skillli 0.1.0

package/dist/index.cjs

@@ -0,0 +1,1025 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  SkillMetadataSchema: () => SkillMetadataSchema,
+  VERSION: () => VERSION,
+  computeTrustScore: () => computeTrustScore,
+  createSkillliMcpServer: () => createSkillliMcpServer,
+  extractManifest: () => extractManifest,
+  fetchIndex: () => fetchIndex,
+  formatRating: () => formatRating,
+  getConfig: () => getConfig,
+  getInstalledSkills: () => getInstalledSkills,
+  getLocalIndex: () => getLocalIndex,
+  getRatings: () => getRatings,
+  getSkillEntry: () => getSkillEntry,
+  installFromGithub: () => installFromGithub,
+  installFromLocal: () => installFromLocal,
+  installFromRegistry: () => installFromRegistry,
+  linkToClaudeSkills: () => linkToClaudeSkills,
+  packageSkill: () => packageSkill,
+  parseSkillContent: () => parseSkillContent,
+  parseSkillFile: () => parseSkillFile,
+  runSafeguards: () => runSafeguards,
+  search: () => search,
+  searchByCategory: () => searchByCategory,
+  searchByTags: () => searchByTags,
+  submitRating: () => submitRating,
+  syncIndex: () => syncIndex,
+  trawl: () => trawl,
+  uninstall: () => uninstall,
+  validateMetadata: () => validateMetadata
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/core/parser.ts
+var import_promises = require("fs/promises");
+var import_gray_matter = __toESM(require("gray-matter"), 1);
+
+// src/core/schema.ts
+var import_zod = require("zod");
+var SkillCategorySchema = import_zod.z.enum([
+  "development",
+  "creative",
+  "enterprise",
+  "data",
+  "devops",
+  "other"
+]);
+var TrustLevelSchema = import_zod.z.enum(["community", "verified", "official"]);
+var SkillMetadataSchema = import_zod.z.object({
+  name: import_zod.z.string().min(1).max(100).regex(/^[a-z0-9][a-z0-9-]*[a-z0-9]$|^[a-z0-9]$/, "Must be lowercase alphanumeric with hyphens, not starting/ending with hyphen"),
+  version: import_zod.z.string().regex(/^\d+\.\d+\.\d+$/, "Must be valid semver (e.g. 1.0.0)"),
+  description: import_zod.z.string().min(10).max(500),
+  author: import_zod.z.string().min(1),
+  license: import_zod.z.string().min(1),
+  tags: import_zod.z.array(import_zod.z.string().min(1).max(50)).min(1).max(20),
+  category: SkillCategorySchema,
+  repository: import_zod.z.string().url().optional(),
+  homepage: import_zod.z.string().url().optional(),
+  "min-skillli-version": import_zod.z.string().optional(),
+  "trust-level": TrustLevelSchema.default("community"),
+  checksum: import_zod.z.string().optional(),
+  "disable-model-invocation": import_zod.z.boolean().default(false),
+  "user-invocable": import_zod.z.boolean().default(true)
+});
+
+// src/core/errors.ts
+var SkillliError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "SkillliError";
+  }
+};
+var SkillValidationError = class extends SkillliError {
+  details;
+  constructor(message, details = []) {
+    super(message);
+    this.name = "SkillValidationError";
+    this.details = details;
+  }
+};
+var SkillNotFoundError = class extends SkillliError {
+  constructor(skillName) {
+    super(`Skill not found: ${skillName}`);
+    this.name = "SkillNotFoundError";
+  }
+};
+var RegistryError = class extends SkillliError {
+  constructor(message) {
+    super(message);
+    this.name = "RegistryError";
+  }
+};
+var InstallError = class extends SkillliError {
+  constructor(message) {
+    super(message);
+    this.name = "InstallError";
+  }
+};
+
+// src/core/parser.ts
+function normalizeMetadata(raw) {
+  return {
+    name: raw.name,
+    version: raw.version,
+    description: raw.description,
+    author: raw.author,
+    license: raw.license,
+    tags: raw.tags,
+    category: raw.category,
+    repository: raw.repository,
+    homepage: raw.homepage,
+    minSkillliVersion: raw["min-skillli-version"],
+    trustLevel: raw["trust-level"],
+    checksum: raw.checksum,
+    disableModelInvocation: raw["disable-model-invocation"],
+    userInvocable: raw["user-invocable"]
+  };
+}
+function validateMetadata(data) {
