skilld 1.7.3 → 2.0.0

package/dist/_chunks/login.mjs

@@ -0,0 +1,233 @@
+import { t as version } from "./version.mjs";
+import { i as saveSession } from "./store.mjs";
+import { i as getRegistryBase } from "./client.mjs";
+import { t as track } from "./telemetry.mjs";
+import { styleText } from "node:util";
+import * as p from "@clack/prompts";
+import { defineCommand } from "citty";
+import { spawn } from "node:child_process";
+import { createHash, randomBytes } from "node:crypto";
+import { ofetch } from "ofetch";
+import { createServer } from "node:http";
+async function runDeviceFlow(opts) {
+	const start = await ofetch(`${opts.registryBase}/cli/device/start`, {
+		method: "POST",
+		body: {
+			cli_version: opts.cliVersion,
+			machine_hint: opts.machineHint
+		}
+	});
+	opts.onUserCode({
+		userCode: start.user_code,
+		verificationUri: start.verification_uri
+	});
+	const deadline = Date.now() + start.expires_in * 1e3;
+	const interval = opts.intervalMs ?? start.interval * 1e3;
+	while (Date.now() < deadline) {
+		await new Promise((resolve) => setTimeout(resolve, interval));
+		const poll = await ofetch(`${opts.registryBase}/cli/device/poll`, {
+			method: "POST",
+			body: { device_code: start.device_code }
+		}).catch(() => null);
+		if (!poll || poll.status === "pending") continue;
+		if (poll.status === "expired") throw new Error("Device code expired before authorization");
+		if (poll.status === "denied") throw new Error("Device authorization denied");
+		if (poll.status === "authorized" && poll.tokens) return poll.tokens;
+	}
+	throw new Error("Device authorization timed out");
+}
+function isGhaOidcAvailable() {
+	return !!(process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN && process.env.ACTIONS_ID_TOKEN_REQUEST_URL);
+}
+async function runOidcExchange(opts) {
+	const token = process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN;
+	const url = process.env.ACTIONS_ID_TOKEN_REQUEST_URL;
+	if (!token || !url) throw new Error("Not running in GitHub Actions with id-token: write permission");
+	const audience = opts.audience ?? "skilld.dev";
+	const idToken = await ofetch(`${url}&audience=${encodeURIComponent(audience)}`, { headers: { Authorization: `Bearer ${token}` } });
+	return ofetch(`${opts.registryBase}/cli/oidc/exchange`, {
+		method: "POST",
+		body: { id_token: idToken.value }
+	});
+}
+const SUCCESS_HTML = `<!doctype html><meta charset="utf-8"><title>skilld — signed in</title>
+<body style="font-family: ui-sans-serif, system-ui; padding: 4rem; text-align: center">
+<h1>Signed in to skilld</h1><p>You can close this tab and return to the CLI.</p>`;
+function ERROR_HTML(msg) {
+	return `<!doctype html><meta charset="utf-8"><title>skilld — error</title>
+<body style="font-family: ui-sans-serif, system-ui; padding: 4rem; text-align: center; color: #b00">
+<h1>Sign-in failed</h1><p>${msg}</p>`;
+}
+const PLUS_RE = /\+/g;
+const SLASH_RE = /\//g;
+const EQ_RE = /=+$/;
+const TRAILING_SLASH_RE = /\/$/;
+const TRAILING_API_RE = /\/api$/;
+function base64url(buf) {
+	return buf.toString("base64").replace(PLUS_RE, "-").replace(SLASH_RE, "_").replace(EQ_RE, "");
+}
+function generateVerifier() {
+	return base64url(randomBytes(32));
+}
+function challengeFromVerifier(verifier) {
+	return base64url(createHash("sha256").update(verifier).digest());
+}
+async function runPkceFlow(opts) {
+	const verifier = generateVerifier();
+	const challenge = challengeFromVerifier(verifier);
+	const state = base64url(randomBytes(16));
+	const { port, server, gotCode } = await bindLoopback(state);
+	const verificationUrl = new URL(`${opts.registryBase.replace(TRAILING_SLASH_RE, "").replace(TRAILING_API_RE, "")}/cli/authorize`);
+	verificationUrl.searchParams.set("challenge", challenge);
+	verificationUrl.searchParams.set("port", String(port));
+	verificationUrl.searchParams.set("state", state);
+	verificationUrl.searchParams.set("v", opts.cliVersion);
+	await (opts.openBrowser ?? defaultOpenBrowser)(verificationUrl.toString());
+	try {
+		const code = await Promise.race([gotCode, new Promise((_, reject) => setTimeout(() => reject(/* @__PURE__ */ new Error("PKCE flow timed out")), opts.timeoutMs ?? 5 * 6e4))]);
+		return await ofetch(`${opts.registryBase}/cli/oauth/token`, {
+			method: "POST",
+			body: {
+				code,
+				code_verifier: verifier,
+				redirect_uri: `http://127.0.0.1:${port}/`
+			}
+		});
+	} finally {
+		server.close();
+	}
+}
+async function bindLoopback(expectedState) {
+	let resolveCode;
+	let rejectCode;
+	const gotCode = new Promise((res, rej) => {
+		resolveCode = res;
+		rejectCode = rej;
+	});
+	const handler = (req, res) => {
+		const url = new URL(req.url ?? "/", "http://localhost");
+		const code = url.searchParams.get("code");
+		const state = url.searchParams.get("state");
+		if (!code || state !== expectedState) {
+			res.writeHead(400, { "content-type": "text/html" }).end(ERROR_HTML("Missing or invalid state parameter."));
+			rejectCode(/* @__PURE__ */ new Error("PKCE callback missing code or state mismatch"));
+			return;
+		}
+		res.writeHead(200, { "content-type": "text/html" }).end(SUCCESS_HTML);
+		resolveCode(code);
+	};
+	const v4 = createServer(handler);
+	const v6 = createServer(handler);
+	await new Promise((resolve, reject) => {
+		v4.once("error", reject).listen(0, "127.0.0.1", () => resolve());
+	});
+	const port = v4.address().port;
+	await new Promise((resolve) => {
+		v6.once("error", () => resolve()).listen(port, "::1", () => resolve());
+	});
+	const close = () => {
+		v4.closeAllConnections();
+		v6.closeAllConnections();
+		v4.close();
+		v6.close();
+	};
+	return {
+		port,
+		server: { close },
+		gotCode
+	};
+}
+function defaultOpenBrowser(url) {
+	spawn(process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open", [url], {
+		stdio: "ignore",
+		detached: true
+	}).unref();
+}
+function shouldUseDevice(force) {
+	if (force) return true;
+	if (process.env.BROWSER) return false;
+	if (process.platform === "darwin" || process.platform === "win32") return false;
+	return !process.env.DISPLAY && !process.env.WAYLAND_DISPLAY;
+}
+const loginCommandDef = defineCommand({
+	meta: {
+		name: "login",
+		description: "Authenticate with skilld.dev"
+	},
+	args: { device: {
+		type: "boolean",
+		description: "Use RFC 8628 device flow"
+	} },
+	async run({ args }) {
+		const registryBase = getRegistryBase();
+		if (isGhaOidcAvailable()) {
+			const spin = p.spinner();
+			spin.start("Exchanging GitHub Actions OIDC token");
+			const tokens = await runOidcExchange({ registryBase });
+			spin.stop(`Authenticated as @${tokens.login} (oidc)`);
+			await saveSession({
+				login: tokens.login,
+				accessToken: tokens.accessToken,
+				expiresAt: tokens.expiresAt,
+				tokens: { accessToken: tokens.accessToken }
+			});
+			track({
+				event: "auth-flow",
+				surface: "cli:auth",
+				flow: "oidc"
+			});
+			process.exit(0);
+		}
+		if (shouldUseDevice(!!args.device)) {
+			const tokens = await runDeviceFlow({
+				registryBase,
+				cliVersion: version,
+				onUserCode: ({ userCode, verificationUri }) => {
+					p.log.info(`Visit ${styleText("cyan", verificationUri)} and enter ${styleText("bold", userCode)}`);
+				}
+			});
+			await saveSession({
+				login: tokens.login,
+				accessToken: tokens.accessToken,
+				refreshToken: tokens.refreshToken,
+				expiresAt: tokens.expiresAt,
+				tokens: {
+					accessToken: tokens.accessToken,
+					refreshToken: tokens.refreshToken
+				}
+			});
+			track({
+				event: "auth-flow",
+				surface: "cli:auth",
+				flow: "device"
+			});
+			p.log.success(`Logged in as @${tokens.login}`);
+			process.exit(0);
+		}
+		p.log.info("Opening browser to authenticate…");
+		const tokens = await runPkceFlow({
+			registryBase,
+			cliVersion: version
+		});
+		await saveSession({
+			login: tokens.login,
+			accessToken: tokens.accessToken,
+			refreshToken: tokens.refreshToken,
+			expiresAt: tokens.expiresAt,
+			tokens: {
+				accessToken: tokens.accessToken,
+				refreshToken: tokens.refreshToken
+			}
+		});
+		track({
+			event: "auth-flow",
+			surface: "cli:auth",
+			flow: "pkce"
+		});
+		p.log.success(`Logged in as @${tokens.login}`);
+		process.exit(0);
+	}
+});
+export { loginCommandDef };
+
+//# sourceMappingURL=login.mjs.map

