npm - promptgraph-mcp - Versions diffs - 1.7.0 → 1.8.0 - Mend

promptgraph-mcp 1.7.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/index.js CHANGED Viewed

@@ -12,7 +12,7 @@ const args = process.argv.slice(2);
 const rawBin = process.argv[1]?.split(/[\\/]/).pop()?.replace(/\.js$/, '');
 const bin = (rawBin && rawBin !== 'index') ? rawBin : 'pg';
-const KNOWN_COMMANDS = new Set(['init', 'reindex', 'import', 'setup', 'validate', 'marketplace', 'doctor', 'search', 'help', '--help', '-h']);
+const KNOWN_COMMANDS = new Set(['init', 'reindex', 'update', 'import', 'setup', 'validate', 'marketplace', 'doctor', 'search', 'help', '--help', '-h']);
 function showHelp() {
   console.log(
@@ -31,6 +31,7 @@ function showHelp() {
     ['marketplace [page]',  'Browse the community skill registry'],
     ['validate <file.md>',  'Validate a skill before publishing'],
     ['doctor',              'Clean orphaned chunks/edges/ratings'],
+    ['update',              'Update to the latest version from npm'],
     ['setup <platform>',    'Register MCP in platform config'],
     ['help',                'Show this help'],
   ];
@@ -309,6 +310,43 @@ if (args[0] === 'init') {
   process.exit(0);
 }
+if (args[0] === 'update') {
+  const { spawnSync } = await import('child_process');
+  const { createRequire } = await import('module');
+  const req = createRequire(import.meta.url);
+  const currentVersion = req('./package.json').version;
+  // Check latest version on npm
+  const spin = (await import('./cli.js')).spinner('Checking latest version...');
+  spin.start();
+  let latest = null;
+  try {
+    const r = spawnSync('npm', ['view', 'promptgraph-mcp', 'version'], { encoding: 'utf8' });
+    latest = r.stdout?.trim();
+  } catch {}
+  spin.stop();
+  if (!latest) { error('Could not reach npm registry. Check your network.'); process.exit(1); }
+  if (latest === currentVersion) {
+    success(`Already on latest version ${chalk.white.bold('v' + currentVersion)}`);
+    process.exit(0);
+  }
+  info(`Current: ${chalk.gray('v' + currentVersion)}  →  Latest: ${chalk.white.bold('v' + latest)}`);
+  const updateSpin = (await import('./cli.js')).spinner(`Installing promptgraph-mcp@${latest}...`);
+  updateSpin.start();
+  const result = spawnSync('npm', ['install', '-g', `promptgraph-mcp@${latest}`], { encoding: 'utf8', stdio: 'pipe' });
+  updateSpin.stop();
+  if (result.status !== 0) {
+    error('Update failed:');
+    console.log(chalk.gray(result.stderr || result.stdout));
+    process.exit(1);
+  }
+  success(`Updated to ${chalk.white.bold('v' + latest)}`);
+  process.exit(0);
+}
 if (args[0] === 'reindex') {
   const { indexAll } = await import('./indexer.js');
   await indexAll();

package/marketplace.js CHANGED Viewed

@@ -1,364 +1,370 @@
-import fs from 'fs';
-import path from 'path';
-import https from 'https';
-import { createHash } from 'crypto';
-import { spawnSync } from 'child_process';
-import { createRequire } from 'module';
-import { getDb } from './db.js';
-import { validateSkill, validateBundle } from './validator.js';
-import { loadConfig, saveConfig, PROMPTGRAPH_DIR, SKILLS_STORE_DIR } from './config.js';
-const REGISTRY_URL = 'https://raw.githubusercontent.com/NeiP4n/promptgraph-registry/main/registry.json';
-const SKILLS_DIR = path.join(SKILLS_STORE_DIR, 'marketplace');
-// Atomically write content to dest via tmp — cleans up on failure
-function writeSkillAtomic(dest, content) {
-  const tmpPath = dest + '.tmp';
-  try {
-    fs.writeFileSync(tmpPath, content);
-    const v = validateSkill(tmpPath);
-    if (!v.ok) { fs.unlinkSync(tmpPath); return v; }
-    fs.renameSync(tmpPath, dest);
-    return { ok: true };
-  } catch (e) {
-    try { fs.unlinkSync(tmpPath); } catch {}
-    return { ok: false, errors: [e.message] };
-  }
-}
-// Convert GitHub blob URL → raw URL
-// https://github.com/owner/repo/blob/branch/path/file.md
-// → https://raw.githubusercontent.com/owner/repo/branch/path/file.md
-function githubToRaw(url) {
-  const m = url.match(/^https?:\/\/github\.com\/([^/]+\/[^/]+)\/blob\/(.+)$/);
-  if (m) return `https://raw.githubusercontent.com/${m[1]}/${m[2]}`;
-  return null; // already raw or not a github URL
-}
-const _require = createRequire(import.meta.url);
-const PKG_VERSION = (() => { try { return _require('./package.json').version; } catch { return '1.x'; } })();
-const UA = `promptgraph-mcp/${PKG_VERSION}`;
-// Deterministic short code from an id. Same id always yields the same code,
-// so codes auto-generate — no need to assign them by hand.
-export function codeFor(id) {
-  return 'pg-' + createHash('md5').update(String(id)).digest('hex').slice(0, 6);
-}
-// node:https GET — reliable and fast on Windows (undici fetch can hang ~10s there).
-function httpGet(url) {
-  return new Promise((resolve, reject) => {
-    const req = https.get(url, { headers: { 'User-Agent': UA }, timeout: 8000, family: 4 }, (res) => {
-      if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
-        return httpGet(res.headers.location).then(resolve, reject);
-      }
-      if (res.statusCode !== 200) {
-        res.resume();
-        return reject(new Error(`HTTP ${res.statusCode}`));
-      }
-      let data = '';
-      res.setEncoding('utf8');
-      res.on('data', c => data += c);
-      res.on('end', () => resolve(data));
-    });
-    req.on('timeout', () => { req.destroy(new Error('request timed out')); });
-    req.on('error', reject);
-  });
-}
-// Primary path is httpGet (fast/reliable on Windows); undici fetch only as fallback.
