rulesync 8.6.0 → 8.7.0

package/dist/cli/index.js

@@ -31,6 +31,7 @@ import {
   RULESYNC_MCP_SCHEMA_URL,
   RULESYNC_OVERVIEW_FILE_NAME,
   RULESYNC_PERMISSIONS_FILE_NAME,
+  RULESYNC_PERMISSIONS_RELATIVE_FILE_PATH,
   RULESYNC_RELATIVE_DIR_PATH,
   RULESYNC_RULES_RELATIVE_DIR_PATH,
   RULESYNC_SKILLS_RELATIVE_DIR_PATH,
@@ -42,6 +43,7 @@ import {
   RulesyncHooks,
   RulesyncIgnore,
   RulesyncMcp,
+  RulesyncPermissions,
   RulesyncRule,
   RulesyncRuleFrontmatterSchema,
   RulesyncSkill,
@@ -62,6 +64,7 @@ import {
   formatError,
   generate,
   getFileSize,
+  getHomeDirectory,
   getLocalSkillDirNames,
   importFromTool,
   isFeatureValueEnabled,
@@ -74,7 +77,7 @@ import {
   stringifyFrontmatter,
   toPosixPath,
   writeFileContent
-} from "../chunk-ILMHM7BF.js";
+} from "../chunk-QGQQJNZD.js";
 
 // src/cli/index.ts
 import { Command } from "commander";
@@ -1948,13 +1951,1171 @@ async function initCommand(logger5) {
   logger5.info("2. Run 'rulesync generate' to create configuration files");
 }
 
-// src/lib/sources.ts
-import { join as join6, resolve, sep } from "path";
+// src/lib/apm/apm-install.ts
+import { createHash } from "crypto";
+import { join as join6, posix as posix2 } from "path";
 import { Semaphore as Semaphore2 } from "es-toolkit/promise";
 