+  const result = SkillMetadataSchema.safeParse(data);
+  if (!result.success) {
+    const details = result.error.issues.map(
+      (issue) => `${issue.path.join(".")}: ${issue.message}`
+    );
+    throw new SkillValidationError("Invalid skill metadata", details);
+  }
+  return normalizeMetadata(result.data);
+}
+function parseSkillContent(content, filePath = "<inline>") {
+  const { data, content: body, matter: rawFrontmatter } = (0, import_gray_matter.default)(content);
+  const metadata = validateMetadata(data);
+  return {
+    metadata,
+    content: body.trim(),
+    rawFrontmatter: rawFrontmatter || "",
+    filePath
+  };
+}
+async function parseSkillFile(filePath) {
+  const content = await (0, import_promises.readFile)(filePath, "utf-8");
+  return parseSkillContent(content, filePath);
+}
+function extractManifest(skill) {
+  const { metadata } = skill;
+  return {
+    name: metadata.name,
+    version: metadata.version,
+    description: metadata.description,
+    author: metadata.author,
+    license: metadata.license,
+    tags: metadata.tags,
+    category: metadata.category,
+    repository: metadata.repository,
+    trust_level: metadata.trustLevel,
+    checksum: metadata.checksum,
+    created_at: (/* @__PURE__ */ new Date()).toISOString(),
+    updated_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+
+// src/core/search.ts
+function tokenize(text) {
+  return text.toLowerCase().split(/[\s\-_,./]+/).filter((t) => t.length > 1);
+}
+function textScore(tokens, text) {
+  const lower = text.toLowerCase();
+  let score = 0;
+  for (const token of tokens) {
+    if (lower.includes(token)) score += 1;
+  }
+  return score;
+}
+function scoreSkill(entry, queryTokens, options) {
+  let score = 0;
+  const matchedOn = [];
+  const nameScore = textScore(queryTokens, entry.name);
+  if (nameScore > 0) {
+    score += nameScore * 5;
+    matchedOn.push("name");
+  }
+  if (entry.name === options.query.toLowerCase()) {
+    score += 10;
+  }
+  const descScore = textScore(queryTokens, entry.description);
+  if (descScore > 0) {
+    score += descScore * 2;
+    matchedOn.push("description");
+  }
+  for (const token of queryTokens) {
+    if (entry.tags.some((t) => t.toLowerCase() === token)) {
+      score += 4;
+      if (!matchedOn.includes("tags")) matchedOn.push("tags");
+    }
+  }
+  if (options.tags) {
+    for (const tag of options.tags) {
+      if (entry.tags.includes(tag)) {
+        score += 3;
+        if (!matchedOn.includes("tags")) matchedOn.push("tags");
+      }
+    }
+  }
+  if (options.category && entry.category === options.category) {
+    score += 2;
+    matchedOn.push("category");
+  }
+  if (matchedOn.length > 0) {
+    if (entry.trustLevel === "official") score += 3;
+    if (entry.trustLevel === "verified") score += 1.5;
+    score += entry.rating.average * 0.5;
+    if (entry.downloads > 0) {
+      score += Math.log10(entry.downloads) * 0.5;
+    }
+  }
+  return { score, matchedOn };
+}
+function search(index, options) {
+  const queryTokens = tokenize(options.query);
+  const results = [];
+  for (const entry of Object.values(index.skills)) {
+    if (options.category && entry.category !== options.category) continue;
+    if (options.trustLevel && entry.trustLevel !== options.trustLevel) continue;
+    if (options.minRating && entry.rating.average < options.minRating) continue;
+    const { score, matchedOn } = scoreSkill(entry, queryTokens, options);
+    if (score > 0) {
+      results.push({ skill: entry, relevanceScore: score, matchedOn });
+    }
+  }
+  results.sort((a, b) => b.relevanceScore - a.relevanceScore);
+  const offset = options.offset ?? 0;
+  const limit = options.limit ?? 20;
+  return results.slice(offset, offset + limit);
+}
+function searchByTags(index, tags) {
+  return search(index, { query: tags.join(" "), tags });
+}
+function searchByCategory(index, category) {
+  return search(index, { query: "", category });
+}
+
+// src/core/installer.ts
+var import_promises4 = require("fs/promises");