-async function rawFetch(url) {
-  try {
-    return await httpGet(url);
-  } catch {
-    const res = await fetch(url, { headers: { 'User-Agent': UA } });
-    if (!res.ok) throw new Error(`HTTP ${res.status}`);
-    return await res.text();
-  }
-}
-// Disk cache for the registry (network to GitHub raw can be slow on some networks).
-const CACHE_TTL = 5 * 60 * 1000; // 5 minutes
-async function fetchText(url) {
-  const cacheFile = path.join(PROMPTGRAPH_DIR, 'registry-cache.json');
-  const isRegistry = url === REGISTRY_URL;
-  if (isRegistry && fs.existsSync(cacheFile)) {
-    try {
-      const stat = fs.statSync(cacheFile);
-      if (Date.now() - stat.mtimeMs < CACHE_TTL) {
-        return fs.readFileSync(cacheFile, 'utf8');
-      }
-    } catch {}
-  }
-  const text = await rawFetch(url);
-  if (isRegistry) {
-    try {
-      fs.mkdirSync(PROMPTGRAPH_DIR, { recursive: true });
-      fs.writeFileSync(cacheFile, text);
-    } catch {}
-  }
-  return text;
-}
-export async function browseMarketplace(topK = 20) {
-  try {
-    const text = await fetchText(REGISTRY_URL);
-    const registry = JSON.parse(text);
-    if (!Array.isArray(registry.skills)) return { error: 'Invalid registry format' };
-    return registry.skills
-      .map(s => ({ ...s, code: s.code || codeFor(s.id) })) // auto-fill code
-      .sort((a, b) => (b.stars || 0) - (a.stars || 0))
-      .slice(0, topK);
-  } catch (e) {
-    return { error: `Registry unavailable: ${e.message}` };
-  }
-}
-export async function installSkillFromUrl(url) {
-  try {
-    const rawUrl = githubToRaw(url) || url;
-    const content = await fetchText(rawUrl);
-    fs.mkdirSync(SKILLS_DIR, { recursive: true });
-    ensureMarketplaceSource();
-    // derive filename from URL
-    const urlName = rawUrl.split('/').pop().replace(/[^a-z0-9-_.]/gi, '-');
-    const dest = path.join(SKILLS_DIR, urlName.endsWith('.md') ? urlName : urlName + '.md');
-    const v = writeSkillAtomic(dest, content);
-    if (!v.ok) return { error: 'Downloaded skill failed validation', issues: v.errors };
-    return { success: true, path: dest, url: rawUrl };
-  } catch (e) {
-    return { error: e.message };
-  }
-}
-export async function installSkill(query) {
-  try {
-    // GitHub URL or raw URL → direct install
-    if (query.startsWith('http://') || query.startsWith('https://')) {
-      return installSkillFromUrl(query);
-    }
-    const text = await fetchText(REGISTRY_URL);
-    const registry = JSON.parse(text);
-    const q = String(query).trim().toLowerCase();
-    // match by code (stored OR auto-generated), id, or name
-    const skill = registry.skills?.find(s =>
-      (s.code || codeFor(s.id)).toLowerCase() === q ||
-      s.id?.toLowerCase() === q ||
-      s.name?.toLowerCase() === q
-    );
-    if (!skill) {
-      const bundle = (registry.bundles || []).find(b =>
-        (b.code || codeFor(b.id)).toLowerCase() === q || b.id?.toLowerCase() === q
-      );
-      if (bundle) return { error: `"${query}" is a bundle. Use pg_bundle_install("${bundle.id}") instead.` };
-      return { error: `No skill matching "${query}" (try a code, id, name, or GitHub URL)` };
-    }
-    if (!skill.raw_url) return { error: `Skill "${skill.id}" has no download URL` };
-    const skillId = skill.id;
-    fs.mkdirSync(SKILLS_DIR, { recursive: true });
-    ensureMarketplaceSource();
-    const dest = path.join(SKILLS_DIR, `${skillId}.md`);
-    const content = await fetchText(skill.raw_url);
-    const v = writeSkillAtomic(dest, content);
-    if (!v.ok) return { error: 'Downloaded skill failed validation', issues: v.errors };
-    return { success: true, path: dest, name: skill.name };
-  } catch (e) {
-    return { error: e.message };
-  }
-}
-export async function browseBundles(topK = 20) {
-  try {
-    const text = await fetchText(REGISTRY_URL);
-    const registry = JSON.parse(text);
-    const bundles = registry.bundles || [];
-    return bundles
-      .map(b => ({ ...b, code: b.code || codeFor(b.id) }))
-      .sort((a, b) => (b.stars || 0) - (a.stars || 0))
-      .slice(0, topK);
-  } catch (e) {
-    return { error: `Registry unavailable: ${e.message}` };
-  }
-}
-// Ensure marketplace has its own source entry (separate from skills-store)
-// so marketplace skills never collide with local skills of the same name.