+// src/lib/apm/apm-lock.ts
+import { join as join4 } from "path";
+import { dump, load } from "js-yaml";
+import { nonnegative, optional, refine, z as z4 } from "zod/mini";
+var APM_LOCKFILE_FILE_NAME = "rulesync-apm.lock.yaml";
+var APM_LOCKFILE_VERSION = "1";
+var RULESYNC_CONTENT_HASH_REGEX = /^sha256:[0-9a-f]{64}$/;
+var ApmLockDependencySchema = z4.looseObject({
+  repo_url: z4.string(),
+  resolved_commit: optional(
+    z4.string().check(refine((v) => /^[0-9a-f]{40}$/.test(v), "resolved_commit must be a 40-char hex SHA"))
+  ),
+  resolved_ref: optional(z4.string()),
+  version: optional(z4.string()),
+  depth: z4.int().check(nonnegative()),
+  resolved_by: optional(z4.string()),
+  package_type: z4.string(),
+  // Intentionally loose: the upstream `apm` CLI may write content_hash values
+  // that do not match the strict rulesync format. We accept any string on read
+  // so that a lockfile produced by `apm` round-trips through rulesync without
+  // throwing. Rulesync itself always writes values matching
+  // `RULESYNC_CONTENT_HASH_REGEX`, and `--frozen` integrity checks only
+  // enforce the comparison when the recorded hash matches that shape.
+  content_hash: optional(z4.string()),
+  is_dev: optional(z4.boolean()),
+  deployed_files: z4.array(z4.string()),
+  source: optional(z4.string()),
+  local_path: optional(z4.string()),
+  virtual_path: optional(z4.string()),
+  is_virtual: optional(z4.boolean())
+});
+var ApmLockSchema = z4.looseObject({
+  lockfile_version: z4.literal("1"),
+  generated_at: z4.string(),
+  apm_version: z4.string(),
+  dependencies: z4.array(ApmLockDependencySchema),
+  mcp_servers: optional(z4.array(z4.string()))
+});
+function getApmLockPath(baseDir) {
+  return join4(baseDir, APM_LOCKFILE_FILE_NAME);
+}
+function createEmptyApmLock(params) {
+  const base = params.existingLock ? { ...params.existingLock } : {};
+  return {
+    ...base,
+    lockfile_version: APM_LOCKFILE_VERSION,
+    generated_at: (/* @__PURE__ */ new Date()).toISOString(),
+    apm_version: params.apmVersion,
+    dependencies: []
+  };
+}
+function parseApmLock(content) {
+  if (!content.trim()) {
+    return null;
+  }
+  let loaded;
+  try {
+    loaded = load(content);
+  } catch {
+    return null;
+  }
+  if (!loaded || typeof loaded !== "object") {
+    return null;
+  }
+  const parsed = ApmLockSchema.safeParse(loaded);
+  if (!parsed.success) {
+    const issues = parsed.error.issues.map((issue) => `  - ${issue.path.join(".") || "<root>"}: ${issue.message}`).join("\n");
+    throw new Error(`Invalid ${APM_LOCKFILE_FILE_NAME}:
+${issues}`);
+  }
+  return parsed.data;
+}
+async function readApmLock(baseDir) {
+  const path2 = getApmLockPath(baseDir);
+  if (!await fileExists(path2)) {
+    return null;
+  }
+  const content = await readFileContent(path2);
+  return parseApmLock(content);
+}
+async function writeApmLock(params) {
+  const path2 = getApmLockPath(params.baseDir);
+  const content = serializeApmLock(params.lock);
+  await writeFileContent(path2, content);
+}
+function serializeApmLock(lock) {
+  return dump(lock, { noRefs: true, lineWidth: -1, sortKeys: false });
+}
+function findApmLockDependency(lock, repoUrl) {
+  const target = repoUrl.toLowerCase();
+  return lock.dependencies.find((d) => d.repo_url.toLowerCase() === target);
+}
+
+// src/lib/apm/apm-manifest.ts
+import { join as join5 } from "path";
+import { dump as dump2, load as load2 } from "js-yaml";
+import { optional as optional2, z as z5 } from "zod/mini";
+var APM_MANIFEST_FILE_NAME = "apm.yml";
+var ApmObjectDependencySchema = z5.looseObject({
+  git: optional2(z5.string()),
+  source: optional2(z5.string()),
+  path: optional2(z5.string()),
+  ref: optional2(z5.string()),
+  alias: optional2(z5.string())
+});
+var ApmDependencyInputSchema = z5.union([z5.string(), ApmObjectDependencySchema]);
+var ApmManifestSchema = z5.looseObject({
+  name: optional2(z5.string()),
+  version: optional2(z5.string()),
+  dependencies: optional2(
+    z5.looseObject({
+      apm: optional2(z5.array(ApmDependencyInputSchema))
+    })
+  )
+});
+function getApmManifestPath(baseDir) {
+  return join5(baseDir, APM_MANIFEST_FILE_NAME);
+}
+async function apmManifestExists(baseDir) {
+  return fileExists(getApmManifestPath(baseDir));
+}
+function parseApmManifest(content) {
+  const loaded = load2(content);
+  if (loaded === void 0 || loaded === null) {
+    return { dependencies: [] };
+  }
+  const parsed = ApmManifestSchema.safeParse(loaded);
+  if (!parsed.success) {
+    throw new Error(`Invalid apm.yml: ${parsed.error.message}`);
+  }
+  const raw = parsed.data;
+  const rawDeps = raw.dependencies?.apm ?? [];
+  const dependencies = rawDeps.map(
+    (entry, index) => normalizeDependency(entry, index)
+  );
+  return {
+    name: raw.name,
+    version: raw.version,
+    dependencies
+  };
+}
+async function readApmManifest(baseDir) {
+  const path2 = getApmManifestPath(baseDir);
+  const content = await readFileContent(path2);
+  return parseApmManifest(content);
+}
+function normalizeDependency(entry, index) {
+  if (typeof entry === "string") {
+    return normalizeStringDependency(entry, index);
+  }
+  const gitUrl = entry.git ?? entry.source;
+  if (!gitUrl) {
+    throw new Error(
+      `apm.yml dependency #${index + 1}: object form requires a "git" field. Received: ${JSON.stringify(entry)}.`
+    );
+  }
+  const parsedUrl = parseHttpsGitHubUrl(gitUrl);
+  if (!parsedUrl) {
+    throw new Error(
+      `apm.yml dependency #${index + 1}: unsupported git URL "${gitUrl}". Only HTTPS GitHub URLs (https://github.com/owner/repo[.git]) are supported in this version. SSH, GitLab, Bitbucket, and other hosts are not yet supported.`
+    );
+  }
+  if (entry.path !== void 0) {
+    validateSubPath(entry.path, index);
+  }
+  return {
+    gitUrl: parsedUrl.gitUrl,
+    owner: parsedUrl.owner,
+    repo: parsedUrl.repo,
+    ref: entry.ref,
+    path: entry.path,
+    alias: entry.alias
+  };
+}
+function validateSubPath(subPath, index) {
+  if (subPath === "" || subPath.startsWith("/") || subPath.startsWith("\\")) {
+    throw new Error(
+      `apm.yml dependency #${index + 1}: "path" must be a non-empty relative path without a leading slash. Received: ${JSON.stringify(subPath)}.`
+    );
+  }
+  const segments = subPath.split(/[/\\]/);
+  if (segments.includes("..")) {
+    throw new Error(
+      `apm.yml dependency #${index + 1}: "path" must not contain ".." segments. Received: ${JSON.stringify(subPath)}.`
+    );
+  }
+}
+function normalizeStringDependency(entry, index) {
+  const trimmed = entry.trim();
+  if (!trimmed) {
+    throw new Error(`apm.yml dependency #${index + 1}: entry must be a non-empty string.`);
+  }
+  rejectUnsupportedShorthand(trimmed, index);
+  if (trimmed.startsWith("https://")) {
+    const [urlPart, refPart2] = splitOnFirst(trimmed, "#");
+    const parsed = parseHttpsGitHubUrl(urlPart);
+    if (!parsed) {
+      throw new Error(
+        `apm.yml dependency #${index + 1}: unsupported URL "${urlPart}". Only HTTPS GitHub URLs (https://github.com/owner/repo[.git]) are supported in this version.`
+      );
+    }
+    return {
+      gitUrl: parsed.gitUrl,
+      owner: parsed.owner,
+      repo: parsed.repo,
+      ref: refPart2 || void 0
+    };
+  }
+  const [ownerRepo, refPart] = splitOnFirst(trimmed, "#");
+  const slashIndex = ownerRepo.indexOf("/");
+  if (slashIndex === -1 || slashIndex === 0 || slashIndex === ownerRepo.length - 1) {
+    throw new Error(
+      `apm.yml dependency #${index + 1}: shorthand "${entry}" must be in the form "owner/repo[#ref]".`
+    );
+  }
+  if (ownerRepo.includes("/", slashIndex + 1)) {
+    throw new Error(
+      `apm.yml dependency #${index + 1}: FQDN shorthand or sub-path shorthand ("${entry}") is not yet supported. Use the object form with an explicit "git" URL.`
+    );
+  }
+  const owner = ownerRepo.substring(0, slashIndex).toLowerCase();
+  const repo = ownerRepo.substring(slashIndex + 1).toLowerCase();
+  return {
+    gitUrl: `https://github.com/${owner}/${repo}.git`,
+    owner,
+    repo,
+    ref: refPart || void 0
+  };
+}
+function rejectUnsupportedShorthand(entry, index) {
+  if (entry.startsWith("./") || entry.startsWith("../") || entry.startsWith("/")) {
+    throw new Error(
+      `apm.yml dependency #${index + 1}: local path dependencies ("${entry}") are not yet supported by rulesync.`
+    );
+  }
+  if (entry.startsWith("git@") || entry.startsWith("ssh://")) {
+    throw new Error(
+      `apm.yml dependency #${index + 1}: SSH URL dependencies ("${entry}") are not yet supported. Use an HTTPS GitHub URL.`
+    );
+  }
+  if (entry.includes("@marketplace")) {
+    throw new Error(
+      `apm.yml dependency #${index + 1}: APM marketplace dependencies ("${entry}") are not yet supported.`
+    );
+  }
+}
+function parseHttpsGitHubUrl(url) {
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    return null;
+  }
+  const host = parsed.hostname.toLowerCase();
+  if (host !== "github.com" && host !== "www.github.com") {
+    return null;
+  }
+  const segments = parsed.pathname.split("/").filter(Boolean);
+  if (segments.length < 2) {
+    return null;
+  }
+  const rawOwner = segments[0];
+  const rawRepo = segments[1];
+  if (!rawOwner || !rawRepo) {
+    return null;
+  }
+  const owner = rawOwner.toLowerCase();
+  const repo = rawRepo.replace(/\.git$/, "").toLowerCase();
+  return {
+    gitUrl: `https://github.com/${owner}/${repo}.git`,
+    owner,
+    repo
+  };
+}
+function splitOnFirst(input, separator) {
+  const idx = input.indexOf(separator);
+  if (idx === -1) return [input, void 0];
+  return [input.substring(0, idx), input.substring(idx + 1)];
+}
+
+// src/lib/apm/apm-install.ts
+var RULESYNC_APM_COMPAT_VERSION = "rulesync-compat/0.1";
+var APM_PRIMITIVES = [
+  {
+    sourceDir: ".apm/instructions",
+    deployDir: ".github/instructions",
+    packageType: "apm_package"
+  },
+  {
+    sourceDir: ".apm/skills",
+    deployDir: ".github/skills",
+    packageType: "apm_package"
+  }
+];
+async function installApm(params) {
+  const { baseDir, options = {}, logger: logger5 } = params;
+  const manifest = await readApmManifest(baseDir);
+  if (manifest.dependencies.length === 0) {
+    logger5.warn("apm.yml has no dependencies.apm entries. Nothing to install.");
+    return { dependenciesProcessed: 0, deployedFileCount: 0, failedDependencyCount: 0 };
+  }
+  const existingLock = await readApmLock(baseDir);
+  if (options.frozen) {
+    if (!existingLock) {
+      throw new Error(
+        "Frozen install failed: rulesync-apm.lock.yaml is missing. Run 'rulesync install --mode apm' to create it."
+      );
+    }
+    const missing = manifest.dependencies.filter(
+      (dep) => !findApmLockDependency(existingLock, canonicalRepoUrl(dep))
+    );
+    if (missing.length > 0) {
+      const names = missing.map((d) => d.gitUrl).join(", ");
+      throw new Error(
+        `Frozen install failed: rulesync-apm.lock.yaml is missing entries for: ${names}. Run 'rulesync install --mode apm' to update the lockfile.`
+      );
+    }
+    const drifted = manifest.dependencies.filter((dep) => {
+      if (dep.ref === void 0) return false;
+      const locked = findApmLockDependency(existingLock, canonicalRepoUrl(dep));
+      return locked?.resolved_ref !== void 0 && locked.resolved_ref !== dep.ref;
+    });
+    if (drifted.length > 0) {
+      const names = drifted.map((d) => {
+        const locked = findApmLockDependency(existingLock, canonicalRepoUrl(d));
+        return `${d.gitUrl} (manifest=${d.ref}, lock=${locked?.resolved_ref})`;
+      }).join(", ");
+      throw new Error(
+        `Frozen install failed: manifest ref does not match rulesync-apm.lock.yaml for: ${names}. Run 'rulesync install --mode apm' to update the lockfile.`
+      );
+    }
+  }
+  const token = GitHubClient.resolveToken(options.token);
+  const client = new GitHubClient({ token });
+  const semaphore = new Semaphore2(FETCH_CONCURRENCY_LIMIT);
+  const newLock = createEmptyApmLock({
+    apmVersion: existingLock?.apm_version ?? RULESYNC_APM_COMPAT_VERSION,
+    existingLock
+  });
+  const frozen = options.frozen ?? false;
+  const runOne = async (dep) => {
+    const installed = await installDependency({
+      dep,
+      client,
+      semaphore,
+      baseDir,
+      existingLock,
+      frozen,
+      update: options.update ?? false,
+      logger: logger5
+    });
+    return {
+      status: "ok",
+      lockEntry: installed.lockEntry,
+      deployedCount: installed.deployedFiles.length
+    };
+  };
+  const results = frozen ? await Promise.all(manifest.dependencies.map(runOne)) : await Promise.all(
+    manifest.dependencies.map(async (dep) => {
+      try {
+        return await runOne(dep);
+      } catch (error) {
+        logger5.error(`Failed to install apm dependency "${dep.gitUrl}": ${formatError(error)}`);
+        if (error instanceof GitHubClientError) {
+          logGitHubAuthHints({ error, logger: logger5 });
+        }
+        const previous = existingLock ? findApmLockDependency(existingLock, canonicalRepoUrl(dep)) : void 0;
+        return { status: "failed", previous };
+      }
+    })
+  );
+  let totalDeployed = 0;
+  let failedCount = 0;
+  for (const result of results) {
+    if (result.status === "ok") {
+      newLock.dependencies.push(result.lockEntry);
+      totalDeployed += result.deployedCount;
+    } else {
+      failedCount += 1;
+      if (result.previous) {
+        newLock.dependencies.push(result.previous);
+      }
+    }
+  }
+  if (existingLock) {
+    const newDeployedFiles = new Set(newLock.dependencies.flatMap((d) => d.deployed_files));
+    const toDelete = [];
+    for (const prev of existingLock.dependencies) {
+      for (const deployed of prev.deployed_files) {
+        if (!newDeployedFiles.has(deployed)) {
+          toDelete.push(deployed);
+        }
+      }
+    }
+    for (const relativePath of toDelete) {
+      if (posix2.isAbsolute(relativePath) || relativePath.split(/[/\\]/).includes("..")) {
+        logger5.warn(`Refusing to remove stale apm file with suspicious path: "${relativePath}".`);
+        continue;
+      }
+      try {
+        checkPathTraversal({ relativePath, intendedRootDir: baseDir });
+      } catch {
+        logger5.warn(`Refusing to remove stale apm file outside baseDir: "${relativePath}".`);
+        continue;
+      }
+      const absolute = join6(baseDir, relativePath);
+      await removeFile(absolute);
+      logger5.debug(`Removed stale apm file: ${relativePath}`);
+    }
+  }
+  if (!frozen) {
+    newLock.generated_at = (/* @__PURE__ */ new Date()).toISOString();
+    await writeApmLock({ baseDir, lock: newLock });
+    if (failedCount === 0) {
+      logger5.debug("rulesync-apm.lock.yaml updated.");
+    } else {
+      logger5.warn(
+        `rulesync-apm.lock.yaml written with partially successful installs (${failedCount} dep(s) failed).`
+      );
+    }
+  }
+  return {
+    dependenciesProcessed: manifest.dependencies.length,
+    deployedFileCount: totalDeployed,
+    failedDependencyCount: failedCount
+  };
+}
+async function installDependency(params) {
+  const { dep, client, semaphore, baseDir, existingLock, frozen, update, logger: logger5 } = params;
+  const repoUrl = canonicalRepoUrl(dep);
+  const locked = existingLock ? findApmLockDependency(existingLock, repoUrl) : void 0;
+  let resolvedRef;
+  let resolvedSha;
+  if (locked && !update && locked.resolved_commit && locked.resolved_ref) {
+    resolvedRef = locked.resolved_ref;
+    resolvedSha = locked.resolved_commit;
+    logger5.debug(`Using locked commit for ${repoUrl}: ${resolvedSha}`);
+  } else {
+    resolvedRef = dep.ref ?? await client.getDefaultBranch(dep.owner, dep.repo);
+    resolvedSha = await client.resolveRefToSha(dep.owner, dep.repo, resolvedRef);
+    logger5.debug(`Resolved ${repoUrl} ref "${resolvedRef}" -> ${resolvedSha}`);
+  }
+  const deployed = [];
+  for (const primitive of APM_PRIMITIVES) {
+    const remoteBase = dep.path ? toPosixPath(posix2.join(dep.path, primitive.sourceDir)) : primitive.sourceDir;
+    const files = await listPrimitiveFiles({
+      client,
+      semaphore,
+      owner: dep.owner,
+      repo: dep.repo,
+      ref: resolvedSha,
+      remoteBase,
+      logger: logger5
+    });
+    if (files.length === 0) continue;
+    for (const file of files) {
+      if (file.size > MAX_FILE_SIZE) {
+        logger5.warn(
+          `Skipping "${file.path}" from ${repoUrl}: ${(file.size / 1024 / 1024).toFixed(2)}MB exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit.`
+        );
+        continue;
+      }
+      const relativeToBase = posix2.relative(remoteBase, toPosixPath(file.path));
+      if (!relativeToBase || relativeToBase.startsWith("..") || posix2.isAbsolute(relativeToBase)) {
+        logger5.warn(
+          `Skipping "${file.path}" from ${repoUrl}: resolved outside of "${remoteBase}".`
+        );
+        continue;
+      }
+      const deployRelative = toPosixPath(join6(primitive.deployDir, relativeToBase));
+      checkPathTraversal({
+        relativePath: deployRelative,
+        intendedRootDir: baseDir
+      });
+      const content = await withSemaphore(
+        semaphore,
+        () => client.getFileContent(dep.owner, dep.repo, file.path, resolvedSha)
+      );
+      const byteLength = Buffer.byteLength(content, "utf8");
+      if (byteLength > MAX_FILE_SIZE) {
+        logger5.warn(
+          `Skipping "${file.path}" from ${repoUrl}: fetched ${(byteLength / 1024 / 1024).toFixed(2)}MB exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit.`
+        );
+        continue;
+      }
+      deployed.push({ path: deployRelative, content });
+      if (!frozen) {
+        await writeFileContent(join6(baseDir, deployRelative), content);
+      }
+    }
+  }
+  deployed.sort((a, b) => a.path < b.path ? -1 : a.path > b.path ? 1 : 0);
+  const deployedFiles = deployed.map((d) => d.path);
+  const contentHash = computeContentHash(deployed);
+  if (frozen && locked?.content_hash) {
+    if (RULESYNC_CONTENT_HASH_REGEX.test(locked.content_hash)) {
+      if (locked.content_hash !== contentHash) {
+        throw new Error(
+          `content_hash mismatch for ${repoUrl}: lock=${locked.content_hash} computed=${contentHash}. Refuse to trust the deployment under --frozen.`
+        );
+      }
+    } else {
+      logger5.debug(
+        `Skipping content_hash integrity check for ${repoUrl}: recorded hash "${locked.content_hash}" was not written by rulesync.`
+      );
+    }
+  }
+  if (frozen) {
+    for (const { path: deployRelative, content } of deployed) {
+      await writeFileContent(join6(baseDir, deployRelative), content);
+    }
+  }
+  const lockEntry = {
+    repo_url: repoUrl,
+    resolved_commit: resolvedSha,
+    resolved_ref: resolvedRef,
+    depth: 1,
+    package_type: "apm_package",
+    content_hash: contentHash,
+    deployed_files: deployedFiles
+  };
+  if (dep.path) {
+    lockEntry.virtual_path = dep.path;
+  }
+  logger5.info(`Installed ${deployedFiles.length} file(s) from ${repoUrl}@${shortSha(resolvedSha)}`);
+  return { lockEntry, deployedFiles };
+}
+function computeContentHash(files) {
+  const hash = createHash("sha256");
+  for (const { path: path2, content } of files) {
+    hash.update(path2);
+    hash.update("\0");
+    hash.update(content);
+    hash.update("\0");
+  }
+  return `sha256:${hash.digest("hex")}`;
+}
+async function listPrimitiveFiles(params) {
+  const { client, semaphore, owner, repo, ref, remoteBase, logger: logger5 } = params;
+  try {
+    return await listDirectoryRecursive({
+      client,
+      owner,
+      repo,
+      path: remoteBase,
+      ref,
+      semaphore
+    });
+  } catch (error) {
+    if (error instanceof GitHubClientError && error.statusCode === 404) {
+      logger5.debug(`No ${remoteBase}/ in ${owner}/${repo}, skipping.`);
+      return [];
+    }
+    throw error;
+  }
+}
+function canonicalRepoUrl(dep) {
+  return `https://github.com/${dep.owner}/${dep.repo}`;
+}
+function shortSha(sha) {
+  return sha.substring(0, 7);
+}
+
+// src/lib/gh/gh-install.ts
+import { createHash as createHash2 } from "crypto";
+import { basename, join as join9, posix as posix3 } from "path";
+import { Semaphore as Semaphore3 } from "es-toolkit/promise";
+
+// src/lib/gh/gh-frontmatter.ts
+import { dump as dump3, load as load3 } from "js-yaml";
+var FRONTMATTER_FENCE = "---";
+function injectSourceMetadata(params) {
+  const { content, source, repository, ref } = params;
+  const provenance = { source, repository, ref };
+  let openFenceLen;
+  if (content.startsWith(`${FRONTMATTER_FENCE}\r
+`)) {
+    openFenceLen = 5;
+  } else if (content.startsWith(`${FRONTMATTER_FENCE}
+`)) {
+    openFenceLen = 4;
+  } else if (content === FRONTMATTER_FENCE) {
+    openFenceLen = 3;
+  } else {
+    const yaml2 = dump3(provenance, { noRefs: true, lineWidth: -1, sortKeys: false });
+    return `${FRONTMATTER_FENCE}
+${yaml2}${FRONTMATTER_FENCE}
+${content}`;
+  }
+  const afterOpen = content.substring(openFenceLen);
+  let fmBody;
+  let rest;
+  if (afterOpen.startsWith("---\n") || afterOpen.startsWith("---\r\n") || afterOpen === "---") {
+    fmBody = "";
+    const fenceLen = afterOpen.startsWith("---\r\n") ? 5 : afterOpen === "---" ? 3 : 4;
+    rest = afterOpen.substring(fenceLen);
+  } else {
+    const match = /\n---(\r?\n|$)/.exec(afterOpen);
+    if (!match) {
+      throw new Error("invalid frontmatter");
+    }
+    fmBody = afterOpen.substring(0, match.index);
+    rest = afterOpen.substring(match.index + match[0].length);
+  }
+  let loaded;
+  try {
+    loaded = load3(fmBody);
+  } catch {
+    throw new Error("invalid frontmatter");
+  }
+  if (loaded === null || loaded === void 0) {
+    const yaml2 = dump3(provenance, { noRefs: true, lineWidth: -1, sortKeys: false });
+    return `${FRONTMATTER_FENCE}
+${yaml2}${FRONTMATTER_FENCE}
+${rest}`;
+  }
+  if (typeof loaded !== "object" || Array.isArray(loaded)) {
+    throw new Error("invalid frontmatter");
+  }
+  const existing = loaded;
+  const merged = {
+    ...existing,
+    ...provenance
+  };
+  const yaml = dump3(merged, { noRefs: true, lineWidth: -1, sortKeys: false });
+  return `${FRONTMATTER_FENCE}
+${yaml}${FRONTMATTER_FENCE}
+${rest}`;
+}
+
+// src/lib/gh/gh-lock.ts
+import { join as join7 } from "path";
+import { dump as dump4, load as load4 } from "js-yaml";
+import { optional as optional3, refine as refine2, z as z6 } from "zod/mini";
+var GH_LOCKFILE_FILE_NAME = "rulesync-gh.lock.yaml";
+var GH_LOCKFILE_VERSION = "1";
+var RULESYNC_CONTENT_HASH_REGEX2 = /^sha256:[0-9a-f]{64}$/;
+var ScopeSchema = z6.enum(["project", "user"]);
+var GhLockInstallationSchema = z6.looseObject({
+  source: z6.string(),
+  owner: z6.string(),
+  repo: z6.string(),
+  agent: z6.string(),
+  scope: ScopeSchema,
+  skill: z6.string(),
+  requested_ref: optional3(z6.string()),
+  resolved_ref: z6.string(),
+  resolved_commit: z6.string().check(refine2((v) => /^[0-9a-f]{40}$/.test(v), "resolved_commit must be a 40-char hex SHA")),
+  install_dir: z6.string(),
+  deployed_files: z6.array(z6.string()),
+  content_hash: optional3(z6.string())
+});
+var GhLockSchema = z6.looseObject({
+  lockfile_version: z6.literal("1"),
+  generated_at: z6.string(),
+  installations: z6.array(GhLockInstallationSchema)
+});
+function getGhLockPath(baseDir) {
+  return join7(baseDir, GH_LOCKFILE_FILE_NAME);
+}
+function createEmptyGhLock(params) {
+  const base = params?.existingLock ? { ...params.existingLock } : {};
+  return {
+    ...base,
+    lockfile_version: GH_LOCKFILE_VERSION,
+    generated_at: (/* @__PURE__ */ new Date()).toISOString(),
+    installations: []
+  };
+}
+function parseGhLock(content) {
+  if (!content.trim()) {
+    return null;
+  }
+  let loaded;
+  try {
+    loaded = load4(content);
+  } catch {
+    return null;
+  }
+  if (!loaded || typeof loaded !== "object") {
+    return null;
+  }
+  const parsed = GhLockSchema.safeParse(loaded);
+  if (!parsed.success) {
+    const issues = parsed.error.issues.map((issue) => `  - ${issue.path.join(".") || "<root>"}: ${issue.message}`).join("\n");
+    throw new Error(`Invalid ${GH_LOCKFILE_FILE_NAME}:
+${issues}`);
+  }
+  return parsed.data;
+}
+async function readGhLock(baseDir) {
+  const path2 = getGhLockPath(baseDir);
+  if (!await fileExists(path2)) {
+    return null;
+  }
+  const content = await readFileContent(path2);
+  return parseGhLock(content);
+}
+async function writeGhLock(params) {
+  const path2 = getGhLockPath(params.baseDir);
+  const content = serializeGhLock(params.lock);
+  await writeFileContent(path2, content);
+}
+function serializeGhLock(lock) {
+  return dump4(lock, { noRefs: true, lineWidth: -1, sortKeys: false });
+}
+function findGhLockInstallation(lock, params) {
+  const target = params.source.toLowerCase();
+  return lock.installations.find(
+    (i) => i.source.toLowerCase() === target && i.agent === params.agent && i.scope === params.scope && i.skill === params.skill
+  );
+}
+
+// src/lib/gh/gh-paths.ts
+import { join as join8 } from "path";
+var GH_AGENTS = [
+  "github-copilot",
+  "claude-code",
+  "cursor",
+  "codex",
+  "gemini",
+  "antigravity"
+];
+function relativeInstallDirFor(params) {
+  const { agent, scope } = params;
+  if (scope === "project") {
+    if (agent === "claude-code") {
+      return join8(".claude", "skills");
+    }
+    return join8(".agents", "skills");
+  }
+  switch (agent) {
+    case "github-copilot":
+      return join8(".copilot", "skills");
+    case "claude-code":
+      return join8(".claude", "skills");
+    case "cursor":
+      return join8(".cursor", "skills");
+    case "codex":
+      return join8(".codex", "skills");
+    case "gemini":
+      return join8(".gemini", "skills");
+    case "antigravity":
+      return join8(".gemini", "antigravity", "skills");
+  }
+}
+
+// src/lib/gh/gh-install.ts
+var SKILLS_REMOTE_DIR = "skills";
+var SKILL_FILE_NAME2 = "SKILL.md";
+async function installGh(params) {
+  const { baseDir, sources, options = {}, logger: logger5 } = params;
+  if (sources.length === 0) {
+    return { sourcesProcessed: 0, installedSkillCount: 0, failedSourceCount: 0 };
+  }
+  const resolvedSources = sources.map((entry) => {
+    const parsed = parseSource(entry.source);
+    if (parsed.provider !== "github") {
+      throw new Error(
+        `--mode gh only supports GitHub sources. "${entry.source}" resolves to provider "${parsed.provider}".`
+      );
+    }
+    if (entry.transport !== void 0 && entry.transport !== "github") {
+      throw new Error(
+        `--mode gh: field "transport" is not supported (got "${entry.transport}" for source "${entry.source}"). Drop the field or switch to --mode rulesync.`
+      );
+    }
+    if (entry.path !== void 0) {
+      throw new Error(
+        `--mode gh: field "path" is not supported for source "${entry.source}". The remote layout is fixed to "skills/<name>/SKILL.md".`
+      );
+    }
+    const agent = entry.agent ?? "github-copilot";
+    if (!GH_AGENTS.includes(agent)) {
+      throw new Error(
+        `--mode gh: unknown agent "${agent}" for source "${entry.source}". Valid agents: ${GH_AGENTS.join(", ")}.`
+      );
+    }
+    const scope = entry.scope ?? "project";
+    return {
+      entry,
+      owner: parsed.owner,
+      repo: parsed.repo,
+      ref: entry.ref ?? parsed.ref,
+      agent,
+      scope
+    };
+  });
+  const existingLock = await readGhLock(baseDir);
+  const frozen = options.frozen ?? false;
+  const update = options.update ?? false;
+  if (frozen && !existingLock) {
+    throw new Error(
+      "Frozen install failed: rulesync-gh.lock.yaml is missing. Run 'rulesync install --mode gh' to create it."
+    );
+  }
+  if (frozen && existingLock) {
+    const uncovered = [];
+    for (const rs of resolvedSources) {
+      const hasAny = existingLock.installations.some(
+        (i) => i.source.toLowerCase() === rs.entry.source.toLowerCase() && i.agent === rs.agent && i.scope === rs.scope
+      );
+      if (!hasAny) {
+        uncovered.push(`${rs.entry.source} (agent=${rs.agent}, scope=${rs.scope})`);
+      }
+    }
+    if (uncovered.length > 0) {
+      throw new Error(
+        `Frozen install failed: rulesync-gh.lock.yaml is missing entries for: ${uncovered.join(", ")}. Run 'rulesync install --mode gh' to update the lockfile.`
+      );
+    }
+    const drifted = [];
+    for (const rs of resolvedSources) {
+      if (!rs.ref) continue;
+      const matches = existingLock.installations.filter(
+        (i) => i.source.toLowerCase() === rs.entry.source.toLowerCase()
+      );
+      for (const m of matches) {
+        if (m.requested_ref !== void 0 && m.requested_ref !== rs.ref) {
+          drifted.push(`${rs.entry.source} (manifest=${rs.ref}, lock=${m.requested_ref})`);
+          break;
+        }
+      }
+    }
+    if (drifted.length > 0) {
+      throw new Error(
+        `Frozen install failed: manifest ref does not match rulesync-gh.lock.yaml for: ${drifted.join(", ")}. Run 'rulesync install --mode gh' to update the lockfile.`
+      );
+    }
+  }
+  const token = GitHubClient.resolveToken(options.token);
+  const client = new GitHubClient({ token });
+  const semaphore = new Semaphore3(FETCH_CONCURRENCY_LIMIT);
+  const newLock = createEmptyGhLock({ existingLock });
+  const runOne = async (rs) => {
+    const installations = await installSource({
+      rs,
+      client,
+      semaphore,
+      baseDir,
+      existingLock,
+      frozen,
+      update,
+      logger: logger5
+    });
+    return { status: "ok", installations };
+  };
+  const results = frozen ? await Promise.all(resolvedSources.map(runOne)) : await Promise.all(
+    resolvedSources.map(async (rs) => {
+      try {
+        return await runOne(rs);
+      } catch (error) {
+        logger5.error(`Failed to install gh source "${rs.entry.source}": ${formatError(error)}`);
+        if (error instanceof GitHubClientError) {
+          logGitHubAuthHints({ error, logger: logger5 });
+        }
+        const preserved = existingLock ? existingLock.installations.filter(
+          (i) => i.source.toLowerCase() === rs.entry.source.toLowerCase()
+        ) : [];
+        return { status: "failed", preserved };
+      }
+    })
+  );
+  if (frozen) {
+    for (const result of results) {
+      if (result.status !== "ok") continue;
+      for (const inst of result.installations) {
+        for (const d of inst.deployed) {
+          await writeFileContent(d.absolutePath, d.content);
+        }
+      }
+    }
+  }
+  let totalInstalled = 0;
+  let failedCount = 0;
+  for (const result of results) {
+    if (result.status === "ok") {
+      for (const inst of result.installations) {
+        newLock.installations.push(inst.installation);
+      }
+      totalInstalled += result.installations.length;
+    } else {
+      failedCount += 1;
+      for (const preserved of result.preserved) {
+        newLock.installations.push(preserved);
+      }
+    }
+  }
+  if (existingLock) {
+    const newDeployed = /* @__PURE__ */ new Set();
+    for (const inst of newLock.installations) {
+      for (const file of inst.deployed_files) {
+        newDeployed.add(`${inst.scope}::${file}`);
+      }
+    }
+    for (const prev of existingLock.installations) {
+      for (const deployed of prev.deployed_files) {
+        const key = `${prev.scope}::${deployed}`;
+        if (newDeployed.has(key)) continue;
+        await removeStaleFile({
+          relativePath: deployed,
+          scope: prev.scope === "user" ? "user" : "project",
+          baseDir,
+          logger: logger5
+        });
+      }
+    }
+  }
+  if (!frozen) {
+    newLock.generated_at = (/* @__PURE__ */ new Date()).toISOString();
+    await writeGhLock({ baseDir, lock: newLock });
+    if (failedCount === 0) {
+      logger5.debug("rulesync-gh.lock.yaml updated.");
+    } else {
+      logger5.warn(
+        `rulesync-gh.lock.yaml written with partially successful installs (${failedCount} source(s) failed).`
+      );
+    }
+  }
+  return {
+    sourcesProcessed: sources.length,
+    installedSkillCount: totalInstalled,
+    failedSourceCount: failedCount
+  };
+}
+async function installSource(params) {
+  const { rs, client, semaphore, baseDir, existingLock, frozen, update, logger: logger5 } = params;
+  const { entry, owner, repo, agent, scope } = rs;
+  const sourceKey = entry.source;
+  let resolvedRef;
+  let usedTag = false;
+  if (rs.ref) {
+    resolvedRef = rs.ref;
+  } else {
+    try {
+      const release = await client.getLatestRelease(owner, repo);
+      resolvedRef = release.tag_name;
+      usedTag = true;
+    } catch (error) {
+      if (is404(error)) {
+        resolvedRef = await client.getDefaultBranch(owner, repo);
+      } else {
+        throw error;
+      }
+    }
+  }
+  const resolvedSha = await client.resolveRefToSha(owner, repo, resolvedRef);
+  logger5.debug(`Resolved ${sourceKey} -> ref=${resolvedRef} sha=${resolvedSha}`);
+  let topLevel;
+  try {
+    topLevel = await client.listDirectory(owner, repo, SKILLS_REMOTE_DIR, resolvedSha);
+  } catch (error) {
+    if (is404(error)) {
+      logger5.warn(`No skills/ directory found in ${sourceKey}. Skipping.`);
+      return [];
+    }
+    throw error;
+  }
+  const skillDirs = topLevel.filter((e) => e.type === "dir").map((e) => ({ name: e.name, path: e.path }));
+  const validatedSkills = [];
+  for (const sk of skillDirs) {
+    const info = await withSemaphore(
+      semaphore,
+      () => client.getFileInfo(owner, repo, posix3.join(sk.path, SKILL_FILE_NAME2), resolvedSha)
+    );
+    if (info) {
+      validatedSkills.push(sk);
+    }
+  }
+  let selected = validatedSkills;
+  if (entry.skills && entry.skills.length > 0) {
+    const requested = new Set(entry.skills);
+    selected = validatedSkills.filter((s) => requested.has(s.name));
+    const presentNames = new Set(validatedSkills.map((s) => s.name));
+    for (const want of entry.skills) {
+      if (!presentNames.has(want)) {
+        logger5.warn(`Requested skill "${want}" not found in ${sourceKey} under skills/. Skipping.`);
+      }
+    }
+  }
+  if (frozen && existingLock) {
+    const missing = [];
+    for (const sk of selected) {
+      const locked = findGhLockInstallation(existingLock, {
+        source: sourceKey,
+        agent,
+        scope,
+        skill: sk.name
+      });
+      if (!locked) {
+        missing.push(sk.name);
+      }
+    }
+    if (missing.length > 0) {
+      throw new Error(
+        `Frozen install failed: rulesync-gh.lock.yaml is missing entries for ${sourceKey} (agent=${agent}, scope=${scope}) skills: ${missing.join(", ")}. Run 'rulesync install --mode gh' to update the lockfile.`
+      );
+    }
+  }
+  const results = [];
+  const installRelDir = relativeInstallDirFor({ agent, scope });
+  const scopeRoot = scope === "user" ? getHomeDirectory() : baseDir;
+  const sourceUrl = `https://github.com/${owner}/${repo}`;
+  const repository = `${owner}/${repo}`;
+  const provenanceRef = usedTag ? resolvedRef : resolvedSha;
+  for (const sk of selected) {
+    const locked = existingLock && !update ? findGhLockInstallation(existingLock, {
+      source: sourceKey,
+      agent,
+      scope,
+      skill: sk.name
+    }) : void 0;
+    const allFiles = await listDirectoryRecursive({
+      client,
+      owner,
+      repo,
+      path: sk.path,
+      ref: resolvedSha,
+      semaphore
+    });
+    const deployed = [];
+    for (const file of allFiles) {
+      if (file.size > MAX_FILE_SIZE) {
+        logger5.warn(
+          `Skipping "${file.path}" from ${sourceKey}: ${(file.size / 1024 / 1024).toFixed(2)}MB exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit.`
+        );
+        continue;
+      }
+      const relativeToSkill = posix3.relative(sk.path, toPosixPath(file.path));
+      if (!relativeToSkill || relativeToSkill.startsWith("..") || posix3.isAbsolute(relativeToSkill)) {
+        logger5.warn(`Skipping "${file.path}" from ${sourceKey}: resolved outside of "${sk.path}".`);
+        continue;
+      }
+      const deployRelative = toPosixPath(join9(installRelDir, sk.name, relativeToSkill));
+      checkPathTraversal({ relativePath: deployRelative, intendedRootDir: scopeRoot });
+      const installAbs = join9(scopeRoot, installRelDir);
+      const withinInstallDir = toPosixPath(join9(sk.name, relativeToSkill));
+      checkPathTraversal({ relativePath: withinInstallDir, intendedRootDir: installAbs });
+      let content = await withSemaphore(
+        semaphore,
+        () => client.getFileContent(owner, repo, file.path, resolvedSha)
+      );
+      const byteLength = Buffer.byteLength(content, "utf8");
+      if (byteLength > MAX_FILE_SIZE) {
+        logger5.warn(
+          `Skipping "${file.path}" from ${sourceKey}: fetched ${(byteLength / 1024 / 1024).toFixed(2)}MB exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit.`
+        );
+        continue;
+      }
+      if (basename(file.path) === SKILL_FILE_NAME2) {
+        try {
+          content = injectSourceMetadata({
+            content,
+            source: sourceUrl,
+            repository,
+            ref: provenanceRef
+          });
+        } catch {
+          logger5.warn(
+            `Frontmatter in ${file.path} (${sourceKey}) is invalid. Prepending a fresh provenance block.`
+          );
+          content = `---
+source: ${sourceUrl}
+repository: ${repository}
+ref: ${provenanceRef}
+---
+${content}`;
+        }
+      }
+      const absolutePath = join9(scopeRoot, deployRelative);
+      deployed.push({ relativeToScopeRoot: deployRelative, absolutePath, content });
+      if (!frozen) {
+        await writeFileContent(absolutePath, content);
+      }
+    }
+    deployed.sort(
+      (a, b) => a.relativeToScopeRoot < b.relativeToScopeRoot ? -1 : a.relativeToScopeRoot > b.relativeToScopeRoot ? 1 : 0
+    );
+    const deployedFiles = deployed.map((d) => d.relativeToScopeRoot);
+    const contentHash = computeContentHash2(deployed);
+    if (frozen && locked?.content_hash) {
+      if (RULESYNC_CONTENT_HASH_REGEX2.test(locked.content_hash)) {
+        if (locked.content_hash !== contentHash) {
+          throw new Error(
+            `content_hash mismatch for ${sourceKey} skill "${sk.name}" (agent=${agent}, scope=${scope}): lock=${locked.content_hash} computed=${contentHash}. Refuse to trust the deployment under --frozen.`
+          );
+        }
+      } else {
+        logger5.debug(
+          `Skipping content_hash integrity check for ${sourceKey} skill "${sk.name}": recorded hash "${locked.content_hash}" was not written by rulesync.`
+        );
+      }
+    }
+    const installation = {
+      source: sourceKey,
+      owner,
+      repo,
+      agent,
+      scope,
+      skill: sk.name,
+      resolved_ref: resolvedRef,
+      resolved_commit: resolvedSha,
+      install_dir: toPosixPath(installRelDir),
+      deployed_files: deployedFiles,
+      content_hash: contentHash
+    };
+    if (rs.ref !== void 0) {
+      installation.requested_ref = rs.ref;
+    }
+    results.push({ installation, deployed });
+    logger5.info(
+      `Installed gh skill "${sk.name}" from ${sourceKey} (agent=${agent}, scope=${scope}, ref=${resolvedRef})`
+    );
+  }
+  return results;
+}
+async function removeStaleFile(params) {
+  const { relativePath, scope, baseDir, logger: logger5 } = params;
+  if (posix3.isAbsolute(relativePath) || relativePath.split(/[/\\]/).includes("..")) {
+    logger5.warn(`Refusing to remove stale gh file with suspicious path: "${relativePath}".`);
+    return;
+  }
+  const scopeRoot = scope === "user" ? getHomeDirectory() : baseDir;
+  try {
+    checkPathTraversal({ relativePath, intendedRootDir: scopeRoot });
+  } catch {
+    logger5.warn(`Refusing to remove stale gh file outside ${scope} root: "${relativePath}".`);
+    return;
+  }
+  const absolute = join9(scopeRoot, relativePath);
+  await removeFile(absolute);
+  logger5.debug(`Removed stale gh file: ${relativePath}`);
+}
+function is404(error) {
+  if (error instanceof GitHubClientError && error.statusCode === 404) {
+    return true;
+  }
+  if (typeof error === "object" && error !== null && "statusCode" in error && error.statusCode === 404) {
+    return true;
+  }
+  return false;
+}
+function computeContentHash2(files) {
+  const hash = createHash2("sha256");
+  for (const { relativeToScopeRoot, content } of files) {
+    hash.update(relativeToScopeRoot);
+    hash.update("\0");
+    hash.update(content);
+    hash.update("\0");
+  }
+  return `sha256:${hash.digest("hex")}`;
+}
+
+// src/lib/sources.ts
+import { join as join12, resolve, sep } from "path";
+import { Semaphore as Semaphore4 } from "es-toolkit/promise";
+
 // src/lib/git-client.ts
 import { execFile } from "child_process";
-import { isAbsolute, join as join4, relative } from "path";
+import { isAbsolute, join as join10, relative } from "path";
 import { promisify } from "util";
 var execFileAsync = promisify(execFile);
 var GIT_TIMEOUT_MS = 6e4;
@@ -2076,7 +3237,7 @@ async function fetchSkillFiles(params) {
       timeout: GIT_TIMEOUT_MS
     });
     await execFileAsync("git", ["-C", tmpDir, "checkout"], { timeout: GIT_TIMEOUT_MS });
-    const skillsDir = join4(tmpDir, skillsPath);
+    const skillsDir = join10(tmpDir, skillsPath);
     if (!await directoryExists(skillsDir)) return [];
     return await walkDirectory(skillsDir, skillsDir, 0, { totalFiles: 0, totalSize: 0 }, logger5);
   } catch (error) {
@@ -2098,7 +3259,7 @@ async function walkDirectory(dir, baseDir, depth = 0, ctx = { totalFiles: 0, tot
   const results = [];
   for (const name of await listDirectoryFiles(dir)) {
     if (name === ".git") continue;
-    const fullPath = join4(dir, name);
+    const fullPath = join10(dir, name);
     if (await isSymlink(fullPath)) {
       logger5?.warn(`Skipping symlink "${fullPath}".`);
       continue;
@@ -2133,29 +3294,29 @@ async function walkDirectory(dir, baseDir, depth = 0, ctx = { totalFiles: 0, tot
 }
 