+var import_fs3 = require("fs");
+var import_path3 = require("path");
+var import_child_process = require("child_process");
+
+// src/core/constants.ts
+var import_os = require("os");
+var import_path = require("path");
+var SKILLLI_DIR = (0, import_path.join)((0, import_os.homedir)(), ".skillli");
+var LOCAL_INDEX_PATH = (0, import_path.join)(SKILLLI_DIR, "index.json");
+var CONFIG_PATH = (0, import_path.join)(SKILLLI_DIR, "config.json");
+var SKILLS_DIR = (0, import_path.join)(SKILLLI_DIR, "skills");
+var CACHE_DIR = (0, import_path.join)(SKILLLI_DIR, "cache");
+var DEFAULT_REGISTRY_URL = "https://raw.githubusercontent.com/skillli/registry/main/index.json";
+var SKILL_FILENAME = "SKILL.md";
+var MAX_SKILL_SIZE_BYTES = 5 * 1024 * 1024;
+var MAX_SKILL_MD_LINES = 500;
+var VERSION = "0.1.0";
+
+// src/core/local-store.ts
+var import_promises2 = require("fs/promises");
+var import_fs = require("fs");
+async function ensureDir() {
+  for (const dir of [SKILLLI_DIR, SKILLS_DIR, CACHE_DIR]) {
+    if (!(0, import_fs.existsSync)(dir)) {
+      await (0, import_promises2.mkdir)(dir, { recursive: true });
+    }
+  }
+}
+function defaultConfig() {
+  return {
+    installedSkills: {},
+    registryUrl: DEFAULT_REGISTRY_URL,
+    lastSync: ""
+  };
+}
+function defaultIndex() {
+  return {
+    version: "1.0.0",
+    lastUpdated: "",
+    skills: {}
+  };
+}
+async function getConfig() {
+  await ensureDir();
+  if (!(0, import_fs.existsSync)(CONFIG_PATH)) {
+    const config = defaultConfig();
+    await saveConfig(config);
+    return config;
+  }
+  const raw = await (0, import_promises2.readFile)(CONFIG_PATH, "utf-8");
+  return JSON.parse(raw);
+}
+async function saveConfig(config) {
+  await ensureDir();
+  await (0, import_promises2.writeFile)(CONFIG_PATH, JSON.stringify(config, null, 2));
+}
+async function getLocalIndex() {
+  await ensureDir();
+  if (!(0, import_fs.existsSync)(LOCAL_INDEX_PATH)) {
+    const index = defaultIndex();
+    await saveLocalIndex(index);
+    return index;
+  }
+  const raw = await (0, import_promises2.readFile)(LOCAL_INDEX_PATH, "utf-8");
+  return JSON.parse(raw);
+}
+async function saveLocalIndex(index) {
+  await ensureDir();
+  await (0, import_promises2.writeFile)(LOCAL_INDEX_PATH, JSON.stringify(index, null, 2));
+}
+async function getInstalledSkills() {
+  const config = await getConfig();
+  return Object.values(config.installedSkills);
+}
+async function markInstalled(skill) {
+  const config = await getConfig();
+  config.installedSkills[skill.name] = skill;
+  await saveConfig(config);
+}
+async function markUninstalled(name) {
+  const config = await getConfig();
+  delete config.installedSkills[name];
+  await saveConfig(config);
+}
+
+// src/core/registry.ts
+async function fetchIndex(registryUrl) {
+  const config = await getConfig();
+  const url = registryUrl ?? config.registryUrl ?? DEFAULT_REGISTRY_URL;
+  try {
+    const res = await fetch(url);
+    if (!res.ok) {
+      throw new RegistryError(`Failed to fetch registry: ${res.status} ${res.statusText}`);
+    }
+    const index = await res.json();
+    index.lastUpdated = (/* @__PURE__ */ new Date()).toISOString();
+    await saveLocalIndex(index);
+    return index;
+  } catch (error) {
+    if (error instanceof RegistryError) throw error;
+    const localIndex = await getLocalIndex();
+    if (Object.keys(localIndex.skills).length > 0) {
+      return localIndex;
+    }
+    throw new RegistryError(`Cannot reach registry at ${url}: ${error}`);
+  }
+}
+async function getSkillEntry(name) {
+  const index = await getLocalIndex();
+  const entry = index.skills[name];
+  if (!entry) {
+    throw new SkillNotFoundError(name);
+  }
+  return entry;
+}
+async function syncIndex() {
+  return fetchIndex();
+}
+
+// src/core/safeguards.ts
+var import_promises3 = require("fs/promises");
+var import_path2 = require("path");
+var import_fs2 = require("fs");
+var PROHIBITED_PATTERNS = [
+  { pattern: /\beval\s*\(/, label: "eval()" },
+  { pattern: /\bexec\s*\(/, label: "exec()" },