-function ensureMarketplaceSource() {
-  const config = loadConfig();
-  if (!config.sources.find(s => s.source === 'marketplace')) {
-    config.sources.push({ dir: SKILLS_DIR, source: 'marketplace' });
-    saveConfig(config);
-  }
-}
-export async function installBundle(bundleId) {
-  try {
-    const text = await fetchText(REGISTRY_URL);
-    const registry = JSON.parse(text);
-    const q = String(bundleId).trim().toLowerCase();
-    const bundle = (registry.bundles || []).find(b =>
-      (b.code || codeFor(b.id)).toLowerCase() === q || b.id?.toLowerCase() === q || b.name?.toLowerCase() === q
-    );
-    if (!bundle) return { error: `No bundle matching "${bundleId}"` };
-    fs.mkdirSync(SKILLS_DIR, { recursive: true });
-    ensureMarketplaceSource();
-    const installed = [];
-    const failed = [];
-    const delay = (ms) => new Promise(r => setTimeout(r, ms));
-    for (const skillId of bundle.skills || []) {
-      const skill = registry.skills?.find(s => s.id === skillId);
-      if (!skill?.raw_url) { failed.push(skillId); continue; }
-      try {
-        if (installed.length > 0) await delay(300); // rate limit: 300ms between requests
-        const content = await fetchText(skill.raw_url);
-        const dest = path.join(SKILLS_DIR, `${skillId}.md`);
-        const v = writeSkillAtomic(dest, content);
-        if (!v.ok) { failed.push(skillId); continue; }
-        installed.push(skillId);
-      } catch {
-        failed.push(skillId);
-      }
-    }
-    return { success: true, bundle: bundle.name, installed, failed, dir: SKILLS_DIR };
-  } catch (e) {
-    return { error: e.message };
-  }
-}
-function ghPublish(filePath, desc) {
-  try {
-    const result = spawnSync('gh', ['gist', 'create', filePath, '--desc', desc, '--public'], { encoding: 'utf8' });
-    if (result.error?.code === 'ENOENT') return { ok: false, no_gh: true };
-    if (result.status !== 0) return { ok: false, error: result.stderr?.trim() || 'gh CLI error — run: gh auth login' };
-    return { ok: true, url: result.stdout.trim() };
-  } catch {
-    return { ok: false, no_gh: true };
-  }
-}
-const REGISTRY_ISSUES = 'https://github.com/NeiP4n/promptgraph-registry/issues/new';
-export async function publishSkill(filePath) {
-  if (!fs.existsSync(filePath)) return { error: `File not found: ${filePath}` };
-  const validation = validateSkill(filePath);
-  if (!validation.ok) {
-    return { error: 'Validation failed', issues: validation.errors, warnings: validation.warnings };
-  }
-  const name = path.basename(filePath, '.md');
-  const gh = ghPublish(filePath, `PromptGraph skill: ${name}`);
-  if (gh.no_gh) {
-    const content = fs.readFileSync(filePath, 'utf8');
-    return {
-      success: true,
-      gh_not_installed: true,
-      instructions: [
-        '1. Install gh CLI: https://cli.github.com',
-        '   OR manually create a public Gist at https://gist.github.com with the file content',
-        `2. Submit to registry: ${REGISTRY_ISSUES}`,
-        `3. Paste the Gist URL in the issue`,
-      ].join('\n'),
-      file_content: content,
-    };
-  }
-  if (!gh.ok) return { error: gh.error };
-  return { success: true, url: gh.url, message: `Published! Submit to registry: ${REGISTRY_ISSUES}` };
-}
-export async function publishBundle(bundleDef) {
-  // bundleDef: { id, name, description, skills: [...], tags: [...] }
-  // OR a path to a .json file
-  let def = bundleDef;
-  if (typeof bundleDef === 'string') {
-    if (!fs.existsSync(bundleDef)) return { error: `File not found: ${bundleDef}` };
-    try { def = JSON.parse(fs.readFileSync(bundleDef, 'utf8')); }
-    catch (e) { return { error: `Invalid JSON: ${e.message}` }; }
-  }
-  const validation = validateBundle(def);
-  if (!validation.ok) {
-    return { error: 'Bundle validation failed', issues: validation.errors, warnings: validation.warnings };
-  }
-  const bundleJson = JSON.stringify(def, null, 2);
-  const tmpFile = path.join(PROMPTGRAPH_DIR, `bundle-${def.id}.json`);
-  fs.mkdirSync(PROMPTGRAPH_DIR, { recursive: true });
-  fs.writeFileSync(tmpFile, bundleJson);
-  const gh = ghPublish(tmpFile, `PromptGraph bundle: ${def.name}`);
-  try { fs.unlinkSync(tmpFile); } catch {}
-  if (gh.no_gh) {
-    const issueUrl = `${REGISTRY_ISSUES}?title=Bundle%3A+${encodeURIComponent(def.name)}&body=${encodeURIComponent('Bundle definition:\n\n```json\n' + bundleJson + '\n```')}`;
-    return {
-      success: true,
-      gh_not_installed: true,
-      instructions: [
-        '1. Install gh CLI: https://cli.github.com',
-        `   OR open this pre-filled issue directly: ${issueUrl}`,
-        '2. Paste the bundle JSON shown below into the issue body',
-      ].join('\n'),
-      bundle_json: bundleJson,
-      submit_url: issueUrl,
-    };
-  }
-  if (!gh.ok) return { error: gh.error };
-  const issueUrl = `${REGISTRY_ISSUES}?title=Bundle%3A+${encodeURIComponent(def.name)}&body=Gist%3A+${encodeURIComponent(gh.url)}`;
-  return { success: true, gist_url: gh.url, submit_url: issueUrl, message: `Bundle published! Submit: ${issueUrl}` };
-}
-export function getTopRated(topK = 10) {
-  const db = getDb();
-  return db.prepare(`
-    SELECT s.id, s.name, s.description, s.source,
-           r.uses, r.success, r.fail,
-           CASE WHEN (r.success + r.fail) > 0
-                THEN ROUND(CAST(r.success AS FLOAT) / (r.success + r.fail), 2)
-                ELSE NULL END as rating
-    FROM skills s
-    LEFT JOIN ratings r ON s.id = r.skill_id
-    WHERE (r.success + r.fail) >= 3
-    ORDER BY rating DESC, r.uses DESC
-    LIMIT ?
-  `).all(topK);
-}
-export function recordUse(skillId) {
-  const db = getDb();
-  db.prepare(`
-    INSERT INTO ratings (skill_id, uses, success, fail)
-    VALUES (?, 1, 0, 0)
-    ON CONFLICT(skill_id) DO UPDATE SET uses = uses + 1
-  `).run(skillId);
-}
-export function recordSuccess(skillId) {
-  const db = getDb();
-  db.prepare(`
-    INSERT INTO ratings (skill_id, uses, success, fail)
-    VALUES (?, 0, 1, 0)
-    ON CONFLICT(skill_id) DO UPDATE SET success = success + 1
-  `).run(skillId);
-}
-export function recordFail(skillId) {
-  const db = getDb();
-  db.prepare(`
-    INSERT INTO ratings (skill_id, uses, success, fail)
-    VALUES (?, 0, 0, 1)
-    ON CONFLICT(skill_id) DO UPDATE SET fail = fail + 1
-  `).run(skillId);
-}
+import fs from 'fs';
+import path from 'path';
+import https from 'https';
+import { createHash } from 'crypto';
+import { spawnSync } from 'child_process';
+import { createRequire } from 'module';
+import { getDb } from './db.js';
+import { validateSkill, validateBundle } from './validator.js';
+import { loadConfig, saveConfig, PROMPTGRAPH_DIR, SKILLS_STORE_DIR } from './config.js';
+import { importFromGitHub } from './github-import.js';
+const REGISTRY_URL = 'https://raw.githubusercontent.com/NeiP4n/promptgraph-registry/main/registry.json';
+const SKILLS_DIR = path.join(SKILLS_STORE_DIR, 'marketplace');
+// Atomically write content to dest via tmp — cleans up on failure
+function writeSkillAtomic(dest, content) {
+  const tmpPath = dest + '.tmp';
+  try {
+    fs.writeFileSync(tmpPath, content);
+    const v = validateSkill(tmpPath);
+    if (!v.ok) { fs.unlinkSync(tmpPath); return v; }
+    fs.renameSync(tmpPath, dest);
+    return { ok: true };
+  } catch (e) {
+    try { fs.unlinkSync(tmpPath); } catch {}
+    return { ok: false, errors: [e.message] };
+  }
+}
+// Convert GitHub blob URL → raw URL
+// https://github.com/owner/repo/blob/branch/path/file.md
+// → https://raw.githubusercontent.com/owner/repo/branch/path/file.md
+function githubToRaw(url) {
+  const m = url.match(/^https?:\/\/github\.com\/([^/]+\/[^/]+)\/blob\/(.+)$/);
+  if (m) return `https://raw.githubusercontent.com/${m[1]}/${m[2]}`;
+  return null; // already raw or not a github URL
+}
+const _require = createRequire(import.meta.url);
+const PKG_VERSION = (() => { try { return _require('./package.json').version; } catch { return '1.x'; } })();
+const UA = `promptgraph-mcp/${PKG_VERSION}`;
+// Deterministic short code from an id. Same id always yields the same code,
+// so codes auto-generate — no need to assign them by hand.