 // src/lib/sources-lock.ts
-import { createHash } from "crypto";
-import { join as join5 } from "path";
-import { optional, refine, z as z4 } from "zod/mini";
+import { createHash as createHash3 } from "crypto";
+import { join as join11 } from "path";
+import { optional as optional4, refine as refine3, z as z7 } from "zod/mini";
 var LOCKFILE_VERSION = 1;
-var LockedSkillSchema = z4.object({
-  integrity: z4.string()
+var LockedSkillSchema = z7.object({
+  integrity: z7.string()
 });
-var LockedSourceSchema = z4.object({
-  requestedRef: optional(z4.string()),
-  resolvedRef: z4.string().check(refine((v) => /^[0-9a-f]{40}$/.test(v), "resolvedRef must be a 40-character hex SHA")),
-  resolvedAt: optional(z4.string()),
-  skills: z4.record(z4.string(), LockedSkillSchema)
+var LockedSourceSchema = z7.object({
+  requestedRef: optional4(z7.string()),
+  resolvedRef: z7.string().check(refine3((v) => /^[0-9a-f]{40}$/.test(v), "resolvedRef must be a 40-character hex SHA")),
+  resolvedAt: optional4(z7.string()),
+  skills: z7.record(z7.string(), LockedSkillSchema)
 });
-var SourcesLockSchema = z4.object({
-  lockfileVersion: z4.number(),
-  sources: z4.record(z4.string(), LockedSourceSchema)
+var SourcesLockSchema = z7.object({
+  lockfileVersion: z7.number(),
+  sources: z7.record(z7.string(), LockedSourceSchema)
 });
-var LegacyLockedSourceSchema = z4.object({
-  resolvedRef: z4.string(),
-  skills: z4.array(z4.string())
+var LegacyLockedSourceSchema = z7.object({
+  resolvedRef: z7.string(),
+  skills: z7.array(z7.string())
 });
-var LegacySourcesLockSchema = z4.object({
-  sources: z4.record(z4.string(), LegacyLockedSourceSchema)
+var LegacySourcesLockSchema = z7.object({
+  sources: z7.record(z7.string(), LegacyLockedSourceSchema)
 });
 function migrateLegacyLock(params) {
   const { legacy, logger: logger5 } = params;
@@ -2180,7 +3341,7 @@ function createEmptyLock() {
 }
 async function readLockFile(params) {
   const { logger: logger5 } = params;
-  const lockPath = join5(params.baseDir, RULESYNC_SOURCES_LOCK_RELATIVE_FILE_PATH);
+  const lockPath = join11(params.baseDir, RULESYNC_SOURCES_LOCK_RELATIVE_FILE_PATH);
   if (!await fileExists(lockPath)) {
     logger5.debug("No sources lockfile found, starting fresh.");
     return createEmptyLock();
@@ -2209,13 +3370,13 @@ async function readLockFile(params) {
 }
 async function writeLockFile(params) {
   const { logger: logger5 } = params;
-  const lockPath = join5(params.baseDir, RULESYNC_SOURCES_LOCK_RELATIVE_FILE_PATH);
+  const lockPath = join11(params.baseDir, RULESYNC_SOURCES_LOCK_RELATIVE_FILE_PATH);
   const content = JSON.stringify(params.lock, null, 2) + "\n";
   await writeFileContent(lockPath, content);
   logger5.debug(`Wrote sources lockfile to ${lockPath}`);
 }
 function computeSkillIntegrity(files) {
-  const hash = createHash("sha256");
+  const hash = createHash3("sha256");
   const sorted = files.toSorted((a, b) => a.path.localeCompare(b.path));
   for (const file of sorted) {
     hash.update(file.path);
@@ -2383,7 +3544,7 @@ function logGitClientHints(params) {
 async function checkLockedSkillsExist(curatedDir, skillNames) {
   if (skillNames.length === 0) return true;
   for (const name of skillNames) {
-    if (!await directoryExists(join6(curatedDir, name))) {
+    if (!await directoryExists(join12(curatedDir, name))) {
       return false;
     }
   }
@@ -2393,7 +3554,7 @@ async function cleanPreviousCuratedSkills(params) {
   const { curatedDir, lockedSkillNames, logger: logger5 } = params;
   const resolvedCuratedDir = resolve(curatedDir);
   for (const prevSkill of lockedSkillNames) {
-    const prevDir = join6(curatedDir, prevSkill);
+    const prevDir = join12(curatedDir, prevSkill);
     if (!resolve(prevDir).startsWith(resolvedCuratedDir + sep)) {
       logger5.warn(
         `Skipping removal of "${prevSkill}": resolved path is outside the curated directory.`
@@ -2433,9 +3594,9 @@ async function writeSkillAndComputeIntegrity(params) {
   for (const file of files) {
     checkPathTraversal({
       relativePath: file.relativePath,
-      intendedRootDir: join6(curatedDir, skillName)
+      intendedRootDir: join12(curatedDir, skillName)
     });
-    await writeFileContent(join6(curatedDir, skillName, file.relativePath), file.content);
+    await writeFileContent(join12(curatedDir, skillName, file.relativePath), file.content);
     written.push({ path: file.relativePath, content: file.content });
   }
   const integrity = computeSkillIntegrity(written);
@@ -2479,6 +3640,40 @@ function buildLockUpdate(params) {
   );
   return { updatedLock, fetchedNames };
 }
+function getFirstPathSeparatorIndex(path2) {
+  const slashIndex = path2.indexOf("/");
+  const backslashIndex = path2.indexOf("\\");
+  if (slashIndex === -1) return backslashIndex;
+  if (backslashIndex === -1) return slashIndex;
+  return Math.min(slashIndex, backslashIndex);
+}
+function groupRemoteFilesBySkillRoot(params) {
+  const { remoteFiles, skillFilter, isWildcard } = params;
+  const grouped = /* @__PURE__ */ new Map();
+  const rootLevelFiles = [];
+  for (const file of remoteFiles) {
+    const separatorIndex = getFirstPathSeparatorIndex(file.relativePath);
+    if (separatorIndex === -1) {
+      rootLevelFiles.push(file);
+      continue;
+    }
+    const skillName = file.relativePath.substring(0, separatorIndex);
+    if (skillName.length === 0) {
+      continue;
+    }
+    const innerPath = file.relativePath.substring(separatorIndex + 1);
+    const groupedFiles = grouped.get(skillName) ?? [];
+    groupedFiles.push({ relativePath: innerPath, content: file.content });
+    grouped.set(skillName, groupedFiles);
+  }
+  if (grouped.size === 0 && !isWildcard && skillFilter.length === 1) {
+    const [singleSkillName] = skillFilter;
+    if (singleSkillName !== void 0 && rootLevelFiles.length > 0) {
+      grouped.set(singleSkillName, rootLevelFiles);
+    }
+  }
+  return grouped;
+}
 async function fetchSource(params) {
   const {
     sourceEntry,
@@ -2512,7 +3707,7 @@ async function fetchSource(params) {
     ref = resolvedSha;
     logger5.debug(`Resolved ${sourceKey} ref "${requestedRef}" to SHA: ${resolvedSha}`);
   }
-  const curatedDir = join6(baseDir, RULESYNC_CURATED_SKILLS_RELATIVE_DIR_PATH);
+  const curatedDir = join12(baseDir, RULESYNC_CURATED_SKILLS_RELATIVE_DIR_PATH);
   if (locked && resolvedSha === locked.resolvedRef && !updateSources) {
     const allExist = await checkLockedSkillsExist(curatedDir, lockedSkillNames);
     if (allExist) {
@@ -2526,11 +3721,60 @@ async function fetchSource(params) {
   }
   const skillFilter = sourceEntry.skills ?? ["*"];
   const isWildcard = skillFilter.length === 1 && skillFilter[0] === "*";
+  const semaphore = new Semaphore4(FETCH_CONCURRENCY_LIMIT);
+  const fetchedSkills = {};
   const skillsBasePath = parsed.path ?? "skills";
   let remoteSkillDirs;
+  let remoteSkillNames = [];
+  let fallbackHandled = false;
   try {
     const entries = await client.listDirectory(parsed.owner, parsed.repo, skillsBasePath, ref);
     remoteSkillDirs = entries.filter((e) => e.type === "dir").map((e) => ({ name: e.name, path: e.path }));
+    if (remoteSkillDirs.length === 0 && !isWildcard && skillFilter.length === 1) {
+      const rootFiles = entries.filter((entry) => entry.type === "file");
+      const rootSkillFiles = [];
+      for (const file of rootFiles) {
+        if (file.size > MAX_FILE_SIZE) {
+          logger5.warn(
+            `Skipping file "${file.path}" (${(file.size / 1024 / 1024).toFixed(2)}MB exceeds ${MAX_FILE_SIZE / 1024 / 1024}MB limit).`
+          );
+          continue;
+        }
+        const content = await withSemaphore(
+          semaphore,
+          () => client.getFileContent(parsed.owner, parsed.repo, file.path, ref)
+        );
+        rootSkillFiles.push({ relativePath: file.name, content });
+      }
+      const groupedRootFiles = groupRemoteFilesBySkillRoot({
+        remoteFiles: rootSkillFiles,
+        skillFilter,
+        isWildcard
+      });
+      const [fallbackSkillName] = groupedRootFiles.keys();
+      if (fallbackSkillName !== void 0) {
+        fallbackHandled = true;
+        remoteSkillNames = [fallbackSkillName];
+        if (!shouldSkipSkill({
+          skillName: fallbackSkillName,
+          sourceKey,
+          localSkillNames,
+          alreadyFetchedSkillNames,
+          logger: logger5
+        })) {
+          fetchedSkills[fallbackSkillName] = await writeSkillAndComputeIntegrity({
+            skillName: fallbackSkillName,
+            files: groupedRootFiles.get(fallbackSkillName) ?? [],
+            curatedDir,
+            locked,
+            resolvedSha,
+            sourceKey,
+            logger: logger5
+          });
+          logger5.debug(`Fetched skill "${fallbackSkillName}" from ${sourceKey}`);
+        }
+      }
+    }
   } catch (error) {
     if (error instanceof GitHubClientError && error.statusCode === 404) {
       logger5.warn(`No skills/ directory found in ${sourceKey}. Skipping.`);
@@ -2539,8 +3783,9 @@ async function fetchSource(params) {
     throw error;
   }
   const filteredDirs = isWildcard ? remoteSkillDirs : remoteSkillDirs.filter((d) => skillFilter.includes(d.name));
-  const semaphore = new Semaphore2(FETCH_CONCURRENCY_LIMIT);
-  const fetchedSkills = {};
+  if (!fallbackHandled) {
+    remoteSkillNames = filteredDirs.map((d) => d.name);
+  }
   if (locked) {
     await cleanPreviousCuratedSkills({ curatedDir, lockedSkillNames, logger: logger5 });
   }
@@ -2598,7 +3843,7 @@ async function fetchSource(params) {
     locked,
     requestedRef,
     resolvedSha,
-    remoteSkillNames: filteredDirs.map((d) => d.name),
+    remoteSkillNames,
     logger: logger5
   });
   return {
@@ -2637,7 +3882,7 @@ async function fetchSourceViaGit(params) {
     requestedRef = def.ref;
     resolvedSha = def.sha;
   }
-  const curatedDir = join6(baseDir, RULESYNC_CURATED_SKILLS_RELATIVE_DIR_PATH);
+  const curatedDir = join12(baseDir, RULESYNC_CURATED_SKILLS_RELATIVE_DIR_PATH);
   if (locked && resolvedSha === locked.resolvedRef && !updateSources) {
     if (await checkLockedSkillsExist(curatedDir, lockedSkillNames)) {
       return { skillCount: 0, fetchedSkillNames: lockedSkillNames, updatedLock: lock };
@@ -2660,28 +3905,7 @@ async function fetchSourceViaGit(params) {
     ref: requestedRef,
     skillsPath: sourceEntry.path ?? "skills"
   });
-  const skillFileMap = /* @__PURE__ */ new Map();
-  for (const file of remoteFiles) {
-    const idx = file.relativePath.indexOf("/");
-    if (idx === -1) continue;
-    const name = file.relativePath.substring(0, idx);
-    const inner = file.relativePath.substring(idx + 1);
-    const arr = skillFileMap.get(name) ?? [];
-    arr.push({ relativePath: inner, content: file.content });
-    skillFileMap.set(name, arr);
-  }
-  if (skillFileMap.size === 0 && !isWildcard && skillFilter.length === 1) {
-    const [singleSkillName] = skillFilter;
-    if (singleSkillName !== void 0) {
-      const rootFiles = remoteFiles.filter((f) => f.relativePath.indexOf("/") === -1);
-      if (rootFiles.length > 0) {
-        skillFileMap.set(
-          singleSkillName,
-          rootFiles.map((f) => ({ relativePath: f.relativePath, content: f.content }))
-        );
-      }
-    }
-  }
+  const skillFileMap = groupRemoteFilesBySkillRoot({ remoteFiles, skillFilter, isWildcard });
   const allNames = [...skillFileMap.keys()];
   const filteredNames = isWildcard ? allNames : allNames.filter((n) => skillFilter.includes(n));
   if (locked) {
@@ -2726,21 +3950,47 @@ async function fetchSourceViaGit(params) {
 }
 