+  { pattern: /\bexecSync\s*\(/, label: "execSync()" },
+  { pattern: /rm\s+-rf\s+\//, label: "rm -rf /" },
+  { pattern: /\bchild_process\b/, label: "child_process" },
+  { pattern: /\bProcess\.kill\b/i, label: "Process.kill" },
+  { pattern: /password\s*[:=]\s*['"][^'"]+['"]/, label: "hardcoded password" },
+  { pattern: /api[_-]?key\s*[:=]\s*['"][^'"]+['"]/, label: "hardcoded API key" },
+  { pattern: /[A-Za-z0-9+/]{100,}={0,2}/, label: "large base64 blob" }
+];
+var ALLOWED_SCRIPT_EXTENSIONS = [".sh", ".py", ".js", ".ts"];
+function checkSchema(skill) {
+  return {
+    name: "schema-validation",
+    passed: true,
+    severity: "info",
+    message: "SKILL.md metadata is valid"
+  };
+}
+function checkLineCount(content) {
+  const lines = content.split("\n").length;
+  const passed = lines <= MAX_SKILL_MD_LINES;
+  return {
+    name: "line-count",
+    passed,
+    severity: passed ? "info" : "warning",
+    message: passed ? `SKILL.md has ${lines} lines (max ${MAX_SKILL_MD_LINES})` : `SKILL.md has ${lines} lines, exceeds max of ${MAX_SKILL_MD_LINES}`
+  };
+}
+function checkProhibitedPatterns(content) {
+  const found = [];
+  for (const { pattern, label } of PROHIBITED_PATTERNS) {
+    if (pattern.test(content)) {
+      found.push(label);
+    }
+  }
+  const passed = found.length === 0;
+  return {
+    name: "prohibited-patterns",
+    passed,
+    severity: passed ? "info" : "error",
+    message: passed ? "No prohibited patterns detected" : `Prohibited patterns found: ${found.join(", ")}`
+  };
+}
+function checkScriptSafety(skillDir) {
+  const scriptsDir = (0, import_path2.join)(skillDir, "scripts");
+  if (!(0, import_fs2.existsSync)(scriptsDir)) {
+    return {
+      name: "script-safety",
+      passed: true,
+      severity: "info",
+      message: "No scripts directory found"
+    };
+  }
+  const badFiles = [];
+  const files = (0, import_fs2.readdirSync)(scriptsDir, { recursive: true });
+  for (const file of files) {
+    const ext = "." + file.split(".").pop();
+    if (!ALLOWED_SCRIPT_EXTENSIONS.includes(ext)) {
+      badFiles.push(file);
+    }
+  }
+  const passed = badFiles.length === 0;
+  return {
+    name: "script-safety",
+    passed,
+    severity: passed ? "info" : "error",
+    message: passed ? "All scripts use allowed extensions" : `Disallowed script types: ${badFiles.join(", ")}`
+  };
+}
+async function checkFileSize(skillDir) {
+  let totalSize = 0;
+  const entries = (0, import_fs2.readdirSync)(skillDir, { recursive: true, withFileTypes: true });
+  for (const entry of entries) {
+    if (entry.isFile()) {
+      const fullPath = (0, import_path2.join)(entry.parentPath ?? skillDir, entry.name);
+      const s = await (0, import_promises3.stat)(fullPath);
+      totalSize += s.size;
+    }
+  }
+  const passed = totalSize <= MAX_SKILL_SIZE_BYTES;
+  return {
+    name: "file-size",
+    passed,
+    severity: passed ? "info" : "warning",
+    message: passed ? `Total size: ${(totalSize / 1024).toFixed(1)}KB (max ${MAX_SKILL_SIZE_BYTES / 1024 / 1024}MB)` : `Total size ${(totalSize / 1024 / 1024).toFixed(1)}MB exceeds max of ${MAX_SKILL_SIZE_BYTES / 1024 / 1024}MB`
+  };
+}
+async function runSafeguards(skill, skillDir) {
+  const checks = [];
+  checks.push(checkSchema(skill));
+  checks.push(checkLineCount(skill.content));
+  checks.push(checkProhibitedPatterns(skill.content + skill.rawFrontmatter));
+  if (skillDir) {
+    checks.push(checkScriptSafety(skillDir));
+    checks.push(await checkFileSize(skillDir));
+  }
+  const passed = checks.every((c) => c.passed || c.severity !== "error");
+  const score = computeTrustScore(skill);
+  return { passed, score, checks };
+}
+function computeTrustScore(skill, registryEntry) {
+  let score = 0;
+  if (skill.metadata.repository) score += 10;
+  if (skill.metadata.license) score += 10;
+  if (skill.metadata.trustLevel === "verified") score += 15;
+  if (skill.metadata.trustLevel === "official") score += 20;
+  if (registryEntry && registryEntry.rating.average >= 3.5) score += 15;