+export function codeFor(id) {
+  return 'pg-' + createHash('md5').update(String(id)).digest('hex').slice(0, 6);
+}
+// node:https GET — reliable and fast on Windows (undici fetch can hang ~10s there).
+function httpGet(url) {
+  return new Promise((resolve, reject) => {
+    const req = https.get(url, { headers: { 'User-Agent': UA }, timeout: 8000, family: 4 }, (res) => {
+      if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+        return httpGet(res.headers.location).then(resolve, reject);
+      }
+      if (res.statusCode !== 200) {
+        res.resume();
+        return reject(new Error(`HTTP ${res.statusCode}`));
+      }
+      let data = '';
+      res.setEncoding('utf8');
+      res.on('data', c => data += c);
+      res.on('end', () => resolve(data));
+    });
+    req.on('timeout', () => { req.destroy(new Error('request timed out')); });
+    req.on('error', reject);
+  });
+}
+// Primary path is httpGet (fast/reliable on Windows); undici fetch only as fallback.
+async function rawFetch(url) {
+  try {
+    return await httpGet(url);
+  } catch {
+    const res = await fetch(url, { headers: { 'User-Agent': UA } });
+    if (!res.ok) throw new Error(`HTTP ${res.status}`);
+    return await res.text();
+  }
+}
+// Disk cache for the registry (network to GitHub raw can be slow on some networks).
+const CACHE_TTL = 5 * 60 * 1000; // 5 minutes
+async function fetchText(url) {
+  const cacheFile = path.join(PROMPTGRAPH_DIR, 'registry-cache.json');
+  const isRegistry = url === REGISTRY_URL;
+  if (isRegistry && fs.existsSync(cacheFile)) {
+    try {
+      const stat = fs.statSync(cacheFile);
+      if (Date.now() - stat.mtimeMs < CACHE_TTL) {
+        return fs.readFileSync(cacheFile, 'utf8');
+      }
+    } catch {}
+  }
+  const text = await rawFetch(url);
+  if (isRegistry) {
+    try {
+      fs.mkdirSync(PROMPTGRAPH_DIR, { recursive: true });
+      fs.writeFileSync(cacheFile, text);
+    } catch {}
+  }
+  return text;
+}
+export async function browseMarketplace(topK = 20) {
+  try {
+    const text = await fetchText(REGISTRY_URL);
+    const registry = JSON.parse(text);
+    if (!Array.isArray(registry.skills)) return { error: 'Invalid registry format' };
+    return registry.skills
+      .map(s => ({ ...s, code: s.code || codeFor(s.id) })) // auto-fill code
+      .sort((a, b) => (b.stars || 0) - (a.stars || 0))
+      .slice(0, topK);
+  } catch (e) {
+    return { error: `Registry unavailable: ${e.message}` };
+  }
+}
+export async function installSkillFromUrl(url) {
+  try {
+    const rawUrl = githubToRaw(url) || url;
+    const content = await fetchText(rawUrl);
+    fs.mkdirSync(SKILLS_DIR, { recursive: true });
+    ensureMarketplaceSource();
+    // derive filename from URL
+    const urlName = rawUrl.split('/').pop().replace(/[^a-z0-9-_.]/gi, '-');
+    const dest = path.join(SKILLS_DIR, urlName.endsWith('.md') ? urlName : urlName + '.md');
+    const v = writeSkillAtomic(dest, content);
+    if (!v.ok) return { error: 'Downloaded skill failed validation', issues: v.errors };
+    return { success: true, path: dest, url: rawUrl };
+  } catch (e) {
+    return { error: e.message };
+  }
+}
+export async function installSkill(query) {
+  try {
+    // GitHub URL or raw URL → direct install
+    if (query.startsWith('http://') || query.startsWith('https://')) {
+      return installSkillFromUrl(query);
+    }
+    const text = await fetchText(REGISTRY_URL);
+    const registry = JSON.parse(text);
+    const q = String(query).trim().toLowerCase();
+    // match by code (stored OR auto-generated), id, or name
+    const skill = registry.skills?.find(s =>
+      (s.code || codeFor(s.id)).toLowerCase() === q ||
+      s.id?.toLowerCase() === q ||
+      s.name?.toLowerCase() === q
+    );
+    if (!skill) {
+      const bundle = (registry.bundles || []).find(b =>
+        (b.code || codeFor(b.id)).toLowerCase() === q || b.id?.toLowerCase() === q
+      );
+      if (bundle) return { error: `"${query}" is a bundle. Use pg_bundle_install("${bundle.id}") instead.` };
+      return { error: `No skill matching "${query}" (try a code, id, name, or GitHub URL)` };
+    }
+    if (!skill.raw_url) return { error: `Skill "${skill.id}" has no download URL` };
+    const skillId = skill.id;
+    fs.mkdirSync(SKILLS_DIR, { recursive: true });
+    ensureMarketplaceSource();
+    const dest = path.join(SKILLS_DIR, `${skillId}.md`);
+    const content = await fetchText(skill.raw_url);
+    const v = writeSkillAtomic(dest, content);
+    if (!v.ok) return { error: 'Downloaded skill failed validation', issues: v.errors };
+    return { success: true, path: dest, name: skill.name };
+  } catch (e) {
+    return { error: e.message };
+  }
+}
+export async function browseBundles(topK = 20) {
+  try {
+    const text = await fetchText(REGISTRY_URL);
+    const registry = JSON.parse(text);
+    const bundles = registry.bundles || [];
+    return bundles
+      .map(b => ({ ...b, code: b.code || codeFor(b.id) }))
+      .sort((a, b) => (b.stars || 0) - (a.stars || 0))
+      .slice(0, topK);
+  } catch (e) {
+    return { error: `Registry unavailable: ${e.message}` };
+  }
+}
+// Ensure marketplace has its own source entry (separate from skills-store)
+// so marketplace skills never collide with local skills of the same name.