 // src/cli/commands/install.ts
+var INSTALL_MODES = ["rulesync", "apm", "gh"];
 async function installCommand(logger5, options) {
+  const mode = options.mode ?? "rulesync";
+  if (mode === "gh") {
+    await runGhInstall(logger5, options);
+    return;
+  }
+  if (mode === "apm") {
+    await runApmInstall(logger5, options);
+    return;
+  }
+  await runRulesyncInstall(logger5, options);
+}
+async function runRulesyncInstall(logger5, options) {
+  const baseDir = process.cwd();
+  const apmExists = await apmManifestExists(baseDir);
   const config = await ConfigResolver.resolve({
     configPath: options.configPath,
     verbose: options.verbose,
     silent: options.silent
   });
   const sources = config.getSources();
+  if (apmExists && sources.length > 0) {
+    throw new Error(
+      "Both apm.yml and rulesync.jsonc `sources` are defined. Pass --mode apm or --mode rulesync to disambiguate."
+    );
+  }
   if (sources.length === 0) {
+    if (apmExists) {
+      logger5.warn(
+        "No sources defined in rulesync.jsonc, but apm.yml is present. Did you mean --mode apm?"
+      );
+      return;
+    }
     logger5.warn("No sources defined in configuration. Nothing to install.");
     return;
   }
   logger5.debug(`Installing skills from ${sources.length} source(s)...`);
   const result = await resolveAndFetchSources({
     sources,
-    baseDir: process.cwd(),
+    baseDir,
     options: {
       updateSources: options.update,
       frozen: options.frozen,
@@ -2760,21 +4010,95 @@ async function installCommand(logger5, options) {
     logger5.success(`All skills up to date (${result.sourcesProcessed} source(s) checked).`);
   }
 }
+async function runApmInstall(logger5, options) {
+  const baseDir = process.cwd();
+  if (!await apmManifestExists(baseDir)) {
+    throw new Error(
+      "--mode apm requires an apm.yml at the project root. Create one or drop --mode apm to fall back to rulesync mode."
+    );
+  }
+  const result = await installApm({
+    baseDir,
+    options: {
+      update: options.update,
+      frozen: options.frozen,
+      token: options.token
+    },
+    logger: logger5
+  });
+  if (logger5.jsonMode) {
+    logger5.captureData("dependenciesProcessed", result.dependenciesProcessed);
+    logger5.captureData("deployedFileCount", result.deployedFileCount);
+    logger5.captureData("failedDependencyCount", result.failedDependencyCount);
+  }
+  if (result.failedDependencyCount > 0) {
+    throw new Error(
+      `Failed to install ${result.failedDependencyCount} of ${result.dependenciesProcessed} apm dependency(ies). See the log above for details.`
+    );
+  }
+  if (result.deployedFileCount > 0) {
+    logger5.success(
+      `Installed ${result.deployedFileCount} file(s) from ${result.dependenciesProcessed} apm dependency(ies).`
+    );
+  } else {
+    logger5.success(`All apm dependencies up to date (${result.dependenciesProcessed} checked).`);
+  }
+}
+async function runGhInstall(logger5, options) {
+  const baseDir = process.cwd();
+  const config = await ConfigResolver.resolve({
+    configPath: options.configPath,
+    verbose: options.verbose,
+    silent: options.silent
+  });
+  const sources = config.getSources();
+  if (sources.length === 0) {
+    logger5.warn("No sources defined in configuration. Nothing to install.");
+    return;
+  }
+  const result = await installGh({
+    baseDir,
+    sources,
+    options: {
+      update: options.update,
+      frozen: options.frozen,
+      token: options.token
+    },
+    logger: logger5
+  });
+  if (logger5.jsonMode) {
+    logger5.captureData("sourcesProcessed", result.sourcesProcessed);
+    logger5.captureData("installedSkillCount", result.installedSkillCount);
+    logger5.captureData("failedSourceCount", result.failedSourceCount);
+  }
+  if (result.failedSourceCount > 0) {
+    throw new Error(
+      `Failed to install ${result.failedSourceCount} of ${result.sourcesProcessed} gh source(s). See the log above for details.`
+    );
+  }
+  if (result.installedSkillCount > 0) {
+    logger5.success(
+      `Installed ${result.installedSkillCount} skill(s) from ${result.sourcesProcessed} gh source(s).`
+    );
+  } else {
+    logger5.success(`All gh sources up to date (${result.sourcesProcessed} checked).`);
+  }
+}
 