package/dist/_chunks/login.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.mjs","names":[],"sources":["../../src/auth/device-flow.ts","../../src/auth/oidc.ts","../../src/auth/pkce-flow.ts","../../src/commands/login.ts"],"sourcesContent":["/**\n * RFC 8628 device flow. Used when --device is passed, no browser is detected,\n * or PKCE bind fails.\n */\n\nimport type { DevicePollResponse, DeviceStartResponse, TokenResponse } from 'skilld-protocol/wire'\nimport { ofetch } from 'ofetch'\n\nexport type { DeviceStartResponse }\n\nexport interface DeviceFlowOptions {\n  registryBase: string\n  cliVersion: string\n  machineHint?: string\n  /** Hook called once the user_code is known so the CLI can prompt the user. */\n  onUserCode: (info: { userCode: string, verificationUri: string }) => void\n  /** Override polling interval for tests. */\n  intervalMs?: number\n}\n\nexport async function runDeviceFlow(opts: DeviceFlowOptions): Promise<TokenResponse> {\n  const start = await ofetch<DeviceStartResponse>(`${opts.registryBase}/cli/device/start`, {\n    method: 'POST',\n    body: { cli_version: opts.cliVersion, machine_hint: opts.machineHint },\n  })\n\n  opts.onUserCode({ userCode: start.user_code, verificationUri: start.verification_uri })\n\n  const deadline = Date.now() + start.expires_in * 1000\n  const interval = opts.intervalMs ?? start.interval * 1000\n\n  while (Date.now() < deadline) {\n    await new Promise(resolve => setTimeout(resolve, interval))\n    const poll = await ofetch<DevicePollResponse>(`${opts.registryBase}/cli/device/poll`, {\n      method: 'POST',\n      body: { device_code: start.device_code },\n    }).catch(() => null)\n\n    if (!poll || poll.status === 'pending')\n      continue\n    if (poll.status === 'expired')\n      throw new Error('Device code expired before authorization')\n    if (poll.status === 'denied')\n      throw new Error('Device authorization denied')\n    if (poll.status === 'authorized' && poll.tokens)\n      return poll.tokens\n  }\n\n  throw new Error('Device authorization timed out')\n}\n","/**\n * GitHub Actions OIDC exchange. Auto-detected via `ACTIONS_ID_TOKEN_REQUEST_TOKEN`;\n * fetches a short-lived JWT against `audience=skilld.dev` and trades it for a\n * session token. No browser, no prompt, no refresh.\n */\n\nimport type { TokenResponse } from './types.ts'\nimport { ofetch } from 'ofetch'\n\ninterface GhaOidcResponse {\n  value: string\n  count?: number\n}\n\nexport function isGhaOidcAvailable(): boolean {\n  return !!(process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN && process.env.ACTIONS_ID_TOKEN_REQUEST_URL)\n}\n\nexport async function runOidcExchange(opts: { registryBase: string, audience?: string }): Promise<TokenResponse> {\n  const token = process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN\n  const url = process.env.ACTIONS_ID_TOKEN_REQUEST_URL\n  if (!token || !url)\n    throw new Error('Not running in GitHub Actions with id-token: write permission')\n\n  const audience = opts.audience ?? 'skilld.dev'\n  const idToken = await ofetch<GhaOidcResponse>(`${url}&audience=${encodeURIComponent(audience)}`, {\n    headers: { Authorization: `Bearer ${token}` },\n  })\n\n  return ofetch<TokenResponse>(`${opts.registryBase}/cli/oidc/exchange`, {\n    method: 'POST',\n    body: { id_token: idToken.value },\n  })\n}\n","/**\n * RFC 7636 PKCE loopback flow.\n *\n * Binds `127.0.0.1:<port>` and `[::1]:<port>` simultaneously so the browser\n * can hit either; opens the system browser to the verification URL; serves a\n * single GET callback that captures the auth code, then exchanges it for\n * tokens against `/api/cli/oauth/token`.\n */\n\nimport type { AddressInfo } from 'node:net'\nimport type { TokenResponse } from './types.ts'\nimport { spawn } from 'node:child_process'\nimport { createHash, randomBytes } from 'node:crypto'\nimport { createServer } from 'node:http'\nimport { ofetch } from 'ofetch'\n\nconst SUCCESS_HTML = `<!doctype html><meta charset=\"utf-8\"><title>skilld — signed in</title>\n<body style=\"font-family: ui-sans-serif, system-ui; padding: 4rem; text-align: center\">\n<h1>Signed in to skilld</h1><p>You can close this tab and return to the CLI.</p>`\n\nfunction ERROR_HTML(msg: string) {\n  return `<!doctype html><meta charset=\"utf-8\"><title>skilld — error</title>\n<body style=\"font-family: ui-sans-serif, system-ui; padding: 4rem; text-align: center; color: #b00\">\n<h1>Sign-in failed</h1><p>${msg}</p>`\n}\n\nexport interface PkceFlowOptions {\n  registryBase: string\n  cliVersion: string\n  openBrowser?: (url: string) => Promise<void> | void\n  timeoutMs?: number\n}\n\nconst PLUS_RE = /\\+/g\nconst SLASH_RE = /\\//g\nconst EQ_RE = /=+$/\nconst TRAILING_SLASH_RE = /\\/$/\nconst TRAILING_API_RE = /\\/api$/\n\nfunction base64url(buf: Buffer): string {\n  return buf.toString('base64').replace(PLUS_RE, '-').replace(SLASH_RE, '_').replace(EQ_RE, '')\n}\n\nfunction generateVerifier(): string {\n  return base64url(randomBytes(32))\n}\n\nfunction challengeFromVerifier(verifier: string): string {\n  return base64url(createHash('sha256').update(verifier).digest())\n}\n\nexport async function runPkceFlow(opts: PkceFlowOptions): Promise<TokenResponse> {\n  const verifier = generateVerifier()\n  const challenge = challengeFromVerifier(verifier)\n  const state = base64url(randomBytes(16))\n\n  const { port, server, gotCode } = await bindLoopback(state)\n  const verificationUrl = new URL(`${opts.registryBase.replace(TRAILING_SLASH_RE, '').replace(TRAILING_API_RE, '')}/cli/authorize`)\n  verificationUrl.searchParams.set('challenge', challenge)\n  verificationUrl.searchParams.set('port', String(port))\n  verificationUrl.searchParams.set('state', state)\n  verificationUrl.searchParams.set('v', opts.cliVersion)\n\n  await (opts.openBrowser ?? defaultOpenBrowser)(verificationUrl.toString())\n\n  try {\n    const code = await Promise.race([\n      gotCode,\n      new Promise<never>((_, reject) => setTimeout(() => reject(new Error('PKCE flow timed out')), opts.timeoutMs ?? 5 * 60_000)),\n    ])\n\n    return await ofetch<TokenResponse>(`${opts.registryBase}/cli/oauth/token`, {\n      method: 'POST',\n      body: { code, code_verifier: verifier, redirect_uri: `http://127.0.0.1:${port}/` },\n    })\n  }\n  finally {\n    server.close()\n  }\n}\n\ninterface LoopbackBinding {\n  port: number\n  server: { close: () => void }\n  gotCode: Promise<string>\n}\n\nasync function bindLoopback(expectedState: string): Promise<LoopbackBinding> {\n  let resolveCode!: (code: string) => void\n  let rejectCode!: (err: Error) => void\n  const gotCode = new Promise<string>((res, rej) => {\n    resolveCode = res\n    rejectCode = rej\n  })\n\n  const handler = (req: import('node:http').IncomingMessage, res: import('node:http').ServerResponse): void => {\n    const url = new URL(req.url ?? '/', 'http://localhost')\n    const code = url.searchParams.get('code')\n    const state = url.searchParams.get('state')\n    if (!code || state !== expectedState) {\n      res.writeHead(400, { 'content-type': 'text/html' }).end(ERROR_HTML('Missing or invalid state parameter.'))\n      rejectCode(new Error('PKCE callback missing code or state mismatch'))\n      return\n    }\n    res.writeHead(200, { 'content-type': 'text/html' }).end(SUCCESS_HTML)\n    resolveCode(code)\n  }\n\n  const v4 = createServer(handler)\n  const v6 = createServer(handler)\n\n  await new Promise<void>((resolve, reject) => {\n    v4.once('error', reject).listen(0, '127.0.0.1', () => resolve())\n  })\n  const port = (v4.address() as AddressInfo).port\n  await new Promise<void>((resolve) => {\n    v6.once('error', () => resolve()).listen(port, '::1', () => resolve())\n  })\n\n  const close = (): void => {\n    // closeAllConnections() forces still-open keep-alive sockets shut so the\n    // process can exit promptly after the browser hits the success page.