+function ensureMarketplaceSource() {
+  const config = loadConfig();
+  if (!config.sources.find(s => s.source === 'marketplace')) {
+    config.sources.push({ dir: SKILLS_DIR, source: 'marketplace' });
+    saveConfig(config);
+  }
+}
+export async function installBundle(bundleId) {
+  try {
+    const text = await fetchText(REGISTRY_URL);
+    const registry = JSON.parse(text);
+    const q = String(bundleId).trim().toLowerCase();
+    const bundle = (registry.bundles || []).find(b =>
+      (b.code || codeFor(b.id)).toLowerCase() === q || b.id?.toLowerCase() === q || b.name?.toLowerCase() === q
+    );
+    if (!bundle) return { error: `No bundle matching "${bundleId}"` };
+    if (bundle.repo_url) {
+      await importFromGitHub(bundle.repo_url);
+      return { success: true, bundle: bundle.name, type: 'repo_import', repo_url: bundle.repo_url };
+    }
+    fs.mkdirSync(SKILLS_DIR, { recursive: true });
+    ensureMarketplaceSource();
+    const installed = [];
+    const failed = [];
+    const delay = (ms) => new Promise(r => setTimeout(r, ms));
+    for (const skillId of bundle.skills || []) {
+      const skill = registry.skills?.find(s => s.id === skillId);
+      if (!skill?.raw_url) { failed.push(skillId); continue; }
+      try {
+        if (installed.length > 0) await delay(300); // rate limit: 300ms between requests
+        const content = await fetchText(skill.raw_url);
+        const dest = path.join(SKILLS_DIR, `${skillId}.md`);
+        const v = writeSkillAtomic(dest, content);
+        if (!v.ok) { failed.push(skillId); continue; }
+        installed.push(skillId);
+      } catch {
+        failed.push(skillId);
+      }
+    }
+    return { success: true, bundle: bundle.name, installed, failed, dir: SKILLS_DIR };
+  } catch (e) {
+    return { error: e.message };
+  }
+}
+function ghPublish(filePath, desc) {
+  try {
+    const result = spawnSync('gh', ['gist', 'create', filePath, '--desc', desc, '--public'], { encoding: 'utf8' });
+    if (result.error?.code === 'ENOENT') return { ok: false, no_gh: true };
+    if (result.status !== 0) return { ok: false, error: result.stderr?.trim() || 'gh CLI error — run: gh auth login' };
+    return { ok: true, url: result.stdout.trim() };
+  } catch {
+    return { ok: false, no_gh: true };
+  }
+}
+const REGISTRY_ISSUES = 'https://github.com/NeiP4n/promptgraph-registry/issues/new';
+export async function publishSkill(filePath) {
+  if (!fs.existsSync(filePath)) return { error: `File not found: ${filePath}` };
+  const validation = validateSkill(filePath);
+  if (!validation.ok) {
+    return { error: 'Validation failed', issues: validation.errors, warnings: validation.warnings };
+  }
+  const name = path.basename(filePath, '.md');
+  const gh = ghPublish(filePath, `PromptGraph skill: ${name}`);
+  if (gh.no_gh) {
+    const content = fs.readFileSync(filePath, 'utf8');
+    return {
+      success: true,
+      gh_not_installed: true,
+      instructions: [
+        '1. Install gh CLI: https://cli.github.com',
+        '   OR manually create a public Gist at https://gist.github.com with the file content',
+        `2. Submit to registry: ${REGISTRY_ISSUES}`,
+        `3. Paste the Gist URL in the issue`,
+      ].join('\n'),
+      file_content: content,
+    };
+  }
+  if (!gh.ok) return { error: gh.error };
+  return { success: true, url: gh.url, message: `Published! Submit to registry: ${REGISTRY_ISSUES}` };
+}
+export async function publishBundle(bundleDef) {
+  // bundleDef: { id, name, description, skills: [...], tags: [...] }
+  // OR a path to a .json file
+  let def = bundleDef;
+  if (typeof bundleDef === 'string') {
+    if (!fs.existsSync(bundleDef)) return { error: `File not found: ${bundleDef}` };
+    try { def = JSON.parse(fs.readFileSync(bundleDef, 'utf8')); }
+    catch (e) { return { error: `Invalid JSON: ${e.message}` }; }
+  }
+  const validation = validateBundle(def);
+  if (!validation.ok) {
+    return { error: 'Bundle validation failed', issues: validation.errors, warnings: validation.warnings };
+  }
+  const bundleJson = JSON.stringify(def, null, 2);
+  const tmpFile = path.join(PROMPTGRAPH_DIR, `bundle-${def.id}.json`);
+  fs.mkdirSync(PROMPTGRAPH_DIR, { recursive: true });
+  fs.writeFileSync(tmpFile, bundleJson);
+  const gh = ghPublish(tmpFile, `PromptGraph bundle: ${def.name}`);
+  try { fs.unlinkSync(tmpFile); } catch {}
+  if (gh.no_gh) {
+    const issueUrl = `${REGISTRY_ISSUES}?title=Bundle%3A+${encodeURIComponent(def.name)}&body=${encodeURIComponent('Bundle definition:\n\n```json\n' + bundleJson + '\n```')}`;
+    return {
+      success: true,
+      gh_not_installed: true,
+      instructions: [
+        '1. Install gh CLI: https://cli.github.com',
+        `   OR open this pre-filled issue directly: ${issueUrl}`,
+        '2. Paste the bundle JSON shown below into the issue body',
+      ].join('\n'),
+      bundle_json: bundleJson,
+      submit_url: issueUrl,
+    };
+  }
+  if (!gh.ok) return { error: gh.error };
+  const issueUrl = `${REGISTRY_ISSUES}?title=Bundle%3A+${encodeURIComponent(def.name)}&body=Gist%3A+${encodeURIComponent(gh.url)}`;
+  return { success: true, gist_url: gh.url, submit_url: issueUrl, message: `Bundle published! Submit: ${issueUrl}` };
+}
+export function getTopRated(topK = 10) {
+  const db = getDb();
+  return db.prepare(`
+    SELECT s.id, s.name, s.description, s.source,
+           r.uses, r.success, r.fail,
+           CASE WHEN (r.success + r.fail) > 0
+                THEN ROUND(CAST(r.success AS FLOAT) / (r.success + r.fail), 2)
+                ELSE NULL END as rating
+    FROM skills s
+    LEFT JOIN ratings r ON s.id = r.skill_id
+    WHERE (r.success + r.fail) >= 3
+    ORDER BY rating DESC, r.uses DESC
+    LIMIT ?