 // src/cli/commands/mcp.ts
 import { FastMCP } from "fastmcp";
 
 // src/mcp/tools.ts
-import { z as z13 } from "zod/mini";
+import { z as z18 } from "zod/mini";
 
 // src/mcp/commands.ts
-import { basename, join as join7 } from "path";
-import { z as z5 } from "zod/mini";
+import { basename as basename2, join as join13 } from "path";
+import { z as z8 } from "zod/mini";
 var logger = new ConsoleLogger({ verbose: false, silent: true });
 var maxCommandSizeBytes = 1024 * 1024;
 var maxCommandsCount = 1e3;
 async function listCommands() {
-  const commandsDir = join7(process.cwd(), RULESYNC_COMMANDS_RELATIVE_DIR_PATH);
+  const commandsDir = join13(process.cwd(), RULESYNC_COMMANDS_RELATIVE_DIR_PATH);
   try {
     const files = await listDirectoryFiles(commandsDir);
     const mdFiles = files.filter((file) => file.endsWith(".md"));
@@ -2790,7 +4114,7 @@ async function listCommands() {
           });
           const frontmatter = command.getFrontmatter();
           return {
-            relativePathFromCwd: join7(RULESYNC_COMMANDS_RELATIVE_DIR_PATH, file),
+            relativePathFromCwd: join13(RULESYNC_COMMANDS_RELATIVE_DIR_PATH, file),
             frontmatter
           };
         } catch (error) {
@@ -2812,13 +4136,13 @@ async function getCommand({ relativePathFromCwd }) {
     relativePath: relativePathFromCwd,
     intendedRootDir: process.cwd()
   });
-  const filename = basename(relativePathFromCwd);
+  const filename = basename2(relativePathFromCwd);
   try {
     const command = await RulesyncCommand.fromFile({
       relativeFilePath: filename
     });
     return {
-      relativePathFromCwd: join7(RULESYNC_COMMANDS_RELATIVE_DIR_PATH, filename),
+      relativePathFromCwd: join13(RULESYNC_COMMANDS_RELATIVE_DIR_PATH, filename),
       frontmatter: command.getFrontmatter(),
       body: command.getBody()
     };
@@ -2837,7 +4161,7 @@ async function putCommand({
     relativePath: relativePathFromCwd,
     intendedRootDir: process.cwd()
   });
-  const filename = basename(relativePathFromCwd);
+  const filename = basename2(relativePathFromCwd);
   const estimatedSize = JSON.stringify(frontmatter).length + body.length;
   if (estimatedSize > maxCommandSizeBytes) {
     throw new Error(
@@ -2847,7 +4171,7 @@ async function putCommand({
   try {
     const existingCommands = await listCommands();
     const isUpdate = existingCommands.some(
-      (command2) => command2.relativePathFromCwd === join7(RULESYNC_COMMANDS_RELATIVE_DIR_PATH, filename)
+      (command2) => command2.relativePathFromCwd === join13(RULESYNC_COMMANDS_RELATIVE_DIR_PATH, filename)
     );
     if (!isUpdate && existingCommands.length >= maxCommandsCount) {
       throw new Error(
@@ -2864,11 +4188,11 @@ async function putCommand({
       fileContent,
       validate: true
     });
-    const commandsDir = join7(process.cwd(), RULESYNC_COMMANDS_RELATIVE_DIR_PATH);
+    const commandsDir = join13(process.cwd(), RULESYNC_COMMANDS_RELATIVE_DIR_PATH);
     await ensureDir(commandsDir);
     await writeFileContent(command.getFilePath(), command.getFileContent());
     return {
-      relativePathFromCwd: join7(RULESYNC_COMMANDS_RELATIVE_DIR_PATH, filename),
+      relativePathFromCwd: join13(RULESYNC_COMMANDS_RELATIVE_DIR_PATH, filename),
       frontmatter: command.getFrontmatter(),
       body: command.getBody()
     };
@@ -2883,12 +4207,12 @@ async function deleteCommand({ relativePathFromCwd }) {
     relativePath: relativePathFromCwd,
     intendedRootDir: process.cwd()
   });
-  const filename = basename(relativePathFromCwd);
-  const fullPath = join7(process.cwd(), RULESYNC_COMMANDS_RELATIVE_DIR_PATH, filename);
+  const filename = basename2(relativePathFromCwd);
+  const fullPath = join13(process.cwd(), RULESYNC_COMMANDS_RELATIVE_DIR_PATH, filename);
   try {
     await removeFile(fullPath);
     return {
-      relativePathFromCwd: join7(RULESYNC_COMMANDS_RELATIVE_DIR_PATH, filename)
+      relativePathFromCwd: join13(RULESYNC_COMMANDS_RELATIVE_DIR_PATH, filename)
     };
   } catch (error) {
     throw new Error(`Failed to delete command file ${relativePathFromCwd}: ${formatError(error)}`, {
@@ -2897,23 +4221,23 @@ async function deleteCommand({ relativePathFromCwd }) {
   }
 }
 var commandToolSchemas = {
-  listCommands: z5.object({}),
-  getCommand: z5.object({
-    relativePathFromCwd: z5.string()
+  listCommands: z8.object({}),
+  getCommand: z8.object({
+    relativePathFromCwd: z8.string()
   }),
-  putCommand: z5.object({
-    relativePathFromCwd: z5.string(),
+  putCommand: z8.object({
+    relativePathFromCwd: z8.string(),
     frontmatter: RulesyncCommandFrontmatterSchema,
-    body: z5.string()
+    body: z8.string()
   }),
-  deleteCommand: z5.object({
-    relativePathFromCwd: z5.string()
+  deleteCommand: z8.object({
+    relativePathFromCwd: z8.string()
   })
 };
 var commandTools = {
   listCommands: {
     name: "listCommands",
-    description: `List all commands from ${join7(RULESYNC_COMMANDS_RELATIVE_DIR_PATH, "*.md")} with their frontmatter.`,
+    description: `List all commands from ${join13(RULESYNC_COMMANDS_RELATIVE_DIR_PATH, "*.md")} with their frontmatter.`,
     parameters: commandToolSchemas.listCommands,
     execute: async () => {
       const commands = await listCommands();
@@ -2955,15 +4279,15 @@ var commandTools = {
 };
 