\n    v4.closeAllConnections()\n    v6.closeAllConnections()\n    v4.close()\n    v6.close()\n  }\n\n  return {\n    port,\n    server: { close },\n    gotCode,\n  }\n}\n\nfunction defaultOpenBrowser(url: string): void {\n  const cmd = process.platform === 'darwin'\n    ? 'open'\n    : process.platform === 'win32'\n      ? 'start'\n      : 'xdg-open'\n  spawn(cmd, [url], { stdio: 'ignore', detached: true }).unref()\n}\n","/**\n * `skilld login` — authenticate with skilld.dev.\n *\n * Picks a flow based on env:\n *   - `ACTIONS_ID_TOKEN_REQUEST_TOKEN` set → GHA OIDC exchange.\n *   - `--device` or no `DISPLAY`/`BROWSER` env → RFC 8628 device flow.\n *   - Otherwise → PKCE loopback.\n */\n\nimport { styleText } from 'node:util'\nimport * as p from '@clack/prompts'\nimport { defineCommand } from 'citty'\nimport { runDeviceFlow } from '../auth/device-flow.ts'\nimport { isGhaOidcAvailable, runOidcExchange } from '../auth/oidc.ts'\nimport { runPkceFlow } from '../auth/pkce-flow.ts'\nimport { saveSession } from '../auth/store.ts'\nimport { getRegistryBase } from '../registry/client.ts'\nimport { track } from '../telemetry.ts'\nimport { version } from '../version.ts'\n\nfunction shouldUseDevice(force: boolean): boolean {\n  if (force)\n    return true\n  if (process.env.BROWSER)\n    return false\n  if (process.platform === 'darwin' || process.platform === 'win32')\n    return false\n  return !process.env.DISPLAY && !process.env.WAYLAND_DISPLAY\n}\n\nexport const loginCommandDef = defineCommand({\n  meta: { name: 'login', description: 'Authenticate with skilld.dev' },\n  args: {\n    device: { type: 'boolean', description: 'Use RFC 8628 device flow' },\n  },\n  async run({ args }) {\n    const registryBase = getRegistryBase()\n\n    if (isGhaOidcAvailable()) {\n      const spin = p.spinner()\n      spin.start('Exchanging GitHub Actions OIDC token')\n      const tokens = await runOidcExchange({ registryBase })\n      spin.stop(`Authenticated as @${tokens.login} (oidc)`)\n      await saveSession({\n        login: tokens.login,\n        accessToken: tokens.accessToken,\n        expiresAt: tokens.expiresAt,\n        tokens: { accessToken: tokens.accessToken },\n      })\n      track({ event: 'auth-flow', surface: 'cli:auth', flow: 'oidc' })\n      process.exit(0)\n    }\n\n    if (shouldUseDevice(!!args.device)) {\n      const tokens = await runDeviceFlow({\n        registryBase,\n        cliVersion: version,\n        onUserCode: ({ userCode, verificationUri }) => {\n          p.log.info(`Visit ${styleText('cyan', verificationUri)} and enter ${styleText('bold', userCode)}`)\n        },\n      })\n      await saveSession({\n        login: tokens.login,\n        accessToken: tokens.accessToken,\n        refreshToken: tokens.refreshToken,\n        expiresAt: tokens.expiresAt,\n        tokens: { accessToken: tokens.accessToken, refreshToken: tokens.refreshToken },\n      })\n      track({ event: 'auth-flow', surface: 'cli:auth', flow: 'device' })\n      p.log.success(`Logged in as @${tokens.login}`)\n      process.exit(0)\n    }\n\n    p.log.info('Opening browser to authenticate…')\n    const tokens = await runPkceFlow({ registryBase, cliVersion: version })\n    await saveSession({\n      login: tokens.login,\n      accessToken: tokens.accessToken,\n      refreshToken: tokens.refreshToken,\n      expiresAt: tokens.expiresAt,\n      tokens: { accessToken: tokens.accessToken, refreshToken: tokens.refreshToken },\n    })\n    track({ event: 'auth-flow', surface: 'cli:auth', flow: 'pkce' })\n    p.log.success(`Logged in as @${tokens.login}`)\n    // Node's global fetch keep-alive pool + telemetry fire-and-forget leave\n    // sockets ref'd; force exit so we don't wait for the 4s idle timeout.\n    process.exit(0)\n  },\n})\n"],"mappings":";;;;;;;;;;;AAoBA,eAAsB,cAAc,MAAiD;CACnF,MAAM,QAAQ,MAAM,OAA4B,GAAG,KAAK,aAAa,oBAAoB;EACvF,QAAQ;EACR,MAAM;GAAE,aAAa,KAAK;GAAY,cAAc,KAAK;GAAa;EACvE,CAAC;CAEF,KAAK,WAAW;EAAE,UAAU,MAAM;EAAW,iBAAiB,MAAM;EAAkB,CAAC;CAEvF,MAAM,WAAW,KAAK,KAAK,GAAG,MAAM,aAAa;CACjD,MAAM,WAAW,KAAK,cAAc,MAAM,WAAW;CAErD,OAAO,KAAK,KAAK,GAAG,UAAU;EAC5B,MAAM,IAAI,SAAQ,YAAW,WAAW,SAAS,SAAS,CAAC;EAC3D,MAAM,OAAO,MAAM,OAA2B,GAAG,KAAK,aAAa,mBAAmB;GACpF,QAAQ;GACR,MAAM,EAAE,aAAa,MAAM,aAAa;GACzC,CAAC,CAAC,YAAY,KAAK;EAEpB,IAAI,CAAC,QAAQ,KAAK,WAAW,WAC3B;EACF,IAAI,KAAK,WAAW,WAClB,MAAM,IAAI,MAAM,2CAA2C;EAC7D,IAAI,KAAK,WAAW,UAClB,MAAM,IAAI,MAAM,8BAA8B;EAChD,IAAI,KAAK,WAAW,gBAAgB,KAAK,QACvC,OAAO,KAAK;;CAGhB,MAAM,IAAI,MAAM,iCAAiC;;AClCnD,SAAgB,qBAA8B;CAC5C,OAAO,CAAC,EAAE,QAAQ,IAAI,kCAAkC,QAAQ,IAAI;;AAGtE,eAAsB,gBAAgB,MAA2E;CAC/G,MAAM,QAAQ,QAAQ,IAAI;CAC1B,MAAM,MAAM,QAAQ,IAAI;CACxB,IAAI,CAAC,SAAS,CAAC,KACb,MAAM,IAAI,MAAM,gEAAgE;CAElF,MAAM,WAAW,KAAK,YAAY;CAClC,MAAM,UAAU,MAAM,OAAwB,GAAG,IAAI,YAAY,mBAAmB,SAAS,IAAI,EAC/F,SAAS,EAAE,eAAe,UAAU,SAAS,EAC9C,CAAC;CAEF,OAAO,OAAsB,GAAG,KAAK,aAAa,qBAAqB;EACrE,QAAQ;EACR,MAAM,EAAE,UAAU,QAAQ,OAAO;EAClC,CAAC;;AChBJ,MAAM,eAAe;;;AAIrB,SAAS,WAAW,KAAa;CAC/B,OAAO;;4BAEmB,IAAI;;AAUhC,MAAM,UAAU;AAChB,MAAM,WAAW;AACjB,MAAM,QAAQ;AACd,MAAM,oBAAoB;AAC1B,MAAM,kBAAkB;AAExB,SAAS,UAAU,KAAqB;CACtC,OAAO,IAAI,SAAS,SAAS,CAAC,QAAQ,SAAS,IAAI,CAAC,QAAQ,UAAU,IAAI,CAAC,QAAQ,OAAO,GAAG;;AAG/F,SAAS,mBAA2B;CAClC,OAAO,UAAU,YAAY,GAAG,CAAC;;AAGnC,SAAS,sBAAsB,UAA0B;CACvD,OAAO,UAAU,WAAW,SAAS,CAAC,OAAO,SAAS,CAAC,QAAQ,CAAC;;AAGlE,eAAsB,YAAY,MAA+C;CAC/E,MAAM,WAAW,kBAAkB;CACnC,MAAM,YAAY,sBAAsB,SAAS;CACjD,MAAM,QAAQ,UAAU,YAAY,GAAG,CAAC;CAExC,MAAM,EAAE,MAAM,QAAQ,YAAY,MAAM,aAAa,MAAM;CAC3D,MAAM,kBAAkB,IAAI,IAAI,GAAG,KAAK,aAAa,QAAQ,mBAAmB,GAAG,CAAC,QAAQ,iBAAiB,GAAG,CAAC,gBAAgB;CACjI,gBAAgB,aAAa,IAAI,aAAa,UAAU;CACxD,gBAAgB,aAAa,IAAI,QAAQ,OAAO,KAAK,CAAC;CACtD,gBAAgB,aAAa,IAAI,SAAS,MAAM;CAChD,gBAAgB,aAAa,IAAI,KAAK,KAAK,WAAW;CAEtD,OAAO,KAAK,eAAe,oBAAoB,gBAAgB,UAAU,CAAC;CAE1E,IAAI;EACF,MAAM,OAAO,MAAM,QAAQ,KAAK,CAC9B,SACA,IAAI,SAAgB,GAAG,WAAW,iBAAiB,uBAAO,IAAI,MAAM,sBAAsB,CAAC,EAAE,KAAK,aAAa,IAAI,IAAO,CAAC,CAC5H,CAAC;EAEF,OAAO,MAAM,OAAsB,GAAG,KAAK,aAAa,mBAAmB;GACzE,QAAQ;GACR,MAAM;IAAE;IAAM,eAAe;IAAU,cAAc,oBAAoB,KAAK;IAAI;GACnF,CAAC;WAEI;EACN,OAAO,OAAO;;;AAUlB,eAAe,aAAa,eAAiD;CAC3E,IAAI;CACJ,IAAI;CACJ,MAAM,UAAU,IAAI,SAAiB,KAAK,QAAQ;EAChD,cAAc;EACd,aAAa;GACb;CAEF,MAAM,WAAW,KAA0C,QAAkD;EAC3G,MAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,mBAAmB;EACvD,MAAM,OAAO,IAAI,aAAa,IAAI,OAAO;EACzC,MAAM,QAAQ,IAAI,aAAa,IAAI,QAAQ;EAC3C,IAAI,CAAC,QAAQ,UAAU,eAAe;GACpC,IAAI,UAAU,KAAK,EAAE,gBAAgB,aAAa,CAAC,CAAC,IAAI,WAAW,sCAAsC,CAAC;GAC1G,2BAAW,IAAI,MAAM,+CAA+C,CAAC;GACrE;;EAEF,IAAI,UAAU,KAAK,EAAE,gBAAgB,aAAa,CAAC,CAAC,IAAI,aAAa;EACrE,YAAY,KAAK;;CAGnB,MAAM,KAAK,aAAa,QAAQ;CAChC,MAAM,KAAK,aAAa,QAAQ;CAEhC,MAAM,IAAI,SAAe,SAAS,WAAW;EAC3C,GAAG,KAAK,SAAS,OAAO,CAAC,OAAO,GAAG,mBAAmB,SAAS,CAAC;GAChE;CACF,MAAM,OAAQ,GAAG,SAAS,CAAiB;CAC3C,MAAM,IAAI,SAAe,YAAY;EACnC,GAAG,KAAK,eAAe,SAAS,CAAC,CAAC,OAAO,MAAM,aAAa,SAAS,CAAC;GACtE;CAEF,MAAM,cAAoB;EAGxB,GAAG,qBAAqB;EACxB,GAAG,qBAAqB;EACxB,GAAG,OAAO;EACV,GAAG,OAAO;;CAGZ,OAAO;EACL;EACA,QAAQ,EAAE,OAAO;EACjB;EACD;;AAGH,SAAS,mBAAmB,KAAmB;CAM7C,MALY,QAAQ,aAAa,WAC7B,SACA,QAAQ,aAAa,UACnB,UACA,YACK,CAAC,IAAI,EAAE;EAAE,OAAO;EAAU,UAAU;EAAM,CAAC,CAAC,OAAO;;;;;;;;;CCzHhE,MAAA;EACE,MAAI;EAEJ,aAAY;EAEZ;CAEA,MAAA,EAAQ,QAAQ;;EAGlB,aAAa;EACX,EAAA;OAAQ,IAAM,EAAA,QAAA;EAAS,MAAA,eAAa,iBAAA;EAAgC,IAAA,oBAAA,EAAA;GACpE,MACE,OAAA,EAAQ,SAAA;GAAE,KAAM,MAAA,uCAAA;GAAW,MAAA,SAAa,MAAA,gBAAA,EAAA,cAAA,CAAA;GAA4B,KACrE,KAAA,qBAAA,OAAA,MAAA,SAAA;GACD,MAAM,YAAc;IAClB,OAAM,OAAA;IAEN,aAAI,OAAA;IACF,WAAM,OAAS;IACf,QAAK,EAAM,aAAA,OAAA,aAAA;IACX,CAAA;GACA,MAAK;IACL,OAAM;IACJ,SAAO;IACP,MAAA;IACA,CAAA;WACA,KAAU,EAAA;;MAEZ,gBAAM,CAAA,CAAA,KAAA,OAAA,EAAA;SAAE,SAAO,MAAA,cAAA;IAAa;IAAqB,YAAM;IAAQ,aAAC,EAAA,UAAA,sBAAA;KAChE,EAAA,IAAQ,KAAK,SAAE,UAAA,QAAA,gBAAA,CAAA,aAAA,UAAA,QAAA,SAAA,GAAA;;IAGjB,CAAA;GACE,MAAM,YAAS;IACb,OAAA,OAAA;IACA,aAAY,OAAA;IACZ,cAAa,OAAE;eACP,OAAK;;KAEb,aAAA,OAAA;KACF,cAAM,OAAY;KAChB;IACA,CAAA;SACA;IACA,OAAA;IACA,SAAQ;UAAE;KAAiC;KAAmC,IAAA,QAAA,iBAAA,OAAA,QAAA;WAC9E,KAAA,EAAA;;IACM,IAAA,KAAO,mCAAA;QAAa,SAAS,MAAA,YAAA;;eAA6B;GAClE,CAAA;QACA,YAAe;;GAGjB,aAAW,OAAA;GACX,cAAe,OAAM;GAAc,WAAA,OAAA;GAAc,QAAA;IAAsB,aAAA,OAAA;IACvE,cAAM,OAAY;IAChB;GACA,CAAA;QACA;GACA,OAAA;GACA,SAAQ;SAAE;IAAiC;IAAmC,IAAA,QAAA,iBAAA,OAAA,QAAA;UAC9E,KAAA,EAAA;;;SACqD"}

