amazonaws.com"
-```
----
-## Agent 委派示例
-### 使用 Cyber Supervisor
-```
-@api-cyber-supervisor
-对 https://api.example.com 进行完整的安全测试
-包含以下漏洞测试：
-- SQL 注入
-- IDOR 越权
-- JWT 安全
-- 敏感数据泄露
-```
-### 使用资源探测专家
-```
-@api-resource-specialist
-发现 https://example.com 的所有 API 端点
-重点关注：
-- 认证相关端点
-- 用户数据端点
-- 支付相关端点
-```
-### 使用漏洞挖掘专家
-```
-@api-probing-miner
-针对发现的端点进行漏洞挖掘
-优先测试：
-- SQL 注入
-- XSS
-- IDOR
-```
-### 使用漏洞验证专家
-```
-@api-vuln-verifier
-验证以下漏洞：
-- 类型: SQL 注入
-- 端点: https://api.example.com/user?id=1
-```
----
-## 报告输出示例
-当扫描完成时，会输出类似以下的报告：
-```markdown
-## 安全测试报告
-### 目标信息
-- URL: https://api.example.com
-- 端点总数: 42
-- 发现漏洞: 5
-### 漏洞详情
-| # | 类型 | 端点 | 严重程度 |
-|---|------|------|---------|
-| 1 | SQL注入 | /api/user?id=1 | HIGH |
-| 2 | IDOR | /api/user/:id | MEDIUM |
-| 3 | 敏感数据 | /api/config | LOW |
-### PoC
-curl "https://api.example.com/api/user?id=1'%20OR%201=1--"
-```

package/postinstall.mjs DELETED Viewed

@@ -1,130 +0,0 @@
-#!/usr/bin/env node
-/**
- * postinstall.mjs - API Security Testing Plugin
- *
- * Installs:
- * 1. Agents to ~/.config/opencode/agents/
- * 2. Skill (SKILL.md) to ~/.config/opencode/skills/api-security-testing/
- * 3. References to ~/.config/opencode/skills/api-security-testing/
- */
-import { copyFileSync, existsSync, mkdirSync, readdirSync } from "node:fs";
-import { join, dirname } from "node:path";
-import { fileURLToPath } from "node:url";
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-function getOpencodeBaseDir() {
-  const home = process.env.HOME || process.env.USERPROFILE || "/root";
-  return join(home, ".config", "opencode");
-}
-function main() {
-  const packageRoot = __dirname;
-  const agentsSourceDir = join(packageRoot, "agents");
-  const agentsTargetDir = join(getOpencodeBaseDir(), "agents");
-  const skillTargetDir = join(getOpencodeBaseDir(), "skills", "api-security-testing");
-  console.log("[api-security-testing] Installing...");
-  console.log(`  Package root: ${packageRoot}`);
-  console.log(`  Target base: ${getOpencodeBaseDir()}`);
-  let successCount = 0;
-  let totalFiles = 0;
-  // 1. Install agents
-  console.log("\n[1/3] Installing agents...");
-  if (existsSync(agentsSourceDir)) {
-    const agentFiles = readdirSync(agentsSourceDir).filter(f => f.endsWith(".md"));
-    totalFiles += agentFiles.length;
-    if (!existsSync(agentsTargetDir)) {
-      mkdirSync(agentsTargetDir, { recursive: true });
-    }
-    for (const file of agentFiles) {
-      const sourcePath = join(agentsSourceDir, file);
-      const targetPath = join(agentsTargetDir, file);
-      try {
-        copyFileSync(sourcePath, targetPath);
-        console.log(`  ✓ Installed agent: ${file}`);
-        successCount++;
-      } catch (err) {
-        console.error(`  ✗ Failed: ${file} - ${err.message}`);
-      }
-    }
-  } else {
-    console.error("  ✗ agents/ directory not found");
-  }
-  // 2. Install SKILL.md
-  console.log("\n[2/3] Installing skill...");
-  const skillSource = join(packageRoot, "SKILL.md");
-  const skillTarget = join(skillTargetDir, "SKILL.md");
-  totalFiles++;
-  if (existsSync(skillSource)) {
-    if (!existsSync(skillTargetDir)) {
-      mkdirSync(skillTargetDir, { recursive: true });
-    }
-    try {
-      copyFileSync(skillSource, skillTarget);
-      console.log(`  ✓ Installed: SKILL.md`);
-      successCount++;
-    } catch (err) {
-      console.error(`  ✗ Failed: SKILL.md - ${err.message}`);
-    }
-  } else {
-    console.error("  ✗ SKILL.md not found");
-  }
-  // 3. Install references
-  console.log("\n[3/3] Installing references...");
-  const refsSourceDir = join(packageRoot, "references");
-  const refsTargetDir = join(skillTargetDir, "references");
-  if (existsSync(refsSourceDir)) {
-    if (!existsSync(refsTargetDir)) {
-      mkdirSync(refsTargetDir, { recursive: true });
-    }
-    const refFiles = readdirSync(refsSourceDir, { recursive: true }).filter(f => typeof f === "string");
-    totalFiles += refFiles.length;
-    for (const file of refFiles) {
-      const sourcePath = join(refsSourceDir, file);
-      const targetPath = join(refsTargetDir, file);
-      const targetFileDir = join(refsTargetDir, file).replace(/\/[^\/]+$/, "");
-      if (!existsSync(targetFileDir)) {
-        mkdirSync(targetFileDir, { recursive: true });
-      }
-      try {
-        copyFileSync(sourcePath, targetPath);
-        console.log(`  ✓ Installed: references/${file}`);
-        successCount++;
-      } catch (err) {
-        console.error(`  ✗ Failed: references/${file} - ${err.message}`);
-      }
-    }
-  } else {
-    console.log("  (references/ not found, skipping)");
-  }
-  // Summary
-  console.log("\n========================================");
-  if (successCount === totalFiles) {
-    console.log(`✓ Successfully installed ${successCount} file(s)`);
-    console.log(`\nAgent location: ${agentsTargetDir}`);
-    console.log(`Skill location: ${skillTargetDir}`);
-    console.log("\nTo use:");
-    console.log("  @api-cyber-supervisor  - Start security testing");
-    console.log("  skill({ name: \"api-security-testing\" })  - Load skill");
-  } else {
-    console.log(`⚠ Partially installed: ${successCount}/${totalFiles}`);
-    process.exit(1);
-  }
-}
-main();