 // src/mcp/generate.ts
-import { z as z6 } from "zod/mini";
-var generateOptionsSchema = z6.object({
-  targets: z6.optional(z6.array(z6.string())),
-  features: z6.optional(z6.array(z6.string())),
-  delete: z6.optional(z6.boolean()),
-  global: z6.optional(z6.boolean()),
-  simulateCommands: z6.optional(z6.boolean()),
-  simulateSubagents: z6.optional(z6.boolean()),
-  simulateSkills: z6.optional(z6.boolean())
+import { z as z9 } from "zod/mini";
+var generateOptionsSchema = z9.object({
+  targets: z9.optional(z9.array(z9.string())),
+  features: z9.optional(z9.array(z9.string())),
+  delete: z9.optional(z9.boolean()),
+  global: z9.optional(z9.boolean()),
+  simulateCommands: z9.optional(z9.boolean()),
+  simulateSubagents: z9.optional(z9.boolean()),
+  simulateSkills: z9.optional(z9.boolean())
 });
 async function executeGenerate(options = {}) {
   try {
@@ -3041,12 +4365,139 @@ var generateTools = {
   }
 };
 
+// src/mcp/hooks.ts
+import { join as join14 } from "path";
+import { z as z10 } from "zod/mini";
+var maxHooksSizeBytes = 1024 * 1024;
+async function getHooksFile() {
+  try {
+    const rulesyncHooks = await RulesyncHooks.fromFile({
+      validate: true
+    });
+    const relativePathFromCwd = join14(
+      rulesyncHooks.getRelativeDirPath(),
+      rulesyncHooks.getRelativeFilePath()
+    );
+    return {
+      relativePathFromCwd,
+      content: rulesyncHooks.getFileContent()
+    };
+  } catch (error) {
+    throw new Error(
+      `Failed to read hooks file (${RULESYNC_HOOKS_RELATIVE_FILE_PATH}): ${formatError(error)}`,
+      {
+        cause: error
+      }
+    );
+  }
+}
+async function putHooksFile({ content }) {
+  if (content.length > maxHooksSizeBytes) {
+    throw new Error(
+      `Hooks file size ${content.length} bytes exceeds maximum ${maxHooksSizeBytes} bytes (1MB) for ${RULESYNC_HOOKS_RELATIVE_FILE_PATH}`
+    );
+  }
+  try {
+    JSON.parse(content);
+  } catch (error) {
+    throw new Error(
+      `Invalid JSON format in hooks file (${RULESYNC_HOOKS_RELATIVE_FILE_PATH}): ${formatError(error)}`,
+      {
+        cause: error
+      }
+    );
+  }
+  try {
+    const baseDir = process.cwd();
+    const paths = RulesyncHooks.getSettablePaths();
+    const relativeDirPath = paths.relativeDirPath;
+    const relativeFilePath = paths.relativeFilePath;
+    const fullPath = join14(baseDir, relativeDirPath, relativeFilePath);
+    const rulesyncHooks = new RulesyncHooks({
+      baseDir,
+      relativeDirPath,
+      relativeFilePath,
+      fileContent: content,
+      validate: true
+    });
+    await ensureDir(join14(baseDir, relativeDirPath));
+    await writeFileContent(fullPath, content);
+    const relativePathFromCwd = join14(relativeDirPath, relativeFilePath);
+    return {
+      relativePathFromCwd,
+      content: rulesyncHooks.getFileContent()
+    };
+  } catch (error) {
+    throw new Error(
+      `Failed to write hooks file (${RULESYNC_HOOKS_RELATIVE_FILE_PATH}): ${formatError(error)}`,
+      {
+        cause: error
+      }
+    );
+  }
+}
+async function deleteHooksFile() {
+  try {
+    const baseDir = process.cwd();
+    const paths = RulesyncHooks.getSettablePaths();
+    const filePath = join14(baseDir, paths.relativeDirPath, paths.relativeFilePath);
+    await removeFile(filePath);
+    const relativePathFromCwd = join14(paths.relativeDirPath, paths.relativeFilePath);
+    return {
+      relativePathFromCwd
+    };
+  } catch (error) {
+    throw new Error(
+      `Failed to delete hooks file (${RULESYNC_HOOKS_RELATIVE_FILE_PATH}): ${formatError(error)}`,
+      {
+        cause: error
+      }
+    );
+  }
+}
+var hooksToolSchemas = {
+  getHooksFile: z10.object({}),
+  putHooksFile: z10.object({
+    content: z10.string()
+  }),
+  deleteHooksFile: z10.object({})
+};
+var hooksTools = {
+  getHooksFile: {
+    name: "getHooksFile",
+    description: `Get the hooks configuration file (${RULESYNC_HOOKS_RELATIVE_FILE_PATH}).`,
+    parameters: hooksToolSchemas.getHooksFile,
+    execute: async () => {
+      const result = await getHooksFile();
+      return JSON.stringify(result, null, 2);
+    }
+  },
+  putHooksFile: {
+    name: "putHooksFile",
+    description: "Create or update the hooks configuration file (upsert operation). content parameter is required and must be valid JSON.",
+    parameters: hooksToolSchemas.putHooksFile,
+    execute: async (args) => {
+      const result = await putHooksFile({ content: args.content });
+      return JSON.stringify(result, null, 2);
+    }
+  },
+  deleteHooksFile: {
+    name: "deleteHooksFile",
+    description: "Delete the hooks configuration file.",
+    parameters: hooksToolSchemas.deleteHooksFile,
+    execute: async () => {
+      const result = await deleteHooksFile();
+      return JSON.stringify(result, null, 2);
+    }
+  }
+};
+
 // src/mcp/ignore.ts
-import { join as join8 } from "path";
-import { z as z7 } from "zod/mini";
+import { join as join15 } from "path";
+import { z as z11 } from "zod/mini";
 var maxIgnoreFileSizeBytes = 100 * 1024;
 async function getIgnoreFile() {
-  const ignoreFilePath = join8(process.cwd(), RULESYNC_AIIGNORE_RELATIVE_FILE_PATH);
+  const ignoreFilePath = join15(process.cwd(), RULESYNC_AIIGNORE_RELATIVE_FILE_PATH);
   try {
     const content = await readFileContent(ignoreFilePath);
     return {
@@ -3063,7 +4514,7 @@ async function getIgnoreFile() {
   }
 }
 async function putIgnoreFile({ content }) {
-  const ignoreFilePath = join8(process.cwd(), RULESYNC_AIIGNORE_RELATIVE_FILE_PATH);
+  const ignoreFilePath = join15(process.cwd(), RULESYNC_AIIGNORE_RELATIVE_FILE_PATH);
   const contentSizeBytes = Buffer.byteLength(content, "utf8");
   if (contentSizeBytes > maxIgnoreFileSizeBytes) {
     throw new Error(
@@ -3087,8 +4538,8 @@ async function putIgnoreFile({ content }) {
   }
 }
 async function deleteIgnoreFile() {
-  const aiignorePath = join8(process.cwd(), RULESYNC_AIIGNORE_RELATIVE_FILE_PATH);
-  const legacyIgnorePath = join8(process.cwd(), RULESYNC_IGNORE_RELATIVE_FILE_PATH);
+  const aiignorePath = join15(process.cwd(), RULESYNC_AIIGNORE_RELATIVE_FILE_PATH);
+  const legacyIgnorePath = join15(process.cwd(), RULESYNC_IGNORE_RELATIVE_FILE_PATH);
   try {
     await Promise.all([removeFile(aiignorePath), removeFile(legacyIgnorePath)]);
     return {
@@ -3106,11 +4557,11 @@ async function deleteIgnoreFile() {
   }
 }
 var ignoreToolSchemas = {
-  getIgnoreFile: z7.object({}),
-  putIgnoreFile: z7.object({
-    content: z7.string()
+  getIgnoreFile: z11.object({}),
+  putIgnoreFile: z11.object({
+    content: z11.string()
   }),
-  deleteIgnoreFile: z7.object({})
+  deleteIgnoreFile: z11.object({})
 };
 var ignoreTools = {
   getIgnoreFile: {
@@ -3143,11 +4594,11 @@ var ignoreTools = {
 };
 
 // src/mcp/import.ts
-import { z as z8 } from "zod/mini";
-var importOptionsSchema = z8.object({
-  target: z8.string(),
-  features: z8.optional(z8.array(z8.string())),
-  global: z8.optional(z8.boolean())
+import { z as z12 } from "zod/mini";
+var importOptionsSchema = z12.object({
+  target: z12.string(),
+  features: z12.optional(z12.array(z12.string())),
+  global: z12.optional(z12.boolean())
 });
 async function executeImport(options) {
   try {
@@ -3218,15 +4669,15 @@ var importTools = {
 };
 
 // src/mcp/mcp.ts
-import { join as join9 } from "path";
-import { z as z9 } from "zod/mini";
+import { join as join16 } from "path";
+import { z as z13 } from "zod/mini";
 var maxMcpSizeBytes = 1024 * 1024;
 async function getMcpFile() {
   try {
     const rulesyncMcp = await RulesyncMcp.fromFile({
       validate: true
     });
-    const relativePathFromCwd = join9(
+    const relativePathFromCwd = join16(
       rulesyncMcp.getRelativeDirPath(),
       rulesyncMcp.getRelativeFilePath()
     );
@@ -3264,7 +4715,7 @@ async function putMcpFile({ content }) {
     const paths = RulesyncMcp.getSettablePaths();
     const relativeDirPath = paths.recommended.relativeDirPath;
     const relativeFilePath = paths.recommended.relativeFilePath;
-    const fullPath = join9(baseDir, relativeDirPath, relativeFilePath);
+    const fullPath = join16(baseDir, relativeDirPath, relativeFilePath);
     const rulesyncMcp = new RulesyncMcp({
       baseDir,
       relativeDirPath,
@@ -3272,9 +4723,9 @@ async function putMcpFile({ content }) {
       fileContent: content,
       validate: true
     });
-    await ensureDir(join9(baseDir, relativeDirPath));
+    await ensureDir(join16(baseDir, relativeDirPath));
     await writeFileContent(fullPath, content);
-    const relativePathFromCwd = join9(relativeDirPath, relativeFilePath);
+    const relativePathFromCwd = join16(relativeDirPath, relativeFilePath);
     return {
       relativePathFromCwd,
       content: rulesyncMcp.getFileContent()
@@ -3292,15 +4743,15 @@ async function deleteMcpFile() {
   try {
     const baseDir = process.cwd();
     const paths = RulesyncMcp.getSettablePaths();
-    const recommendedPath = join9(
+    const recommendedPath = join16(
       baseDir,
       paths.recommended.relativeDirPath,
       paths.recommended.relativeFilePath
     );
-    const legacyPath = join9(baseDir, paths.legacy.relativeDirPath, paths.legacy.relativeFilePath);
+    const legacyPath = join16(baseDir, paths.legacy.relativeDirPath, paths.legacy.relativeFilePath);
     await removeFile(recommendedPath);
     await removeFile(legacyPath);
-    const relativePathFromCwd = join9(
+    const relativePathFromCwd = join16(
       paths.recommended.relativeDirPath,
       paths.recommended.relativeFilePath
     );
@@ -3317,11 +4768,11 @@ async function deleteMcpFile() {
   }
 }
 var mcpToolSchemas = {
-  getMcpFile: z9.object({}),
-  putMcpFile: z9.object({
-    content: z9.string()
+  getMcpFile: z13.object({}),
+  putMcpFile: z13.object({
+    content: z13.string()
   }),
-  deleteMcpFile: z9.object({})
+  deleteMcpFile: z13.object({})
 };
 var mcpTools = {
   getMcpFile: {
@@ -3353,14 +4804,141 @@ var mcpTools = {
   }
 };
 