package/dist/_chunks/logout.mjs

@@ -0,0 +1,27 @@
+import { n as loadSession, t as clearSession } from "./store.mjs";
+import { i as getRegistryBase } from "./client.mjs";
+import * as p from "@clack/prompts";
+import { defineCommand } from "citty";
+import { ofetch } from "ofetch";
+const logoutCommandDef = defineCommand({
+	meta: {
+		name: "logout",
+		description: "Sign out of skilld.dev"
+	},
+	async run() {
+		const session = await loadSession();
+		if (!session) {
+			p.log.info("Not logged in.");
+			return;
+		}
+		await ofetch(`${getRegistryBase()}/cli/logout`, {
+			method: "POST",
+			headers: { Authorization: `Bearer ${session.accessToken}` }
+		}).catch(() => {});
+		await clearSession();
+		p.log.success("Logged out.");
+	}
+});
+export { logoutCommandDef };
+
+//# sourceMappingURL=logout.mjs.map

package/dist/_chunks/logout.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.mjs","names":[],"sources":["../../src/commands/logout.ts"],"sourcesContent":["/**\n * `skilld logout` — revoke the active session server-side and clear local credentials.\n * Local state is cleared even if the server revoke fails.\n */\n\nimport * as p from '@clack/prompts'\nimport { defineCommand } from 'citty'\nimport { ofetch } from 'ofetch'\nimport { clearSession, loadSession } from '../auth/store.ts'\nimport { getRegistryBase } from '../registry/client.ts'\n\nexport const logoutCommandDef = defineCommand({\n  meta: { name: 'logout', description: 'Sign out of skilld.dev' },\n  async run() {\n    const session = await loadSession()\n    if (!session) {\n      p.log.info('Not logged in.')\n      return\n    }\n\n    await ofetch(`${getRegistryBase()}/cli/logout`, {\n      method: 'POST',\n      headers: { Authorization: `Bearer ${session.accessToken}` },\n    }).catch(() => {})\n\n    await clearSession()\n    p.log.success('Logged out.')\n  },\n})\n"],"mappings":";;;;;;;;EAWA,aAAa;EACX;OAAQ,MAAM;EAAU,MAAA,UAAa,MAAA,aAAA;EAA0B,IAAA,CAAA,SAAA;GAC/D,EAAA,IAAM,KAAM,iBAAA;GACV;;QAEI,OAAS,GAAA,iBAAiB,CAAA,cAAA;GAC5B,QAAA;;GAGF,CAAA,CAAA,YAAa,GAAG;QACd,cAAQ;IACR,IAAA,QAAW,cAAe;;EAG5B"}