+  `).all(topK);
+}
+export function recordUse(skillId) {
+  const db = getDb();
+  db.prepare(`
+    INSERT INTO ratings (skill_id, uses, success, fail)
+    VALUES (?, 1, 0, 0)
+    ON CONFLICT(skill_id) DO UPDATE SET uses = uses + 1
+  `).run(skillId);
+}
+export function recordSuccess(skillId) {
+  const db = getDb();
+  db.prepare(`
+    INSERT INTO ratings (skill_id, uses, success, fail)
+    VALUES (?, 0, 1, 0)
+    ON CONFLICT(skill_id) DO UPDATE SET success = success + 1
+  `).run(skillId);
+}
+export function recordFail(skillId) {
+  const db = getDb();
+  db.prepare(`
+    INSERT INTO ratings (skill_id, uses, success, fail)
+    VALUES (?, 0, 0, 1)
+    ON CONFLICT(skill_id) DO UPDATE SET fail = fail + 1
+  `).run(skillId);
+}

package/package.json CHANGED Viewed

@@ -1,53 +1,54 @@
-{
-  "name": "promptgraph-mcp",
-  "version": "1.7.0",
-  "main": "index.js",
-  "type": "module",
-  "bin": {
-    "pg": "./index.js",
-    "promptgraph": "./index.js",
-    "promptgraph-mcp": "./index.js"
-  },
-  "scripts": {
-    "start": "node index.js",
-    "init": "node index.js init",
-    "reindex": "node index.js reindex",
-    "test": "vitest run"
-  },
-  "keywords": [
-    "claude",
-    "claude-code",
-    "mcp",
-    "ai",
-    "skills",
-    "embeddings"
-  ],
-  "author": "NeiP4n",
-  "license": "MIT",
-  "description": "Semantic skill router for Claude Code — load only the skills you need, save 20k+ tokens per session",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/NeiP4n/promptgraph.git"
-  },
-  "homepage": "https://github.com/NeiP4n/promptgraph#readme",
-  "engines": {
-    "node": ">=18"
-  },
-  "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.29.0",
-    "better-sqlite3": "^12.10.0",
-    "boxen": "^8.0.1",
-    "chalk": "^5.6.2",
-    "chokidar": "^5.0.0",
-    "fastembed": "^2.1.0",
-    "glob": "^13.0.6",
-    "gray-matter": "^4.0.3",
-    "ora": "^9.4.0"
-  },
-  "devDependencies": {
-    "vitest": "^4.1.8"
-  },
-  "overrides": {
-    "tar": "^6.2.1"
-  }
-}
+{
+  "name": "promptgraph-mcp",
+  "version": "1.8.0",
+  "main": "index.js",
+  "type": "module",
+  "bin": {
+    "pg": "./index.js",
+    "promptgraph": "./index.js",
+    "promptgraph-mcp": "./index.js"
+  },
+  "scripts": {
+    "start": "node index.js",
+    "init": "node index.js init",
+    "reindex": "node index.js reindex",
+    "test": "vitest run"
+  },
+  "keywords": [
+    "claude",
+    "claude-code",
+    "mcp",
+    "ai",
+    "skills",
+    "embeddings"
+  ],
+  "author": "NeiP4n",
+  "license": "MIT",
+  "description": "Semantic skill router for Claude Code — load only the skills you need, save 20k+ tokens per session",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/NeiP4n/promptgraph.git"
+  },
+  "homepage": "https://github.com/NeiP4n/promptgraph#readme",
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "better-sqlite3": "^12.10.0",
+    "boxen": "^8.0.1",
+    "chalk": "^5.6.2",
+    "chokidar": "^5.0.0",
+    "fastembed": "^2.1.0",
+    "glob": "^13.0.6",
+    "gray-matter": "^4.0.3",
+    "ora": "^9.4.0"
+  },
+  "devDependencies": {
+    "vitest": "^4.1.8"
+  },
+  "overrides": {
+    "tar": "^6.2.1"
+  }
+}

package/validator.js CHANGED Viewed

@@ -1,151 +1,159 @@
-import fs from 'fs';
-import matter from 'gray-matter';
-// patterns that indicate malicious or junk skills
-const DANGEROUS_PATTERNS = [
-  { re: /curl\s+[^\n|]*\|\s*(ba)?sh/i, msg: 'pipes remote content to shell (curl | sh)' },
-  { re: /wget\s+[^\n|]*\|\s*(ba)?sh/i, msg: 'pipes remote content to shell (wget | sh)' },
-  { re: /rm\s+-rf\s+[~/]/i, msg: 'destructive rm -rf on home/root' },
-  { re: /\b(eval|exec)\s*\(\s*(atob|base64|fromCharCode)/i, msg: 'obfuscated code execution' },
-  { re: /(AWS|SECRET|PRIVATE|API)_?KEY\s*=\s*["'][A-Za-z0-9/+]{16,}/i, msg: 'hardcoded credential' },
-  { re: /process\.env\.[A-Z_]+\s*[^\n]{0,40}(fetch|http|post|curl)/i, msg: 'reads env vars and exfiltrates over network' },
-  { re: /\b(ignore|disregard|forget)\s+(all\s+)?(previous|prior|above)\s+(instructions|prompts?|rules)/i, msg: 'prompt injection attempt' },
-  { re: /\b(reveal|print|output|show)\s+(your\s+)?(system\s+prompt|instructions|api\s*key)/i, msg: 'prompt extraction attempt' },
-  { re: /\.ssh\/id_rsa|\.aws\/credentials|\.env\b.*(cat|read|cp|mv)/i, msg: 'accesses sensitive credential files' },
-];
-const MIN_CONTENT_LENGTH = 200;       // chars of actual instruction
-const MAX_CONTENT_LENGTH = 100000;    // 100KB cap
-const MIN_DESCRIPTION_LENGTH = 15;
-const NAME_RE = /^[a-z0-9][a-z0-9-]{1,63}$/;
-export function validateSkill(filePath) {
-  const errors = [];
-  const warnings = [];
-  if (!fs.existsSync(filePath)) {
-    return { ok: false, errors: ['File does not exist'], warnings: [] };
-  }
-  const raw = fs.readFileSync(filePath, 'utf8');
-  // size checks