+  if (registryEntry && registryEntry.downloads > 100) score += 5;
+  if (registryEntry && registryEntry.downloads > 1e3) score += 5;
+  const patternCheck = checkProhibitedPatterns(skill.content);
+  const lineCheck = checkLineCount(skill.content);
+  if (patternCheck.passed) score += 20;
+  if (lineCheck.passed) score += 15;
+  return Math.min(score, 100);
+}
+
+// src/core/installer.ts
+async function installFromRegistry(name, version) {
+  const entry = await getSkillEntry(name);
+  if (!entry.repository) {
+    throw new InstallError(`Skill "${name}" has no repository URL`);
+  }
+  return installFromGithub(entry.repository, name);
+}
+async function installFromGithub(repoUrl, nameOverride) {
+  const name = nameOverride ?? repoUrl.split("/").pop()?.replace(/\.git$/, "") ?? "unknown";
+  const installPath = (0, import_path3.join)(SKILLS_DIR, name);
+  if ((0, import_fs3.existsSync)(installPath)) {
+    await (0, import_promises4.rm)(installPath, { recursive: true });
+  }
+  await (0, import_promises4.mkdir)(installPath, { recursive: true });
+  try {
+    (0, import_child_process.execSync)(`git clone --depth 1 "${repoUrl}" "${installPath}"`, {
+      stdio: "pipe",
+      timeout: 3e4
+    });
+  } catch {
+    throw new InstallError(`Failed to clone ${repoUrl}`);
+  }
+  const skillFile = (0, import_path3.join)(installPath, SKILL_FILENAME);
+  if (!(0, import_fs3.existsSync)(skillFile)) {
+    await (0, import_promises4.rm)(installPath, { recursive: true });
+    throw new InstallError(`No ${SKILL_FILENAME} found in ${repoUrl}`);
+  }
+  const skill = await parseSkillFile(skillFile);
+  const safeguards = await runSafeguards(skill, installPath);
+  if (!safeguards.passed) {
+    await (0, import_promises4.rm)(installPath, { recursive: true });
+    const errors = safeguards.checks.filter((c) => !c.passed).map((c) => c.message);
+    throw new InstallError(`Skill failed safety checks: ${errors.join("; ")}`);
+  }
+  const installed = {
+    name: skill.metadata.name,
+    version: skill.metadata.version,
+    installedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    path: installPath,
+    source: "github"
+  };
+  await markInstalled(installed);
+  return installed;
+}
+async function installFromLocal(dirPath) {
+  const skillFile = (0, import_path3.join)(dirPath, SKILL_FILENAME);
+  if (!(0, import_fs3.existsSync)(skillFile)) {
+    throw new InstallError(`No ${SKILL_FILENAME} found in ${dirPath}`);
+  }
+  const skill = await parseSkillFile(skillFile);
+  const safeguards = await runSafeguards(skill, dirPath);
+  if (!safeguards.passed) {
+    const errors = safeguards.checks.filter((c) => !c.passed).map((c) => c.message);
+    throw new InstallError(`Skill failed safety checks: ${errors.join("; ")}`);
+  }
+  const installPath = (0, import_path3.join)(SKILLS_DIR, skill.metadata.name);
+  if ((0, import_fs3.existsSync)(installPath)) {
+    await (0, import_promises4.rm)(installPath, { recursive: true });
+  }
+  (0, import_child_process.execSync)(`cp -r "${dirPath}" "${installPath}"`, { stdio: "pipe" });
+  const installed = {
+    name: skill.metadata.name,
+    version: skill.metadata.version,
+    installedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    path: installPath,
+    source: "local"
+  };
+  await markInstalled(installed);
+  return installed;
+}
+async function uninstall(name) {
+  const installPath = (0, import_path3.join)(SKILLS_DIR, name);
+  if ((0, import_fs3.existsSync)(installPath)) {
+    await (0, import_promises4.rm)(installPath, { recursive: true });
+  }
+  await markUninstalled(name);
+}
+async function linkToClaudeSkills(skill, projectDir = process.cwd()) {
+  const claudeSkillsDir = (0, import_path3.join)(projectDir, ".claude", "skills");
+  await (0, import_promises4.mkdir)(claudeSkillsDir, { recursive: true });
+  const linkPath = (0, import_path3.join)(claudeSkillsDir, skill.name);
+  if ((0, import_fs3.existsSync)(linkPath)) {
+    await (0, import_promises4.rm)(linkPath, { recursive: true });