package/dist/_chunks/map.mjs

@@ -0,0 +1,11 @@
+function mapInsert(map, key, create) {
+	let val = map.get(key);
+	if (val === void 0) {
+		val = create();
+		map.set(key, val);
+	}
+	return val;
+}
+export { mapInsert as t };
+
+//# sourceMappingURL=map.mjs.map

package/dist/_chunks/map.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"map.mjs","names":[],"sources":["../../src/core/map.ts"],"sourcesContent":["/** Get-or-create for Maps. Polyfill for Map.getOrInsertComputed (not yet in Node.js). */\nexport function mapInsert<K, V>(map: Map<K, V>, key: K, create: () => V): V {\n  let val = map.get(key)\n  if (val === undefined) {\n    val = create()\n    map.set(key, val)\n  }\n  return val\n}\n"],"mappings":"AACA,SAAgB,UAAgB,KAAgB,KAAQ,QAAoB;CAC1E,IAAI,MAAM,IAAI,IAAI,IAAI;CACtB,IAAI,QAAQ,KAAA,GAAW;EACrB,MAAM,QAAQ;EACd,IAAI,IAAI,KAAK,IAAI;;CAEnB,OAAO"}

package/dist/_chunks/markdown.mjs

@@ -1,76 +1,101 @@
 import { n as yamlParseKV } from "./yaml.mjs";
-import { fromMarkdown } from "mdast-util-from-markdown";
-import { frontmatterFromMarkdown } from "mdast-util-frontmatter";
-import { toString } from "mdast-util-to-string";
-import { frontmatter } from "micromark-extension-frontmatter";
-import { visit } from "unist-util-visit";
-function parseMd(content) {
-	const tree = fromMarkdown(content, {
-		extensions: [frontmatter(["yaml"])],
-		mdastExtensions: [frontmatterFromMarkdown(["yaml"])]
-	});
-	const fm = {};
-	visit(tree, "yaml", (node) => {
-		if (node.type === "yaml") for (const line of node.value.split("\n")) {
-			const kv = yamlParseKV(line);
-			if (kv) fm[kv[0]] = kv[1];
-		}
-	});
-	return {
-		tree,
-		frontmatter: fm
-	};
+const FRONTMATTER_RE = /^---\r?\n([\s\S]*?)\r?\n---\r?\n?/;
+const HEADING_LINE_RE = /^(#{1,6})[ \t]+([^ \t\r\n][^\r\n]*)$/gm;
+const ANCHOR_RE = /\s*\{#[^}]+\}\s*$/;
+const BACKSLASH_PREFIX_RE = /^\\+\s*/;
+const INLINE_CODE_RE = /`([^`]+)`/g;
+const LINK_RE = /(?<!!)\[([^\]]+)\]\(([^)\s]+)(?:\s+"[^"]*")?\)/g;
+const HEADING_START_RE = /^#{1,6}\s/;
+const BLOCKQUOTE_START_RE = /^>\s?/;
+const LIST_ITEM_START_RE = /^[-*+]\s/;
+const ORDERED_LIST_ITEM_START_RE = /^\d+\.\s/;
+const TABLE_ROW_START_RE = /^\|/;
+const INDENTED_CODE_START_RE = /^ {4}/;
+const FENCE_START_RE = /^\s*```/;
+const MARKDOWN_LINK_RE = /\[([^\]]+)\]\([^)]+\)/g;
+const MARKDOWN_FORMATTING_RE = /[`*_~]/g;
+const FENCED_CODE_BLOCK_RE = /```[\s\S]*?```/g;
+const INLINE_CODE_SPAN_RE = /`[^`\n]*`/g;
+function stripFrontmatter(content) {
+	const m = content.match(FRONTMATTER_RE);
+	return m ? content.slice(m[0].length).trim() : content;
 }
 function parseFrontmatter(content) {
-	return parseMd(content).frontmatter;
+	const m = content.match(FRONTMATTER_RE);
+	if (!m) return {};
+	const fm = {};
+	for (const line of m[1].split("\n")) {
+		const kv = yamlParseKV(line);
+		if (kv) fm[kv[0]] = kv[1];
+	}
+	return fm;
 }
-function stripHeadingAnchors(text) {
-	return text.replace(/\s*\{#[^}]+\}\s*$/, "").trim();
+function cleanHeadingText(raw) {
+	return raw.replace(ANCHOR_RE, "").replace(BACKSLASH_PREFIX_RE, "").replace(INLINE_CODE_RE, "$1").trim();
 }
 function extractTitle(content) {
-	const { tree, frontmatter: fm } = parseMd(content);
+	const fm = parseFrontmatter(content);
 	if (fm.title) return fm.title;
-	let title = null;
-	visit(tree, "heading", (node) => {
-		if (node.depth === 1 && !title) {
-			const text = stripHeadingAnchors(toString(node)).replace(/^\\+\s*/, "").trim();
-			if (text.length > 0) title = text;
-		}
-	});
-	return title;
+	const body = stripFrontmatter(content);
+	for (const m of body.matchAll(HEADING_LINE_RE)) if (m[1] === "#") {
+		const text = cleanHeadingText(m[2]);
+		if (text) return text;
+	}
+	return null;
+}
+function isBlockStarter(trimmed, raw) {
+	return HEADING_START_RE.test(trimmed) || BLOCKQUOTE_START_RE.test(trimmed) || LIST_ITEM_START_RE.test(trimmed) || ORDERED_LIST_ITEM_START_RE.test(trimmed) || TABLE_ROW_START_RE.test(trimmed) || trimmed.startsWith("<") || INDENTED_CODE_START_RE.test(raw);
 }
 function extractDescription(content) {
-	const { tree } = parseMd(content);
-	let desc = null;
-	visit(tree, "paragraph", (node, _index, parent) => {
-		if (desc || parent?.type !== "root") return;
-		const text = toString(node).trim();
-		if (text.length === 0) return;
-		let clean = text.replace(/\[([^\]]+)\]\([^)]+\)/g, "$1").replace(/[`*_~]/g, "");
+	const lines = stripFrontmatter(content).split("\n");
+	let inFence = false;
+	let inHtml = false;
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		if (FENCE_START_RE.test(line)) {
+			inFence = !inFence;
+			continue;
+		}
+		if (inFence) continue;
+		const trimmed = line.trim();
+		if (inHtml) {
+			if (!trimmed) inHtml = false;
+			continue;
+		}
+		if (trimmed.startsWith("<")) {
+			inHtml = true;
+			continue;
+		}
+		if (!trimmed || isBlockStarter(trimmed, line)) continue;
+		let para = trimmed;
+		for (let j = i + 1; j < lines.length; j++) {
+			const next = lines[j];
+			const nextTrim = next.trim();
+			if (!nextTrim || isBlockStarter(nextTrim, next)) break;
+			para += ` ${nextTrim}`;
+		}
+		let clean = para.replace(MARKDOWN_LINK_RE, "$1").replace(MARKDOWN_FORMATTING_RE, "");
 		if (clean.length > 150) clean = `${clean.slice(0, 147)}...`;
-		desc = clean;
-	});
-	return desc;
+		return clean;
+	}
+	return null;
 }
 function extractLinks(content) {
-	const { tree } = parseMd(content);
+	const sanitized = stripFrontmatter(content).replace(FENCED_CODE_BLOCK_RE, "").replace(INLINE_CODE_SPAN_RE, "");
 	const links = [];
 	const seen = /* @__PURE__ */ new Set();
-	visit(tree, "link", (node) => {
-		if (!seen.has(node.url)) {
-			seen.add(node.url);
+	for (const m of sanitized.matchAll(LINK_RE)) {
+		const url = m[2];
+		if (!seen.has(url)) {
+			seen.add(url);
 			links.push({
-				title: toString(node),
-				url: node.url
+				title: m[1],
+				url
 			});
 		}
-	});
+	}
 	return links;
 }
-function stripFrontmatter(content) {
-	const match = content.match(/^---\r?\n[\s\S]*?\r?\n---\r?\n/);
-	return match ? content.slice(match[0].length).trim() : content;
-}
 export { stripFrontmatter as a, parseFrontmatter as i, extractLinks as n, extractTitle as r, extractDescription as t };
 