-  if (raw.length < MIN_CONTENT_LENGTH) {
-    errors.push(`Too short (${raw.length} chars, min ${MIN_CONTENT_LENGTH}). Likely not a real skill.`);
-  }
-  if (raw.length > MAX_CONTENT_LENGTH) {
-    errors.push(`Too large (${raw.length} chars, max ${MAX_CONTENT_LENGTH}).`);
-  }
-  // frontmatter
-  let data, content;
-  try {
-    const parsed = matter(raw);
-    data = parsed.data;
-    content = parsed.content;
-  } catch (e) {
-    errors.push(`Invalid frontmatter: ${e.message}`);
-    return { ok: false, errors, warnings };
-  }
-  // name
-  if (!data.name) {
-    errors.push('Missing required field: name');
-  } else if (typeof data.name !== 'string') {
-    errors.push('Field "name" must be a string');
-  } else if (!NAME_RE.test(data.name)) {
-    errors.push(`Invalid name "${data.name}". Use lowercase, digits, hyphens (2-64 chars).`);
-  }
-  // description
-  if (!data.description) {
-    errors.push('Missing required field: description');
-  } else if (typeof data.description !== 'string') {
-    errors.push('Field "description" must be a string');
-  } else if (data.description.trim().length < MIN_DESCRIPTION_LENGTH) {
-    errors.push(`Description too short (min ${MIN_DESCRIPTION_LENGTH} chars).`);
-  }
-  // body must have real instruction content
-  if (content && content.trim().length < MIN_CONTENT_LENGTH) {
-    warnings.push('Body is very short — may lack actionable instructions.');
-  }
-  // security scan over the whole file
-  for (const { re, msg } of DANGEROUS_PATTERNS) {
-    if (re.test(raw)) {
-      errors.push(`Security: ${msg}`);
-    }
-  }
-  // junk filename heuristic
-  const base = filePath.split(/[\\/]/).pop().toLowerCase();
-  if (['readme.md', 'changelog.md', 'license.md', 'contributing.md'].includes(base)) {
-    warnings.push('Filename looks like a docs file, not a skill.');
-  }
-  return { ok: errors.length === 0, errors, warnings };
-}
-const BUNDLE_ID_RE = /^[a-z0-9][a-z0-9-]{1,63}$/;
-export function validateBundle(def) {
-  const errors = [];
-  const warnings = [];
-  if (!def.id || typeof def.id !== 'string') {
-    errors.push('Missing required field: id');
-  } else if (!BUNDLE_ID_RE.test(def.id)) {
-    errors.push(`Invalid id "${def.id}". Use lowercase, digits, hyphens (2-64 chars).`);
-  }
-  if (!def.name || typeof def.name !== 'string' || def.name.trim().length < 3) {
-    errors.push('Missing or too short field: name (min 3 chars)');
-  }
-  if (!def.description || typeof def.description !== 'string' || def.description.trim().length < 15) {
-    errors.push('Missing or too short field: description (min 15 chars)');
-  }
-  if (!Array.isArray(def.skills) || def.skills.length < 2) {
-    errors.push('Field "skills" must be an array with at least 2 skill IDs');
-  } else {
-    for (const s of def.skills) {
-      if (typeof s !== 'string' || !BUNDLE_ID_RE.test(s)) {
-        errors.push(`Invalid skill id in bundle: "${s}"`);
-      }
-    }
-  }
-  if (def.tags && !Array.isArray(def.tags)) {
-    errors.push('Field "tags" must be an array of strings');
-  }
-  if (def.skills?.length > 20) {
-    warnings.push('Bundle has more than 20 skills — consider splitting into sub-bundles');
-  }
-  return { ok: errors.length === 0, errors, warnings };
-}
-// CLI: node validator.js <file>
-if (import.meta.url === `file://${process.argv[1]}`) {
-  const file = process.argv[2];
-  if (!file) {
-    console.error('Usage: node validator.js <skill.md>');
-    process.exit(1);
-  }
-  const result = validateSkill(file);
-  if (result.warnings.length) {
-    console.log('⚠ Warnings:');
-    result.warnings.forEach(w => console.log('  - ' + w));
-  }
-  if (result.ok) {
-    console.log('✓ Skill is valid');
-    process.exit(0);
-  } else {
-    console.log('✗ Validation failed:');
-    result.errors.forEach(e => console.log('  - ' + e));
-    process.exit(1);
-  }
-}
+import fs from 'fs';
+import matter from 'gray-matter';
+// patterns that indicate malicious or junk skills
+const DANGEROUS_PATTERNS = [
+  { re: /curl\s+[^\n|]*\|\s*(ba)?sh/i, msg: 'pipes remote content to shell (curl | sh)' },
+  { re: /wget\s+[^\n|]*\|\s*(ba)?sh/i, msg: 'pipes remote content to shell (wget | sh)' },
+  { re: /rm\s+-rf\s+[~/]/i, msg: 'destructive rm -rf on home/root' },
+  { re: /\b(eval|exec)\s*\(\s*(atob|base64|fromCharCode)/i, msg: 'obfuscated code execution' },
+  { re: /(AWS|SECRET|PRIVATE|API)_?KEY\s*=\s*["'][A-Za-z0-9/+]{16,}/i, msg: 'hardcoded credential' },
+  { re: /process\.env\.[A-Z_]+\s*[^\n]{0,40}(fetch|http|post|curl)/i, msg: 'reads env vars and exfiltrates over network' },
+  { re: /\b(ignore|disregard|forget)\s+(all\s+)?(previous|prior|above)\s+(instructions|prompts?|rules)/i, msg: 'prompt injection attempt' },
+  { re: /\b(reveal|print|output|show)\s+(your\s+)?(system\s+prompt|instructions|api\s*key)/i, msg: 'prompt extraction attempt' },