+// src/mcp/permissions.ts
+import { join as join17 } from "path";
+import { z as z14 } from "zod/mini";
+var maxPermissionsSizeBytes = 1024 * 1024;
+async function getPermissionsFile() {
+  try {
+    const rulesyncPermissions = await RulesyncPermissions.fromFile({
+      validate: true
+    });
+    const relativePathFromCwd = join17(
+      rulesyncPermissions.getRelativeDirPath(),
+      rulesyncPermissions.getRelativeFilePath()
+    );
+    return {
+      relativePathFromCwd,
+      content: rulesyncPermissions.getFileContent()
+    };
+  } catch (error) {
+    throw new Error(
+      `Failed to read permissions file (${RULESYNC_PERMISSIONS_RELATIVE_FILE_PATH}): ${formatError(error)}`,
+      {
+        cause: error
+      }
+    );
+  }
+}
+async function putPermissionsFile({ content }) {
+  if (content.length > maxPermissionsSizeBytes) {
+    throw new Error(
+      `Permissions file size ${content.length} bytes exceeds maximum ${maxPermissionsSizeBytes} bytes (1MB) for ${RULESYNC_PERMISSIONS_RELATIVE_FILE_PATH}`
+    );
+  }
+  try {
+    JSON.parse(content);
+  } catch (error) {
+    throw new Error(
+      `Invalid JSON format in permissions file (${RULESYNC_PERMISSIONS_RELATIVE_FILE_PATH}): ${formatError(error)}`,
+      {
+        cause: error
+      }
+    );
+  }
+  try {
+    const baseDir = process.cwd();
+    const paths = RulesyncPermissions.getSettablePaths();
+    const relativeDirPath = paths.relativeDirPath;
+    const relativeFilePath = paths.relativeFilePath;
+    const fullPath = join17(baseDir, relativeDirPath, relativeFilePath);
+    const rulesyncPermissions = new RulesyncPermissions({
+      baseDir,
+      relativeDirPath,
+      relativeFilePath,
+      fileContent: content,
+      validate: true
+    });
+    await ensureDir(join17(baseDir, relativeDirPath));
+    await writeFileContent(fullPath, content);
+    const relativePathFromCwd = join17(relativeDirPath, relativeFilePath);
+    return {
+      relativePathFromCwd,
+      content: rulesyncPermissions.getFileContent()
+    };
+  } catch (error) {
+    throw new Error(
+      `Failed to write permissions file (${RULESYNC_PERMISSIONS_RELATIVE_FILE_PATH}): ${formatError(error)}`,
+      {
+        cause: error
+      }
+    );
+  }
+}
+async function deletePermissionsFile() {
+  try {
+    const baseDir = process.cwd();
+    const paths = RulesyncPermissions.getSettablePaths();
+    const filePath = join17(baseDir, paths.relativeDirPath, paths.relativeFilePath);
+    await removeFile(filePath);
+    const relativePathFromCwd = join17(paths.relativeDirPath, paths.relativeFilePath);
+    return {
+      relativePathFromCwd
+    };
+  } catch (error) {
+    throw new Error(
+      `Failed to delete permissions file (${RULESYNC_PERMISSIONS_RELATIVE_FILE_PATH}): ${formatError(error)}`,
+      {
+        cause: error
+      }
+    );
+  }
+}
+var permissionsToolSchemas = {
+  getPermissionsFile: z14.object({}),
+  putPermissionsFile: z14.object({
+    content: z14.string()
+  }),
+  deletePermissionsFile: z14.object({})
+};
+var permissionsTools = {
+  getPermissionsFile: {
+    name: "getPermissionsFile",
+    description: `Get the permissions configuration file (${RULESYNC_PERMISSIONS_RELATIVE_FILE_PATH}).`,
+    parameters: permissionsToolSchemas.getPermissionsFile,
+    execute: async () => {
+      const result = await getPermissionsFile();
+      return JSON.stringify(result, null, 2);
+    }
+  },
+  putPermissionsFile: {
+    name: "putPermissionsFile",
+    description: "Create or update the permissions configuration file (upsert operation). content parameter is required and must be valid JSON.",
+    parameters: permissionsToolSchemas.putPermissionsFile,
+    execute: async (args) => {
+      const result = await putPermissionsFile({ content: args.content });
+      return JSON.stringify(result, null, 2);
+    }
+  },
+  deletePermissionsFile: {
+    name: "deletePermissionsFile",
+    description: "Delete the permissions configuration file.",
+    parameters: permissionsToolSchemas.deletePermissionsFile,
+    execute: async () => {
+      const result = await deletePermissionsFile();
+      return JSON.stringify(result, null, 2);
+    }
+  }
+};
+
 // src/mcp/rules.ts
-import { basename as basename2, join as join10 } from "path";
-import { z as z10 } from "zod/mini";
+import { basename as basename3, join as join18 } from "path";
+import { z as z15 } from "zod/mini";
 var logger2 = new ConsoleLogger({ verbose: false, silent: true });
 var maxRuleSizeBytes = 1024 * 1024;
 var maxRulesCount = 1e3;
 async function listRules() {
-  const rulesDir = join10(process.cwd(), RULESYNC_RULES_RELATIVE_DIR_PATH);
+  const rulesDir = join18(process.cwd(), RULESYNC_RULES_RELATIVE_DIR_PATH);
   try {
     const files = await listDirectoryFiles(rulesDir);
     const mdFiles = files.filter((file) => file.endsWith(".md"));
@@ -3373,7 +4951,7 @@ async function listRules() {
           });
           const frontmatter = rule.getFrontmatter();
           return {
-            relativePathFromCwd: join10(RULESYNC_RULES_RELATIVE_DIR_PATH, file),
+            relativePathFromCwd: join18(RULESYNC_RULES_RELATIVE_DIR_PATH, file),
             frontmatter
           };
         } catch (error) {
@@ -3395,14 +4973,14 @@ async function getRule({ relativePathFromCwd }) {
     relativePath: relativePathFromCwd,
     intendedRootDir: process.cwd()
   });
-  const filename = basename2(relativePathFromCwd);
+  const filename = basename3(relativePathFromCwd);
   try {
     const rule = await RulesyncRule.fromFile({
       relativeFilePath: filename,
       validate: true
     });
     return {
-      relativePathFromCwd: join10(RULESYNC_RULES_RELATIVE_DIR_PATH, filename),
+      relativePathFromCwd: join18(RULESYNC_RULES_RELATIVE_DIR_PATH, filename),
       frontmatter: rule.getFrontmatter(),
       body: rule.getBody()
     };
@@ -3421,7 +4999,7 @@ async function putRule({
     relativePath: relativePathFromCwd,
     intendedRootDir: process.cwd()
   });
-  const filename = basename2(relativePathFromCwd);
+  const filename = basename3(relativePathFromCwd);
   const estimatedSize = JSON.stringify(frontmatter).length + body.length;
   if (estimatedSize > maxRuleSizeBytes) {
     throw new Error(
@@ -3431,7 +5009,7 @@ async function putRule({
   try {
     const existingRules = await listRules();
     const isUpdate = existingRules.some(
-      (rule2) => rule2.relativePathFromCwd === join10(RULESYNC_RULES_RELATIVE_DIR_PATH, filename)
+      (rule2) => rule2.relativePathFromCwd === join18(RULESYNC_RULES_RELATIVE_DIR_PATH, filename)
     );
     if (!isUpdate && existingRules.length >= maxRulesCount) {
       throw new Error(
@@ -3446,11 +5024,11 @@ async function putRule({
       body,
       validate: true
     });
-    const rulesDir = join10(process.cwd(), RULESYNC_RULES_RELATIVE_DIR_PATH);
+    const rulesDir = join18(process.cwd(), RULESYNC_RULES_RELATIVE_DIR_PATH);
     await ensureDir(rulesDir);
     await writeFileContent(rule.getFilePath(), rule.getFileContent());
     return {
-      relativePathFromCwd: join10(RULESYNC_RULES_RELATIVE_DIR_PATH, filename),
+      relativePathFromCwd: join18(RULESYNC_RULES_RELATIVE_DIR_PATH, filename),
       frontmatter: rule.getFrontmatter(),
       body: rule.getBody()
     };
@@ -3465,12 +5043,12 @@ async function deleteRule({ relativePathFromCwd }) {
     relativePath: relativePathFromCwd,
     intendedRootDir: process.cwd()
   });
-  const filename = basename2(relativePathFromCwd);
-  const fullPath = join10(process.cwd(), RULESYNC_RULES_RELATIVE_DIR_PATH, filename);
+  const filename = basename3(relativePathFromCwd);
+  const fullPath = join18(process.cwd(), RULESYNC_RULES_RELATIVE_DIR_PATH, filename);
   try {
     await removeFile(fullPath);
     return {
-      relativePathFromCwd: join10(RULESYNC_RULES_RELATIVE_DIR_PATH, filename)
+      relativePathFromCwd: join18(RULESYNC_RULES_RELATIVE_DIR_PATH, filename)
     };
   } catch (error) {
     throw new Error(`Failed to delete rule file ${relativePathFromCwd}: ${formatError(error)}`, {
@@ -3479,23 +5057,23 @@ async function deleteRule({ relativePathFromCwd }) {
   }
 }
 var ruleToolSchemas = {
-  listRules: z10.object({}),
-  getRule: z10.object({
-    relativePathFromCwd: z10.string()
+  listRules: z15.object({}),
+  getRule: z15.object({
+    relativePathFromCwd: z15.string()
   }),
-  putRule: z10.object({
-    relativePathFromCwd: z10.string(),
+  putRule: z15.object({
+    relativePathFromCwd: z15.string(),
     frontmatter: RulesyncRuleFrontmatterSchema,
-    body: z10.string()
+    body: z15.string()
   }),
-  deleteRule: z10.object({
-    relativePathFromCwd: z10.string()
+  deleteRule: z15.object({
+    relativePathFromCwd: z15.string()
   })
 };
 var ruleTools = {
   listRules: {
     name: "listRules",
-    description: `List all rules from ${join10(RULESYNC_RULES_RELATIVE_DIR_PATH, "*.md")} with their frontmatter.`,
+    description: `List all rules from ${join18(RULESYNC_RULES_RELATIVE_DIR_PATH, "*.md")} with their frontmatter.`,
     parameters: ruleToolSchemas.listRules,
     execute: async () => {
       const rules = await listRules();
@@ -3537,8 +5115,8 @@ var ruleTools = {
 };
 
 // src/mcp/skills.ts
-import { basename as basename3, dirname, join as join11 } from "path";
-import { z as z11 } from "zod/mini";
+import { basename as basename4, dirname, join as join19 } from "path";
+import { z as z16 } from "zod/mini";
 var logger3 = new ConsoleLogger({ verbose: false, silent: true });
 var maxSkillSizeBytes = 1024 * 1024;
 var maxSkillsCount = 1e3;
@@ -3555,19 +5133,19 @@ function mcpSkillFileToAiDirFile(file) {
   };
 }
 function extractDirName(relativeDirPathFromCwd) {
-  const dirName = basename3(relativeDirPathFromCwd);
+  const dirName = basename4(relativeDirPathFromCwd);
   if (!dirName) {
     throw new Error(`Invalid path: ${relativeDirPathFromCwd}`);
   }
   return dirName;
 }
 async function listSkills() {
-  const skillsDir = join11(process.cwd(), RULESYNC_SKILLS_RELATIVE_DIR_PATH);
+  const skillsDir = join19(process.cwd(), RULESYNC_SKILLS_RELATIVE_DIR_PATH);
   try {
-    const skillDirPaths = await findFilesByGlobs(join11(skillsDir, "*"), { type: "dir" });
+    const skillDirPaths = await findFilesByGlobs(join19(skillsDir, "*"), { type: "dir" });
     const skills = await Promise.all(
       skillDirPaths.map(async (dirPath) => {
-        const dirName = basename3(dirPath);
+        const dirName = basename4(dirPath);
         if (!dirName) return null;
         try {
           const skill = await RulesyncSkill.fromDir({
@@ -3575,7 +5153,7 @@ async function listSkills() {
           });
           const frontmatter = skill.getFrontmatter();
           return {
-            relativeDirPathFromCwd: join11(RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName),
+            relativeDirPathFromCwd: join19(RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName),
             frontmatter
           };
         } catch (error) {
@@ -3603,7 +5181,7 @@ async function getSkill({ relativeDirPathFromCwd }) {
       dirName
     });
     return {
-      relativeDirPathFromCwd: join11(RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName),
+      relativeDirPathFromCwd: join19(RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName),
       frontmatter: skill.getFrontmatter(),
       body: skill.getBody(),
       otherFiles: skill.getOtherFiles().map(aiDirFileToMcpSkillFile)
@@ -3637,7 +5215,7 @@ async function putSkill({
   try {
     const existingSkills = await listSkills();
     const isUpdate = existingSkills.some(
-      (skill2) => skill2.relativeDirPathFromCwd === join11(RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName)
+      (skill2) => skill2.relativeDirPathFromCwd === join19(RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName)
     );
     if (!isUpdate && existingSkills.length >= maxSkillsCount) {
       throw new Error(
@@ -3654,9 +5232,9 @@ async function putSkill({
       otherFiles: aiDirFiles,
       validate: true
     });
-    const skillDirPath = join11(process.cwd(), RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName);
+    const skillDirPath = join19(process.cwd(), RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName);
     await ensureDir(skillDirPath);
-    const skillFilePath = join11(skillDirPath, SKILL_FILE_NAME);
+    const skillFilePath = join19(skillDirPath, SKILL_FILE_NAME);
     const skillFileContent = stringifyFrontmatter(body, frontmatter);
     await writeFileContent(skillFilePath, skillFileContent);
     for (const file of otherFiles) {
@@ -3664,15 +5242,15 @@ async function putSkill({
         relativePath: file.name,
         intendedRootDir: skillDirPath
       });
-      const filePath = join11(skillDirPath, file.name);
-      const fileDir = join11(skillDirPath, dirname(file.name));
+      const filePath = join19(skillDirPath, file.name);
+      const fileDir = join19(skillDirPath, dirname(file.name));
       if (fileDir !== skillDirPath) {
         await ensureDir(fileDir);
       }
       await writeFileContent(filePath, file.body);
     }
     return {
-      relativeDirPathFromCwd: join11(RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName),
+      relativeDirPathFromCwd: join19(RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName),
       frontmatter: skill.getFrontmatter(),
       body: skill.getBody(),
       otherFiles: skill.getOtherFiles().map(aiDirFileToMcpSkillFile)
@@ -3694,13 +5272,13 @@ async function deleteSkill({
     intendedRootDir: process.cwd()
   });
   const dirName = extractDirName(relativeDirPathFromCwd);
-  const skillDirPath = join11(process.cwd(), RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName);
+  const skillDirPath = join19(process.cwd(), RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName);
   try {
     if (await directoryExists(skillDirPath)) {
       await removeDirectory(skillDirPath);
     }
     return {
-      relativeDirPathFromCwd: join11(RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName)
+      relativeDirPathFromCwd: join19(RULESYNC_SKILLS_RELATIVE_DIR_PATH, dirName)
     };
   } catch (error) {
     throw new Error(
@@ -3711,29 +5289,29 @@ async function deleteSkill({
     );
   }
 }
-var McpSkillFileSchema = z11.object({
-  name: z11.string(),
-  body: z11.string()
+var McpSkillFileSchema = z16.object({
+  name: z16.string(),
+  body: z16.string()
 });
 var skillToolSchemas = {
-  listSkills: z11.object({}),
-  getSkill: z11.object({
-    relativeDirPathFromCwd: z11.string()
+  listSkills: z16.object({}),
+  getSkill: z16.object({
+    relativeDirPathFromCwd: z16.string()
   }),
-  putSkill: z11.object({
-    relativeDirPathFromCwd: z11.string(),
+  putSkill: z16.object({
+    relativeDirPathFromCwd: z16.string(),
     frontmatter: RulesyncSkillFrontmatterSchema,
-    body: z11.string(),
-    otherFiles: z11.optional(z11.array(McpSkillFileSchema))
+    body: z16.string(),
+    otherFiles: z16.optional(z16.array(McpSkillFileSchema))
   }),
-  deleteSkill: z11.object({
-    relativeDirPathFromCwd: z11.string()
+  deleteSkill: z16.object({
+    relativeDirPathFromCwd: z16.string()
   })
 };
 var skillTools = {
   listSkills: {
     name: "listSkills",
-    description: `List all skills from ${join11(RULESYNC_SKILLS_RELATIVE_DIR_PATH, "*", SKILL_FILE_NAME)} with their frontmatter.`,
+    description: `List all skills from ${join19(RULESYNC_SKILLS_RELATIVE_DIR_PATH, "*", SKILL_FILE_NAME)} with their frontmatter.`,
     parameters: skillToolSchemas.listSkills,
     execute: async () => {
       const skills = await listSkills();
@@ -3776,13 +5354,13 @@ var skillTools = {
 };
 