+  }
+  await (0, import_promises4.symlink)(skill.path, linkPath, "dir");
+  return linkPath;
+}
+
+// src/core/ratings.ts
+async function getRatings(name) {
+  const index = await getLocalIndex();
+  const entry = index.skills[name];
+  if (!entry) {
+    throw new SkillNotFoundError(name);
+  }
+  return entry.rating;
+}
+async function submitRating(name, rating, userId, comment) {
+  const index = await getLocalIndex();
+  const entry = index.skills[name];
+  if (!entry) {
+    throw new SkillNotFoundError(name);
+  }
+  const current = entry.rating;
+  const newCount = current.count + 1;
+  const newAverage = (current.average * current.count + rating) / newCount;
+  const dist = [...current.distribution];
+  dist[rating - 1] += 1;
+  entry.rating = {
+    average: Math.round(newAverage * 10) / 10,
+    count: newCount,
+    distribution: dist
+  };
+  await saveLocalIndex(index);
+  return entry.rating;
+}
+function formatRating(rating) {
+  const filled = Math.round(rating.average);
+  const empty = 5 - filled;
+  const stars = "\u2605".repeat(filled) + "\u2606".repeat(empty);
+  return `${stars} ${rating.average.toFixed(1)} (${rating.count} ratings)`;
+}
+
+// src/core/publisher.ts
+var import_promises5 = require("fs/promises");
+var import_path4 = require("path");
+var import_crypto = require("crypto");
+var import_fs4 = require("fs");
+async function packageSkill(skillDir) {
+  const skillFile = (0, import_path4.join)(skillDir, SKILL_FILENAME);
+  if (!(0, import_fs4.existsSync)(skillFile)) {
+    throw new SkillValidationError(`No ${SKILL_FILENAME} found in ${skillDir}`);
+  }
+  const skill = await parseSkillFile(skillFile);
+  const safeguards = await runSafeguards(skill, skillDir);
+  if (!safeguards.passed) {
+    const errors = safeguards.checks.filter((c) => !c.passed).map((c) => `[${c.severity}] ${c.message}`);
+    throw new SkillValidationError("Skill failed safety checks", errors);
+  }
+  const checksum = await computeDirectoryChecksum(skillDir);
+  const manifest = extractManifest(skill);
+  manifest.checksum = `sha256:${checksum}`;
+  manifest.files = listFiles(skillDir);
+  manifest.size_bytes = computeDirectorySize(skillDir);
+  return { skill, manifest, checksum };
+}
+async function computeDirectoryChecksum(dir) {
+  const hash = (0, import_crypto.createHash)("sha256");
+  const files = listFiles(dir).sort();
+  for (const file of files) {
+    const content = await (0, import_promises5.readFile)((0, import_path4.join)(dir, file));
+    hash.update(file);
+    hash.update(content);
+  }
+  return hash.digest("hex");
+}
+function listFiles(dir, prefix = "") {
+  const files = [];
+  const entries = (0, import_fs4.readdirSync)(dir, { withFileTypes: true });
+  for (const entry of entries) {
+    if (entry.name === ".git" || entry.name === "node_modules") continue;
+    const relative = prefix ? `${prefix}/${entry.name}` : entry.name;
+    if (entry.isDirectory()) {
+      files.push(...listFiles((0, import_path4.join)(dir, entry.name), relative));
+    } else {
+      files.push(relative);
+    }
+  }
+  return files;
+}
+function computeDirectorySize(dir) {
+  let size = 0;
+  const entries = (0, import_fs4.readdirSync)(dir, { withFileTypes: true });
+  for (const entry of entries) {
+    if (entry.name === ".git" || entry.name === "node_modules") continue;
+    const fullPath = (0, import_path4.join)(dir, entry.name);
+    if (entry.isDirectory()) {
+      size += computeDirectorySize(fullPath);
+    } else {
+      size += (0, import_fs4.statSync)(fullPath).size;
+    }
+  }
+  return size;
+}
+
+// src/trawler/strategies.ts
+async function searchRegistry(query) {
+  const index = await getLocalIndex();
+  const tokens = query.toLowerCase().split(/\s+/);
+  const results = [];
+  for (const entry of Object.values(index.skills)) {
+    const text = `${entry.name} ${entry.description} ${entry.tags.join(" ")}`.toLowerCase();
+    const matchCount = tokens.filter((t) => text.includes(t)).length;
+    if (matchCount === 0) continue;