+  { re: /\.ssh\/id_rsa|\.aws\/credentials|\.env\b.*(cat|read|cp|mv)/i, msg: 'accesses sensitive credential files' },
+];
+const MIN_CONTENT_LENGTH = 200;       // chars of actual instruction
+const MAX_CONTENT_LENGTH = 100000;    // 100KB cap
+const MIN_DESCRIPTION_LENGTH = 15;
+const NAME_RE = /^[a-z0-9][a-z0-9-]{1,63}$/;
+export function validateSkill(filePath) {
+  const errors = [];
+  const warnings = [];
+  if (!fs.existsSync(filePath)) {
+    return { ok: false, errors: ['File does not exist'], warnings: [] };
+  }
+  const raw = fs.readFileSync(filePath, 'utf8');
+  // size checks
+  if (raw.length < MIN_CONTENT_LENGTH) {
+    errors.push(`Too short (${raw.length} chars, min ${MIN_CONTENT_LENGTH}). Likely not a real skill.`);
+  }
+  if (raw.length > MAX_CONTENT_LENGTH) {
+    errors.push(`Too large (${raw.length} chars, max ${MAX_CONTENT_LENGTH}).`);
+  }
+  // frontmatter
+  let data, content;
+  try {
+    const parsed = matter(raw);
+    data = parsed.data;
+    content = parsed.content;
+  } catch (e) {
+    errors.push(`Invalid frontmatter: ${e.message}`);
+    return { ok: false, errors, warnings };
+  }
+  // name
+  if (!data.name) {
+    errors.push('Missing required field: name');
+  } else if (typeof data.name !== 'string') {
+    errors.push('Field "name" must be a string');
+  } else if (!NAME_RE.test(data.name)) {
+    errors.push(`Invalid name "${data.name}". Use lowercase, digits, hyphens (2-64 chars).`);
+  }
+  // description
+  if (!data.description) {
+    errors.push('Missing required field: description');
+  } else if (typeof data.description !== 'string') {
+    errors.push('Field "description" must be a string');
+  } else if (data.description.trim().length < MIN_DESCRIPTION_LENGTH) {
+    errors.push(`Description too short (min ${MIN_DESCRIPTION_LENGTH} chars).`);
+  }
+  // body must have real instruction content
+  if (content && content.trim().length < MIN_CONTENT_LENGTH) {
+    warnings.push('Body is very short — may lack actionable instructions.');
+  }
+  // security scan over the whole file
+  for (const { re, msg } of DANGEROUS_PATTERNS) {
+    if (re.test(raw)) {
+      errors.push(`Security: ${msg}`);
+    }
+  }
+  // junk filename heuristic
+  const base = filePath.split(/[\\/]/).pop().toLowerCase();
+  if (['readme.md', 'changelog.md', 'license.md', 'contributing.md'].includes(base)) {
+    warnings.push('Filename looks like a docs file, not a skill.');
+  }
+  return { ok: errors.length === 0, errors, warnings };
+}
+const BUNDLE_ID_RE = /^[a-z0-9][a-z0-9-]{1,63}$/;
+const GITHUB_REPO_RE = /^(https?:\/\/github\.com\/[\w.-]+\/[\w.-]+|[\w.-]+\/[\w.-]+)$/;
+export function validateBundle(def) {
+  const errors = [];
+  const warnings = [];
+  if (!def.id || typeof def.id !== 'string') {
+    errors.push('Missing required field: id');
+  } else if (!BUNDLE_ID_RE.test(def.id)) {
+    errors.push(`Invalid id "${def.id}". Use lowercase, digits, hyphens (2-64 chars).`);
+  }
+  if (!def.name || typeof def.name !== 'string' || def.name.trim().length < 3) {
+    errors.push('Missing or too short field: name (min 3 chars)');
+  }
+  if (!def.description || typeof def.description !== 'string' || def.description.trim().length < 15) {
+    errors.push('Missing or too short field: description (min 15 chars)');
+  }
+  if (def.repo_url) {
+    if (!GITHUB_REPO_RE.test(def.repo_url)) {
+      errors.push(`Invalid repo_url "${def.repo_url}". Use "owner/repo" or a full GitHub URL.`);
+    }
+  } else {
+    if (!Array.isArray(def.skills) || def.skills.length < 1) {
+      errors.push('Field "skills" must be an array with at least 1 skill ID (or use repo_url instead)');
+    } else {
+      for (const s of def.skills) {
+        if (typeof s !== 'string' || !BUNDLE_ID_RE.test(s)) {
+          errors.push(`Invalid skill id in bundle: "${s}"`);
+        }
+      }
+    }
+  }
+  if (def.tags && !Array.isArray(def.tags)) {
+    errors.push('Field "tags" must be an array of strings');
+  }
+  if (def.skills?.length > 20) {
+    warnings.push('Bundle has more than 20 skills — consider splitting into sub-bundles');
+  }
+  return { ok: errors.length === 0, errors, warnings };
+}
+// CLI: node validator.js <file>
+if (import.meta.url === `file://${process.argv[1]}`) {
+  const file = process.argv[2];
+  if (!file) {
+    console.error('Usage: node validator.js <skill.md>');
+    process.exit(1);
+  }
+  const result = validateSkill(file);
+  if (result.warnings.length) {
+    console.log('⚠ Warnings:');
+    result.warnings.forEach(w => console.log('  - ' + w));
+  }
+  if (result.ok) {
+    console.log('✓ Skill is valid');
+    process.exit(0);
+  } else {
+    console.log('✗ Validation failed:');
+    result.errors.forEach(e => console.log('  - ' + e));
+    process.exit(1);
+  }
+}