 //# sourceMappingURL=markdown.mjs.map

package/dist/_chunks/markdown.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"markdown.mjs","names":[],"sources":["../../src/core/markdown.ts"],"sourcesContent":["/**\n * AST-based markdown parsing using mdast/micromark.\n * Replaces scattered regex-based frontmatter/heading/link extraction.\n */\n\nimport type { Nodes, Root } from 'mdast'\nimport { fromMarkdown } from 'mdast-util-from-markdown'\nimport { frontmatterFromMarkdown } from 'mdast-util-frontmatter'\nimport { toString } from 'mdast-util-to-string'\nimport { frontmatter } from 'micromark-extension-frontmatter'\nimport { visit } from 'unist-util-visit'\nimport { yamlParseKV } from './yaml.ts'\n\nexport interface MdHeading {\n  depth: number\n  text: string\n}\n\nexport interface MdLink {\n  title: string\n  url: string\n}\n\nexport interface ParsedMd {\n  tree: Root\n  frontmatter: Record<string, string>\n}\n\n/** Parse markdown string to AST + frontmatter key-values */\nexport function parseMd(content: string): ParsedMd {\n  const tree = fromMarkdown(content, {\n    extensions: [frontmatter(['yaml'])],\n    mdastExtensions: [frontmatterFromMarkdown(['yaml'])],\n  })\n\n  const fm: Record<string, string> = {}\n  visit(tree, 'yaml', (node: Nodes) => {\n    if (node.type === 'yaml') {\n      for (const line of (node as any).value.split('\\n')) {\n        const kv = yamlParseKV(line)\n        if (kv)\n          fm[kv[0]] = kv[1]\n      }\n    }\n  })\n\n  return { tree, frontmatter: fm }\n}\n\n/** Extract frontmatter key-value pairs only */\nexport function parseFrontmatter(content: string): Record<string, string> {\n  return parseMd(content).frontmatter\n}\n\n/** Strip custom heading anchors like {#some-id} */\nfunction stripHeadingAnchors(text: string): string {\n  return text.replace(/\\s*\\{#[^}]+\\}\\s*$/, '').trim()\n}\n\n/** Extract title: frontmatter title > first h1 > null */\nexport function extractTitle(content: string): string | null {\n  const { tree, frontmatter: fm } = parseMd(content)\n  if (fm.title)\n    return fm.title\n\n  let title: string | null = null\n  visit(tree, 'heading', (node) => {\n    if (node.depth === 1 && !title) {\n      // Strip {#id} anchors and leading backslash escapes (e.g. `# \\`)\n      const text = stripHeadingAnchors(toString(node)).replace(/^\\\\+\\s*/, '').trim()\n      if (text.length > 0)\n        title = text\n    }\n  })\n\n  return title\n}\n\n/** Extract first paragraph text, 150 char max */\nexport function extractDescription(content: string): string | null {\n  const { tree } = parseMd(content)\n\n  let desc: string | null = null\n  visit(tree, 'paragraph', (node, _index, parent) => {\n    // Only top-level paragraphs (skip blockquote children, list items, etc.)\n    if (desc || parent?.type !== 'root')\n      return\n\n    const text = toString(node).trim()\n    if (text.length === 0)\n      return\n\n    // Strip markdown link syntax remnants and formatting chars\n    let clean = text.replace(/\\[([^\\]]+)\\]\\([^)]+\\)/g, '$1').replace(/[`*_~]/g, '')\n    if (clean.length > 150)\n      clean = `${clean.slice(0, 147)}...`\n    desc = clean\n  })\n\n  return desc\n}\n\n/** Extract all headings with depth and text */\nexport function extractHeadings(content: string): MdHeading[] {\n  const { tree } = parseMd(content)\n  const headings: MdHeading[] = []\n\n  visit(tree, 'heading', (node) => {\n    headings.push({ depth: node.depth, text: stripHeadingAnchors(toString(node)) })\n  })\n\n  return headings\n}\n\n/** Extract all links (deduped by url) */\nexport function extractLinks(content: string): MdLink[] {\n  const { tree } = parseMd(content)\n  const links: MdLink[] = []\n  const seen = new Set<string>()\n\n  visit(tree, 'link', (node) => {\n    if (!seen.has(node.url)) {\n      seen.add(node.url)\n      links.push({ title: toString(node), url: node.url })\n    }\n  })\n\n  return links\n}\n\n/** Strip frontmatter block, return body only */\nexport function stripFrontmatter(content: string): string {\n  const match = content.match(/^---\\r?\\n[\\s\\S]*?\\r?\\n---\\r?\\n/)\n  return match ? content.slice(match[0].length).trim() : content\n}\n"],"mappings":";;;;;;AA6BA,SAAgB,QAAQ,SAA2B;CACjD,MAAM,OAAO,aAAa,SAAS;EACjC,YAAY,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;EACnC,iBAAiB,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;EACrD,CAAC;CAEF,MAAM,KAA6B,EAAE;CACrC,MAAM,MAAM,SAAS,SAAgB;EACnC,IAAI,KAAK,SAAS,QAChB,KAAK,MAAM,QAAS,KAAa,MAAM,MAAM,KAAK,EAAE;GAClD,MAAM,KAAK,YAAY,KAAK;GAC5B,IAAI,IACF,GAAG,GAAG,MAAM,GAAG;;GAGrB;CAEF,OAAO;EAAE;EAAM,aAAa;EAAI;;AAIlC,SAAgB,iBAAiB,SAAyC;CACxE,OAAO,QAAQ,QAAQ,CAAC;;AAI1B,SAAS,oBAAoB,MAAsB;CACjD,OAAO,KAAK,QAAQ,qBAAqB,GAAG,CAAC,MAAM;;AAIrD,SAAgB,aAAa,SAAgC;CAC3D,MAAM,EAAE,MAAM,aAAa,OAAO,QAAQ,QAAQ;CAClD,IAAI,GAAG,OACL,OAAO,GAAG;CAEZ,IAAI,QAAuB;CAC3B,MAAM,MAAM,YAAY,SAAS;EAC/B,IAAI,KAAK,UAAU,KAAK,CAAC,OAAO;GAE9B,MAAM,OAAO,oBAAoB,SAAS,KAAK,CAAC,CAAC,QAAQ,WAAW,GAAG,CAAC,MAAM;GAC9E,IAAI,KAAK,SAAS,GAChB,QAAQ;;GAEZ;CAEF,OAAO;;AAIT,SAAgB,mBAAmB,SAAgC;CACjE,MAAM,EAAE,SAAS,QAAQ,QAAQ;CAEjC,IAAI,OAAsB;CAC1B,MAAM,MAAM,cAAc,MAAM,QAAQ,WAAW;EAEjD,IAAI,QAAQ,QAAQ,SAAS,QAC3B;EAEF,MAAM,OAAO,SAAS,KAAK,CAAC,MAAM;EAClC,IAAI,KAAK,WAAW,GAClB;EAGF,IAAI,QAAQ,KAAK,QAAQ,0BAA0B,KAAK,CAAC,QAAQ,WAAW,GAAG;EAC/E,IAAI,MAAM,SAAS,KACjB,QAAQ,GAAG,MAAM,MAAM,GAAG,IAAI,CAAC;EACjC,OAAO;GACP;CAEF,OAAO;;AAgBT,SAAgB,aAAa,SAA2B;CACtD,MAAM,EAAE,SAAS,QAAQ,QAAQ;CACjC,MAAM,QAAkB,EAAE;CAC1B,MAAM,uBAAO,IAAI,KAAa;CAE9B,MAAM,MAAM,SAAS,SAAS;EAC5B,IAAI,CAAC,KAAK,IAAI,KAAK,IAAI,EAAE;GACvB,KAAK,IAAI,KAAK,IAAI;GAClB,MAAM,KAAK;IAAE,OAAO,SAAS,KAAK;IAAE,KAAK,KAAK;IAAK,CAAC;;GAEtD;CAEF,OAAO;;AAIT,SAAgB,iBAAiB,SAAyB;CACxD,MAAM,QAAQ,QAAQ,MAAM,iCAAiC;CAC7D,OAAO,QAAQ,QAAQ,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG"}