+    results.push({
+      source: "registry",
+      skill: entry,
+      confidence: Math.min(matchCount / tokens.length, 1),
+      url: entry.repository || `skillli://registry/${entry.name}`
+    });
+  }
+  return results;
+}
+async function searchGithub(query) {
+  const results = [];
+  const searchQuery = encodeURIComponent(`${query} SKILL.md in:path`);
+  const url = `https://api.github.com/search/repositories?q=${searchQuery}&per_page=10`;
+  try {
+    const res = await fetch(url, {
+      headers: { Accept: "application/vnd.github.v3+json" }
+    });
+    if (!res.ok) return results;
+    const data = await res.json();
+    for (const repo of data.items ?? []) {
+      const confidence = Math.min(
+        0.3 + (repo.stargazers_count > 10 ? 0.2 : 0) + (repo.stargazers_count > 100 ? 0.2 : 0),
+        0.9
+      );
+      results.push({
+        source: "github",
+        skill: {
+          name: repo.full_name.split("/").pop() ?? repo.full_name,
+          description: repo.description ?? "",
+          author: repo.full_name.split("/")[0],
+          repository: repo.html_url,
+          tags: repo.topics ?? []
+        },
+        confidence,
+        url: repo.html_url
+      });
+    }
+  } catch {
+  }
+  return results;
+}
+async function searchNpm(query) {
+  const results = [];
+  const searchQuery = encodeURIComponent(`${query} skill agent claude`);
+  const url = `https://registry.npmjs.org/-/v1/search?text=${searchQuery}&size=10`;
+  try {
+    const res = await fetch(url);
+    if (!res.ok) return results;
+    const data = await res.json();
+    for (const obj of data.objects ?? []) {
+      const pkg = obj.package;
+      results.push({
+        source: "npm",
+        skill: {
+          name: pkg.name,
+          description: pkg.description ?? "",
+          version: pkg.version,
+          repository: pkg.links.repository ?? "",
+          tags: pkg.keywords ?? []
+        },
+        confidence: Math.min(obj.score.final * 0.7, 0.85),
+        url: pkg.links.npm
+      });
+    }
+  } catch {
+  }
+  return results;
+}
+
+// src/trawler/ranker.ts
+function deduplicateResults(results) {
+  const seen = /* @__PURE__ */ new Map();
+  for (const result of results) {
+    const key = result.skill.name?.toLowerCase() ?? result.url;
+    const existing = seen.get(key);
+    if (!existing || result.confidence > existing.confidence) {
+      seen.set(key, result);
+    }
+  }
+  return Array.from(seen.values());
+}
+function rankResults(results, query) {
+  const tokens = query.toLowerCase().split(/\s+/);
+  return results.map((result) => {
+    let bonus = 0;
+    if (result.source === "registry") bonus += 0.2;
+    else if (result.source === "github") bonus += 0.05;
+    const name = (result.skill.name ?? "").toLowerCase();
+    for (const token of tokens) {
+      if (name.includes(token)) bonus += 0.15;
+    }
+    const tags = (result.skill.tags ?? []).map((t) => t.toLowerCase());
+    for (const token of tokens) {
+      if (tags.includes(token)) bonus += 0.1;
+    }
+    return {
+      ...result,
+      confidence: Math.min(result.confidence + bonus, 1)
+    };
+  }).sort((a, b) => b.confidence - a.confidence);
+}
+
+// src/trawler/index.ts
+async function trawl(query, options = {}) {
+  const sources = options.sources ?? ["registry", "github"];
+  const maxResults = options.maxResults ?? 10;
+  const searches = [];
+  if (sources.includes("registry")) {
+    searches.push(searchRegistry(query));
+  }
+  if (sources.includes("github")) {
+    searches.push(searchGithub(query));
+  }
+  if (sources.includes("npm")) {
+    searches.push(searchNpm(query));
+  }
+  const allResults = (await Promise.all(searches)).flat();
+  const deduplicated = deduplicateResults(allResults);
+  const ranked = rankResults(deduplicated, query);
+  return ranked.slice(0, maxResults);
+}
+
+// src/mcp/server.ts
+var import_mcp = require("@modelcontextprotocol/sdk/server/mcp.js");
+var import_zod2 = require("zod");
+function createSkillliMcpServer() {