package/preuninstall.mjs DELETED Viewed

@@ -1,89 +0,0 @@
-#!/usr/bin/env node
-/**
- * preuninstall.mjs - API Security Testing Plugin
- *
- * Removes installed files when the package is uninstalled.
- */
-import { existsSync, mkdirSync, readdirSync, rmSync } from "node:fs";
-import { join, dirname } from "node:path";
-import { fileURLToPath } from "node:url";
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-function getOpencodeBaseDir() {
-  const home = process.env.HOME || process.env.USERPROFILE || "/root";
-  return join(home, ".config", "opencode");
-}
-function deleteFile(filePath) {
-  try {
-    if (existsSync(filePath)) {
-      rmSync(filePath);
-      console.log(`  ✓ Removed: ${filePath}`);
-      return true;
-    }
-  } catch (err) {
-    console.error(`  ✗ Failed to remove: ${filePath} - ${err.message}`);
-  }
-  return false;
-}
-function deleteDirectory(dirPath) {
-  try {
-    if (existsSync(dirPath)) {
-      rmSync(dirPath, { recursive: true });
-      console.log(`  ✓ Removed directory: ${dirPath}`);
-      return true;
-    }
-  } catch (err) {
-    console.error(`  ✗ Failed to remove directory: ${dirPath} - ${err.message}`);
-  }
-  return false;
-}
-function main() {
-  const baseDir = getOpencodeBaseDir();
-  const agentsDir = join(baseDir, "agents");
-  const skillDir = join(baseDir, "skills", "api-security-testing");
-  console.log("[api-security-testing] Uninstalling...");
-  console.log(`  Base directory: ${baseDir}`);
-  let removedCount = 0;
-  let totalCount = 0;
-  // 1. Remove agent files
-  console.log("\n[1/2] Removing agents...");
-  if (existsSync(agentsDir)) {
-    const agentFiles = readdirSync(agentsDir).filter(f => f.endsWith(".md"));
-    totalCount += agentFiles.length;
-    for (const file of agentFiles) {
-      const filePath = join(agentsDir, file);
-      // Only remove our agents (prefix with our plugin name)
-      if (file.startsWith("api-")) {
-        if (deleteFile(filePath)) removedCount++;
-      } else {
-        console.log(`  - Skipped (not our agent): ${file}`);
-      }
-    }
-  }
-  // 2. Remove skill directory
-  console.log("\n[2/2] Removing skill...");
-  if (existsSync(skillDir)) {
-    if (deleteDirectory(skillDir)) {
-      removedCount++;
-    }
-  }
-  // Summary
-  console.log("\n========================================");
-  console.log(`Uninstall complete.`);
-  console.log("\nNote: If you reinstall the package, the postinstall script will re-install the files.");
-}
-main();