+{"version":3,"file":"markdown.mjs","names":[],"sources":["../../src/core/markdown.ts"],"sourcesContent":["/**\n * Lightweight regex-based markdown utilities.\n * Operations needed (frontmatter, title, description, links, headings) are\n * simple enough that a full AST stack would be overkill.\n */\n\nimport { yamlParseKV } from './yaml.ts'\n\nexport interface MdLink {\n  title: string\n  url: string\n}\n\nexport interface Heading {\n  depth: number\n  text: string\n}\n\nconst FRONTMATTER_RE = /^---\\r?\\n([\\s\\S]*?)\\r?\\n---\\r?\\n?/\nconst HEADING_LINE_RE = /^(#{1,6})[ \\t]+([^ \\t\\r\\n][^\\r\\n]*)$/gm\nconst ANCHOR_RE = /\\s*\\{#[^}]+\\}\\s*$/\nconst BACKSLASH_PREFIX_RE = /^\\\\+\\s*/\nconst INLINE_CODE_RE = /`([^`]+)`/g\nconst LINK_RE = /(?<!!)\\[([^\\]]+)\\]\\(([^)\\s]+)(?:\\s+\"[^\"]*\")?\\)/g\nconst HEADING_START_RE = /^#{1,6}\\s/\nconst BLOCKQUOTE_START_RE = /^>\\s?/\nconst LIST_ITEM_START_RE = /^[-*+]\\s/\nconst ORDERED_LIST_ITEM_START_RE = /^\\d+\\.\\s/\nconst TABLE_ROW_START_RE = /^\\|/\nconst INDENTED_CODE_START_RE = /^ {4}/\nconst FENCE_START_RE = /^\\s*```/\nconst MARKDOWN_LINK_RE = /\\[([^\\]]+)\\]\\([^)]+\\)/g\nconst MARKDOWN_FORMATTING_RE = /[`*_~]/g\nconst FENCED_CODE_BLOCK_RE = /```[\\s\\S]*?```/g\nconst INLINE_CODE_SPAN_RE = /`[^`\\n]*`/g\n\n/** Strip frontmatter block, return body only. */\nexport function stripFrontmatter(content: string): string {\n  const m = content.match(FRONTMATTER_RE)\n  return m ? content.slice(m[0].length).trim() : content\n}\n\n/** Extract frontmatter key-value pairs. */\nexport function parseFrontmatter(content: string): Record<string, string> {\n  const m = content.match(FRONTMATTER_RE)\n  if (!m)\n    return {}\n  const fm: Record<string, string> = {}\n  for (const line of m[1]!.split('\\n')) {\n    const kv = yamlParseKV(line)\n    if (kv)\n      fm[kv[0]] = kv[1]\n  }\n  return fm\n}\n\nfunction cleanHeadingText(raw: string): string {\n  return raw\n    .replace(ANCHOR_RE, '')\n    .replace(BACKSLASH_PREFIX_RE, '')\n    .replace(INLINE_CODE_RE, '$1')\n    .trim()\n}\n\n/** Extract all headings in document order. */\nexport function extractHeadings(content: string): Heading[] {\n  const body = stripFrontmatter(content)\n  const headings: Heading[] = []\n  for (const m of body.matchAll(HEADING_LINE_RE)) {\n    const text = cleanHeadingText(m[2]!)\n    if (text)\n      headings.push({ depth: m[1]!.length, text })\n  }\n  return headings\n}\n\n/** Extract title: frontmatter title > first h1 > null. */\nexport function extractTitle(content: string): string | null {\n  const fm = parseFrontmatter(content)\n  if (fm.title)\n    return fm.title\n  const body = stripFrontmatter(content)\n  for (const m of body.matchAll(HEADING_LINE_RE)) {\n    if (m[1] === '#') {\n      const text = cleanHeadingText(m[2]!)\n      if (text)\n        return text\n    }\n  }\n  return null\n}\n\nfunction isBlockStarter(trimmed: string, raw: string): boolean {\n  return HEADING_START_RE.test(trimmed)\n    || BLOCKQUOTE_START_RE.test(trimmed)\n    || LIST_ITEM_START_RE.test(trimmed)\n    || ORDERED_LIST_ITEM_START_RE.test(trimmed)\n    || TABLE_ROW_START_RE.test(trimmed)\n    || trimmed.startsWith('<')\n    || INDENTED_CODE_START_RE.test(raw)\n}\n\n/** Extract first top-level paragraph, stripped of formatting, max 150 chars. */\nexport function extractDescription(content: string): string | null {\n  const body = stripFrontmatter(content)\n  const lines = body.split('\\n')\n  let inFence = false\n  let inHtml = false\n\n  for (let i = 0; i < lines.length; i++) {\n    const line = lines[i]!\n    if (FENCE_START_RE.test(line)) {\n      inFence = !inFence\n      continue\n    }\n    if (inFence)\n      continue\n\n    const trimmed = line.trim()\n\n    if (inHtml) {\n      if (!trimmed)\n        inHtml = false\n      continue\n    }\n    if (trimmed.startsWith('<')) {\n      inHtml = true\n      continue\n    }\n\n    if (!trimmed || isBlockStarter(trimmed, line))\n      continue\n\n    let para = trimmed\n    for (let j = i + 1; j < lines.length; j++) {\n      const next = lines[j]!\n      const nextTrim = next.trim()\n      if (!nextTrim || isBlockStarter(nextTrim, next))\n        break\n      para += ` ${nextTrim}`\n    }\n\n    let clean = para.replace(MARKDOWN_LINK_RE, '$1').replace(MARKDOWN_FORMATTING_RE, '')\n    if (clean.length > 150)\n      clean = `${clean.slice(0, 147)}...`\n    return clean\n  }\n\n  return null\n}\n\n/** Extract all links (deduped by url), excluding images and links in code. */\nexport function extractLinks(content: string): MdLink[] {\n  const body = stripFrontmatter(content)\n  const sanitized = body\n    .replace(FENCED_CODE_BLOCK_RE, '')\n    .replace(INLINE_CODE_SPAN_RE, '')\n\n  const links: MdLink[] = []\n  const seen = new Set<string>()\n  for (const m of sanitized.matchAll(LINK_RE)) {\n    const url = m[2]!\n    if (!seen.has(url)) {\n      seen.add(url)\n      links.push({ title: m[1]!, url })\n    }\n  }\n  return links\n}\n"],"mappings":";;;;;AAkBA,MAAM,iBAAiB;AACvB,MAAM,UAAA;AACN,MAAM,mBAAY;AAClB,MAAM,sBAAsB;AAC5B,MAAM,qBAAiB;AACvB,MAAM,6BAAU;AAChB,MAAM,qBAAmB;AACzB,MAAM,yBAAsB;AAC5B,MAAM,iBAAA;AACN,MAAM,mBAAA;AACN,MAAM,yBAAqB;AAC3B,MAAM,uBAAA;AACN,MAAM,sBAAiB;AAEvB,SAAM,iBAAA,SAAyB;CAC/B,MAAM,IAAA,QAAA,MAAA,eAAuB;CAC7B,OAAM,IAAA,QAAA,MAAA,EAAsB,GAAA,OAAA,CAAA,MAAA,GAAA;;SAIpB,iBAAkB,SAAA;CACxB,MAAA,IAAO,QAAI,MAAQ,eAAmB;;;CAIxC,KAAA,MAAgB,QAAA,EAAA,GAAA,MAAiB,KAAyC,EAAA;EACxE,MAAM,KAAI,YAAc,KAAA;EACxB,IAAK,IACH,GAAA,GAAO,MAAE,GAAA;;CAEX,OAAK;;SAEC,iBACa,KAAA;;;AAKrB,SAAS,aAAA,SAAsC;CAC7C,MAAA,KACG,iBAAQ,QACR;;;CAkBL,KAAA,MAAgB,KAAA,KAAa,SAAgC,gBAAA,EAAA,IAAA,EAAA,OAAA,KAAA;EAC3D,MAAM,OAAK,iBAAiB,EAAA,GAAQ;EACpC,IAAI,MAAG,OACL;;CAEF,OAAK;;SAGG,eACK,SAAA,KAAA;;;AAMf,SAAS,mBAAe,SAAiB;CACvC,MAAA,QAAO,iBAAsB,QAAQ,CAAA,MAChC,KAAA;;;CASP,KAAA,IAAgB,IAAA,GAAA,IAAA,MAAA,QAAmB,KAAgC;EAEjE,MAAM,OADO,MAAA;EAEb,IAAI,eAAU,KAAA,KAAA,EAAA;GACd,UAAI,CAAS;GAEb;;EAEE,IAAI,SAAA;QACF,UAAW,KAAA,MAAA;MACX,QAAA;;GAEF;;EAKA,IAAI,QAAQ,WAAA,IAAA,EAAA;GACV,SAAK;GAEL;;EAEF,IAAI,CAAA,WAAQ,eAAiB,SAAA,KAAA,EAAA;MAC3B,OAAS;OACT,IAAA,IAAA,IAAA,GAAA,IAAA,MAAA,QAAA,KAAA;;GAGF,MAAK,WAAW,KAAA,MAAA;GAGhB,IAAI,CAAA,YAAO,eAAA,UAAA,KAAA,EAAA;GACX,QAAS,IAAI;;MAEX,QAAM,KAAA,QAAgB,kBAAM,KAAA,CAAA,QAAA,wBAAA,GAAA;MAC5B,MAAK,SAAY,KAAA,QAAA,GAAe,MAAA,MAAU,GACxC,IAAA,CAAA;SACF;;QAGE;;;CAMN,MAAA,YAAO,iBAAA,QAAA,CAAA,QAAA,sBAAA,GAAA,CAAA,QAAA,qBAAA,GAAA;;;CAIT,KAAA,MAAgB,KAAA,UAAa,SAA2B,QAAA,EAAA;EAEtD,MAAM,MAAA,EAAA;EAIN,IAAA,CAAM,KAAA,IAAkB,IAAE,EAAA;GAC1B,KAAM,IAAA,IAAA;GACN,MAAK,KAAM;IACT,OAAM,EAAA;IACN;IACE,CAAA;;;QAC2B"}