 // src/mcp/subagents.ts
-import { basename as basename4, join as join12 } from "path";
-import { z as z12 } from "zod/mini";
+import { basename as basename5, join as join20 } from "path";
+import { z as z17 } from "zod/mini";
 var logger4 = new ConsoleLogger({ verbose: false, silent: true });
 var maxSubagentSizeBytes = 1024 * 1024;
 var maxSubagentsCount = 1e3;
 async function listSubagents() {
-  const subagentsDir = join12(process.cwd(), RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH);
+  const subagentsDir = join20(process.cwd(), RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH);
   try {
     const files = await listDirectoryFiles(subagentsDir);
     const mdFiles = files.filter((file) => file.endsWith(".md"));
@@ -3795,7 +5373,7 @@ async function listSubagents() {
           });
           const frontmatter = subagent.getFrontmatter();
           return {
-            relativePathFromCwd: join12(RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, file),
+            relativePathFromCwd: join20(RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, file),
             frontmatter
           };
         } catch (error) {
@@ -3819,14 +5397,14 @@ async function getSubagent({ relativePathFromCwd }) {
     relativePath: relativePathFromCwd,
     intendedRootDir: process.cwd()
   });
-  const filename = basename4(relativePathFromCwd);
+  const filename = basename5(relativePathFromCwd);
   try {
     const subagent = await RulesyncSubagent.fromFile({
       relativeFilePath: filename,
       validate: true
     });
     return {
-      relativePathFromCwd: join12(RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, filename),
+      relativePathFromCwd: join20(RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, filename),
       frontmatter: subagent.getFrontmatter(),
       body: subagent.getBody()
     };
@@ -3845,7 +5423,7 @@ async function putSubagent({
     relativePath: relativePathFromCwd,
     intendedRootDir: process.cwd()
   });
-  const filename = basename4(relativePathFromCwd);
+  const filename = basename5(relativePathFromCwd);
   const estimatedSize = JSON.stringify(frontmatter).length + body.length;
   if (estimatedSize > maxSubagentSizeBytes) {
     throw new Error(
@@ -3855,7 +5433,7 @@ async function putSubagent({
   try {
     const existingSubagents = await listSubagents();
     const isUpdate = existingSubagents.some(
-      (subagent2) => subagent2.relativePathFromCwd === join12(RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, filename)
+      (subagent2) => subagent2.relativePathFromCwd === join20(RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, filename)
     );
     if (!isUpdate && existingSubagents.length >= maxSubagentsCount) {
       throw new Error(
@@ -3870,11 +5448,11 @@ async function putSubagent({
       body,
       validate: true
     });
-    const subagentsDir = join12(process.cwd(), RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH);
+    const subagentsDir = join20(process.cwd(), RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH);
     await ensureDir(subagentsDir);
     await writeFileContent(subagent.getFilePath(), subagent.getFileContent());
     return {
-      relativePathFromCwd: join12(RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, filename),
+      relativePathFromCwd: join20(RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, filename),
       frontmatter: subagent.getFrontmatter(),
       body: subagent.getBody()
     };
@@ -3889,12 +5467,12 @@ async function deleteSubagent({ relativePathFromCwd }) {
     relativePath: relativePathFromCwd,
     intendedRootDir: process.cwd()
   });
-  const filename = basename4(relativePathFromCwd);
-  const fullPath = join12(process.cwd(), RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, filename);
+  const filename = basename5(relativePathFromCwd);
+  const fullPath = join20(process.cwd(), RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, filename);
   try {
     await removeFile(fullPath);
     return {
-      relativePathFromCwd: join12(RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, filename)
+      relativePathFromCwd: join20(RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, filename)
     };
   } catch (error) {
     throw new Error(
@@ -3906,23 +5484,23 @@ async function deleteSubagent({ relativePathFromCwd }) {
   }
 }
 var subagentToolSchemas = {
-  listSubagents: z12.object({}),
-  getSubagent: z12.object({
-    relativePathFromCwd: z12.string()
+  listSubagents: z17.object({}),
+  getSubagent: z17.object({
+    relativePathFromCwd: z17.string()
   }),
-  putSubagent: z12.object({
-    relativePathFromCwd: z12.string(),
+  putSubagent: z17.object({
+    relativePathFromCwd: z17.string(),
     frontmatter: RulesyncSubagentFrontmatterSchema,
-    body: z12.string()
+    body: z17.string()
   }),
-  deleteSubagent: z12.object({
-    relativePathFromCwd: z12.string()
+  deleteSubagent: z17.object({
+    relativePathFromCwd: z17.string()
   })
 };
 var subagentTools = {
   listSubagents: {
     name: "listSubagents",
-    description: `List all subagents from ${join12(RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, "*.md")} with their frontmatter.`,
+    description: `List all subagents from ${join20(RULESYNC_SUBAGENTS_RELATIVE_DIR_PATH, "*.md")} with their frontmatter.`,
     parameters: subagentToolSchemas.listSubagents,
     execute: async () => {
       const subagents = await listSubagents();
@@ -3964,31 +5542,33 @@ var subagentTools = {
 };
 
 // src/mcp/tools.ts
-var rulesyncFeatureSchema = z13.enum([
+var rulesyncFeatureSchema = z18.enum([
   "rule",
   "command",
   "subagent",
   "skill",
   "ignore",
   "mcp",
+  "permissions",
+  "hooks",
   "generate",
   "import"
 ]);
-var rulesyncOperationSchema = z13.enum(["list", "get", "put", "delete", "run"]);
-var skillFileSchema = z13.object({
-  name: z13.string(),
-  body: z13.string()
+var rulesyncOperationSchema = z18.enum(["list", "get", "put", "delete", "run"]);
+var skillFileSchema = z18.object({
+  name: z18.string(),
+  body: z18.string()
 });
-var rulesyncToolSchema = z13.object({
+var rulesyncToolSchema = z18.object({
   feature: rulesyncFeatureSchema,
   operation: rulesyncOperationSchema,
-  targetPathFromCwd: z13.optional(z13.string()),
-  frontmatter: z13.optional(z13.unknown()),
-  body: z13.optional(z13.string()),
-  otherFiles: z13.optional(z13.array(skillFileSchema)),
-  content: z13.optional(z13.string()),
-  generateOptions: z13.optional(generateOptionsSchema),
-  importOptions: z13.optional(importOptionsSchema)
+  targetPathFromCwd: z18.optional(z18.string()),
+  frontmatter: z18.optional(z18.unknown()),
+  body: z18.optional(z18.string()),
+  otherFiles: z18.optional(z18.array(skillFileSchema)),
+  content: z18.optional(z18.string()),
+  generateOptions: z18.optional(generateOptionsSchema),
+  importOptions: z18.optional(importOptionsSchema)
 });
 var supportedOperationsByFeature = {
   rule: ["list", "get", "put", "delete"],
@@ -3997,6 +5577,8 @@ var supportedOperationsByFeature = {
   skill: ["list", "get", "put", "delete"],
   ignore: ["get", "put", "delete"],
   mcp: ["get", "put", "delete"],
+  permissions: ["get", "put", "delete"],
+  hooks: ["get", "put", "delete"],
   generate: ["run"],
   import: ["run"]
 };
@@ -4046,7 +5628,7 @@ function ensureBody({ body, feature, operation }) {
 }
 var rulesyncTool = {
   name: "rulesyncTool",
-  description: "Manage Rulesync files through a single MCP tool. Features: rule/command/subagent/skill support list/get/put/delete; ignore/mcp support get/put/delete only; generate supports run only; import supports run only. Parameters: list requires no targetPathFromCwd (lists all items); get/delete require targetPathFromCwd; put requires targetPathFromCwd, frontmatter, and body (or content for ignore/mcp); generate/run uses generateOptions to configure generation; import/run uses importOptions to configure import.",
+  description: "Manage Rulesync files through a single MCP tool. Features: rule/command/subagent/skill support list/get/put/delete; ignore/mcp/permissions/hooks support get/put/delete only; generate supports run only; import supports run only. Parameters: list requires no targetPathFromCwd (lists all items); get/delete require targetPathFromCwd; put requires targetPathFromCwd, frontmatter, and body (or content for ignore/mcp/permissions/hooks); generate/run uses generateOptions to configure generation; import/run uses importOptions to configure import.",
   parameters: rulesyncToolSchema,
   execute: async (args) => {
     const parsed = rulesyncToolSchema.parse(args);
@@ -4163,6 +5745,30 @@ var rulesyncTool = {
         }
         return mcpTools.deleteMcpFile.execute();
       }
+      case "permissions": {
+        if (parsed.operation === "get") {
+          return permissionsTools.getPermissionsFile.execute();
+        }
+        if (parsed.operation === "put") {
+          if (!parsed.content) {
+            throw new Error("content is required for permissions put operation");
+          }
+          return permissionsTools.putPermissionsFile.execute({ content: parsed.content });
+        }
+        return permissionsTools.deletePermissionsFile.execute();
+      }
+      case "hooks": {
+        if (parsed.operation === "get") {
+          return hooksTools.getHooksFile.execute();
+        }
+        if (parsed.operation === "put") {
+          if (!parsed.content) {
+            throw new Error("content is required for hooks put operation");
+          }
+          return hooksTools.putHooksFile.execute({ content: parsed.content });
+        }
+        return hooksTools.deleteHooksFile.execute();
+      }
       case "generate": {
         return generateTools.executeGenerate.execute(parsed.generateOptions ?? {});
       }
@@ -4195,7 +5801,7 @@ async function mcpCommand(logger5, { version }) {
 }
 
 // src/cli/commands/resolve-gitignore-targets.ts
-import { join as join13 } from "path";
+import { join as join21 } from "path";
 var resolveGitignoreTargets = async ({
   cliTargets,
   cwd = process.cwd()
@@ -4203,8 +5809,8 @@ var resolveGitignoreTargets = async ({
   if (cliTargets !== void 0) {
     return cliTargets;
   }
-  const baseConfigPath = join13(cwd, RULESYNC_CONFIG_RELATIVE_FILE_PATH);
-  const localConfigPath = join13(cwd, RULESYNC_LOCAL_CONFIG_RELATIVE_FILE_PATH);
+  const baseConfigPath = join21(cwd, RULESYNC_CONFIG_RELATIVE_FILE_PATH);
+  const localConfigPath = join21(cwd, RULESYNC_LOCAL_CONFIG_RELATIVE_FILE_PATH);
   const [hasBase, hasLocal] = await Promise.all([
     fileExists(baseConfigPath),
     fileExists(localConfigPath)
@@ -4625,7 +6231,7 @@ function wrapCommand({
 }
 
 // src/cli/index.ts
-var getVersion = () => "8.6.0";
+var getVersion = () => "8.7.0";
 function wrapCommand2(name, errorCode, handler) {
   return wrapCommand({ name, errorCode, handler, getVersion });
 }
@@ -4691,12 +6297,18 @@ var main = async () => {
       await mcpCommand(logger5, { version });
     })
   );
-  program.command("install").description("Install skills from declarative sources in rulesync.jsonc").option("--update", "Force re-resolve all source refs, ignoring lockfile").option(
+  program.command("install").description("Install skills/primitives from declarative sources (rulesync.jsonc) or apm.yml").option(
+    "--mode <mode>",
+    `Install layout to produce (${INSTALL_MODES.join("|")}). Default: rulesync`
+  ).option("--update", "Force re-resolve all source refs, ignoring lockfile").option(
     "--frozen",
     "Fail if lockfile is missing or out of sync (for CI); fetches missing skills using locked refs"
   ).option("--token <token>", "GitHub token for private repos").option("-c, --config <path>", "Path to configuration file").option("-V, --verbose", "Verbose output").option("-s, --silent", "Suppress all output").action(
     wrapCommand2("install", "INSTALL_FAILED", async (logger5, options) => {
+      const rawMode = options.mode;
+      const mode = parseInstallMode(rawMode);
       await installCommand(logger5, {
+        mode,
         // eslint-disable-next-line no-type-assertion/no-type-assertion
         update: options.update,
         // eslint-disable-next-line no-type-assertion/no-type-assertion
@@ -4745,6 +6357,14 @@ var main = async () => {
   );
   program.parse();
 };
+function parseInstallMode(raw) {
+  if (raw === void 0) return void 0;
+  const match = INSTALL_MODES.find((m) => m === raw);
+  if (!match) {
+    throw new Error(`Invalid --mode value "${raw}". Expected one of: ${INSTALL_MODES.join(", ")}.`);
+  }
+  return match;
+}
 main().catch((error) => {
   console.error(formatError(error));
   process.exit(1);