package/dist/_chunks/menu.mjs

@@ -0,0 +1,33 @@
+import * as p from "@clack/prompts";
+var MenuCancel = class extends Error {
+	name = "MenuCancel";
+};
+function guard(value) {
+	if (p.isCancel(value)) throw new MenuCancel();
+	return value;
+}
+async function menuLoop(opts) {
+	while (true) {
+		const options = await opts.options();
+		const initial = typeof opts.initialValue === "function" ? opts.initialValue() : opts.initialValue;
+		const choice = opts.searchable ? await p.autocomplete({
+			message: opts.message,
+			options,
+			...initial != null ? { initialValue: initial } : {}
+		}) : await p.select({
+			message: opts.message,
+			options,
+			...initial != null ? { initialValue: initial } : {}
+		});
+		if (p.isCancel(choice)) return;
+		try {
+			if (await opts.onSelect(choice)) return;
+		} catch (err) {
+			if (err instanceof MenuCancel) continue;
+			throw err;
+		}
+	}
+}
+export { menuLoop as n, guard as t };
+
+//# sourceMappingURL=menu.mjs.map

package/dist/_chunks/menu.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"menu.mjs","names":[],"sources":["../../src/cli/menu.ts"],"sourcesContent":["import * as p from '@clack/prompts'\n\nexport class MenuCancel extends Error { override name = 'MenuCancel' }\n\nexport function guard<T>(value: T | symbol): T {\n  if (p.isCancel(value))\n    throw new MenuCancel()\n  return value as T\n}\n\nexport interface MenuOption {\n  label: string\n  value: string\n  hint?: string\n}\n\nexport async function menuLoop(opts: {\n  message: string\n  options: () => MenuOption[] | Promise<MenuOption[]>\n  onSelect: (value: string) => Promise<boolean | void>\n  initialValue?: string | (() => string | undefined)\n  searchable?: boolean\n}): Promise<void> {\n  while (true) {\n    const options = await opts.options()\n    const initial = typeof opts.initialValue === 'function' ? opts.initialValue() : opts.initialValue\n    const choice = opts.searchable\n      ? await p.autocomplete({ message: opts.message, options, ...(initial != null ? { initialValue: initial } : {}) })\n      : await p.select({ message: opts.message, options, ...(initial != null ? { initialValue: initial } : {}) })\n    if (p.isCancel(choice))\n      return\n    try {\n      if (await opts.onSelect(choice as string))\n        return\n    }\n    catch (err) {\n      if (err instanceof MenuCancel)\n        continue\n      throw err\n    }\n  }\n}\n"],"mappings":";AAEA,IAAa,aAAb,cAAgC,MAAM;CAAE,OAAgB;;AAExD,SAAgB,MAAS,OAAsB;CAC7C,IAAI,EAAE,SAAS,MAAM,EACnB,MAAM,IAAI,YAAY;CACxB,OAAO;;AAST,eAAsB,SAAS,MAMb;CAChB,OAAO,MAAM;EACX,MAAM,UAAU,MAAM,KAAK,SAAS;EACpC,MAAM,UAAU,OAAO,KAAK,iBAAiB,aAAa,KAAK,cAAc,GAAG,KAAK;EACrF,MAAM,SAAS,KAAK,aAChB,MAAM,EAAE,aAAa;GAAE,SAAS,KAAK;GAAS;GAAS,GAAI,WAAW,OAAO,EAAE,cAAc,SAAS,GAAG,EAAE;GAAG,CAAC,GAC/G,MAAM,EAAE,OAAO;GAAE,SAAS,KAAK;GAAS;GAAS,GAAI,WAAW,OAAO,EAAE,cAAc,SAAS,GAAG,EAAE;GAAG,CAAC;EAC7G,IAAI,EAAE,SAAS,OAAO,EACpB;EACF,IAAI;GACF,IAAI,MAAM,KAAK,SAAS,OAAiB,EACvC;WAEG,KAAK;GACV,IAAI,eAAe,YACjB;GACF,MAAM"}

package/dist/_chunks/model-picker.mjs

@@ -0,0 +1,61 @@
+import { styleText } from "node:util";
+import * as p from "@clack/prompts";
+const OAUTH_NOTE = `${styleText("yellow", "⚠")}  OAuth providers are disabled.\n\nConsumer subscription OAuth impersonates official CLI clients and\nviolates provider Terms of Service, risking account bans.\n\nUse API keys or native CLI tools instead:\n  ${styleText("cyan", "ANTHROPIC_API_KEY")} / ${styleText("cyan", "claude")} CLI\n  ${styleText("cyan", "OPENAI_API_KEY")}   / ${styleText("cyan", "codex")} CLI\n  ${styleText("cyan", "GEMINI_API_KEY")}   / ${styleText("cyan", "gemini")} CLI`;
+const NO_MODELS_MESSAGE = `No enhancement models detected.\n  ${styleText("gray", "Skills work fine without this, you get raw docs, issues, and types.\n  Enhancement compresses them into a concise cheat sheet with gotchas.")}\n\n  To connect a model (optional):\n  1. Set an env var: ANTHROPIC_API_KEY, GEMINI_API_KEY, or OPENAI_API_KEY\n  2. Install a CLI tool: ${styleText("cyan", "claude")}, ${styleText("cyan", "gemini")}, or ${styleText("cyan", "codex")} (restart wizard after)`;
+function groupModelsByProvider(models) {
+	const byVendor = /* @__PURE__ */ new Map();
+	for (const m of models) {
+		const key = m.vendorGroup ?? m.provider;
+		if (!byVendor.has(key)) byVendor.set(key, {
+			name: key,
+			models: []
+		});
+		byVendor.get(key).models.push(m);
+	}
+	return byVendor;
+}
+async function pickModel(models, opts = {}) {
+	const byProvider = groupModelsByProvider(models);
+	const before = opts.before ?? [];
+	const after = opts.after ?? [];
+	if (byProvider.size === 1 && before.length === 0) {
+		const [, group] = [...byProvider.entries()][0];
+		const choice = await p.select({
+			message: `${group.name}`,
+			options: [...group.models.map((m) => ({
+				label: m.recommended ? `${m.name} (recommended - fast and cheap)` : m.name,
+				value: m.id,
+				hint: m.hint
+			})), ...after]
+		});
+		return p.isCancel(choice) ? null : choice;
+	}
+	const providerChoice = await p.select({
+		message: "Select provider",
+		options: [
+			...before,
+			...Array.from(byProvider.entries(), ([key, { name, models: ms }]) => ({
+				label: name,
+				value: key,
+				hint: `${ms.length} models`
+			})),
+			...after
+		]
+	});
+	if (p.isCancel(providerChoice)) return null;
+	const providerStr = providerChoice;
+	if (before.some((o) => o.value === providerStr) || after.some((o) => o.value === providerStr)) return providerStr;
+	const group = byProvider.get(providerStr);
+	const modelChoice = await p.select({
+		message: `Select model (${group.name})`,
+		options: group.models.map((m) => ({
+			label: m.recommended ? `${m.name} (recommended - fast and cheap)` : m.name,
+			value: m.id,
+			hint: m.hint
+		}))
+	});
+	return p.isCancel(modelChoice) ? null : modelChoice;
+}
+export { OAUTH_NOTE as n, pickModel as r, NO_MODELS_MESSAGE as t };
+
+//# sourceMappingURL=model-picker.mjs.map