+  const server = new import_mcp.McpServer({
+    name: "skillli",
+    version: "0.1.0"
+  });
+  server.tool(
+    "search_skills",
+    "Search the skillli registry for agentic AI skills",
+    {
+      query: import_zod2.z.string().describe("Search query"),
+      tags: import_zod2.z.array(import_zod2.z.string()).optional().describe("Filter by tags"),
+      category: import_zod2.z.string().optional().describe("Filter by category"),
+      limit: import_zod2.z.number().optional().default(10).describe("Max results")
+    },
+    async ({ query, tags, category, limit }) => {
+      const index = await getLocalIndex();
+      const results = search(index, {
+        query,
+        tags,
+        category,
+        limit
+      });
+      const text = results.length === 0 ? "No skills found matching your query." : results.map((r) => {
+        const s = r.skill;
+        return `**${s.name}** v${s.version} [${s.trustLevel.toUpperCase()}]
+  ${s.description}
+  Rating: ${s.rating.average}/5 (${s.rating.count}) | Downloads: ${s.downloads}
+  Tags: ${s.tags.join(", ")}`;
+      }).join("\n\n");
+      return { content: [{ type: "text", text }] };
+    }
+  );
+  server.tool(
+    "install_skill",
+    "Install an agentic skill from the skillli registry",
+    {
+      name: import_zod2.z.string().describe("Skill name to install"),
+      link: import_zod2.z.boolean().optional().default(true).describe("Link to .claude/skills/")
+    },
+    async ({ name, link }) => {
+      try {
+        const installed = await installFromRegistry(name);
+        let text = `Installed ${installed.name} v${installed.version} at ${installed.path}`;
+        if (link) {
+          const linkPath = await linkToClaudeSkills(installed);
+          text += `
+Linked to ${linkPath}`;
+        }
+        return { content: [{ type: "text", text }] };
+      } catch (error) {
+        return { content: [{ type: "text", text: `Install failed: ${error}` }], isError: true };
+      }
+    }
+  );
+  server.tool(
+    "get_skill_info",
+    "Get detailed information about a skill including trust score",
+    {
+      name: import_zod2.z.string().describe("Skill name")
+    },
+    async ({ name }) => {
+      try {
+        const entry = await getSkillEntry(name);
+        const text = [
+          `**${entry.name}** v${entry.version} [${entry.trustLevel.toUpperCase()}]`,
+          `${entry.description}`,
+          `Author: ${entry.author}`,
+          `Category: ${entry.category}`,
+          `Tags: ${entry.tags.join(", ")}`,
+          `Rating: ${entry.rating.average}/5 (${entry.rating.count} ratings)`,
+          `Downloads: ${entry.downloads}`,
+          entry.repository ? `Repository: ${entry.repository}` : null,
+          `Published: ${entry.publishedAt}`,
+          `Updated: ${entry.updatedAt}`
+        ].filter(Boolean).join("\n");
+        return { content: [{ type: "text", text }] };
+      } catch (error) {
+        return { content: [{ type: "text", text: `Error: ${error}` }], isError: true };
+      }
+    }
+  );
+  server.tool(
+    "trawl_skills",
+    "Agentic search across multiple sources (registry, GitHub, npm) for skills matching a need",
+    {
+      query: import_zod2.z.string().describe("What kind of skill you need"),
+      sources: import_zod2.z.array(import_zod2.z.enum(["registry", "github", "npm"])).optional().default(["registry", "github"]),
+      maxResults: import_zod2.z.number().optional().default(5)
+    },
+    async ({ query, sources, maxResults }) => {
+      const results = await trawl(query, { sources, maxResults });
+      if (results.length === 0) {
+        return { content: [{ type: "text", text: "No skills found across any source." }] };
+      }
+      const text = results.map((r) => {
+        const conf = Math.round(r.confidence * 100);
+        return `**${r.skill.name ?? "unknown"}** [${r.source}] (${conf}% match)
+  ${r.skill.description ?? ""}
+  ${r.url}`;
+      }).join("\n\n");
+      return { content: [{ type: "text", text }] };
+    }
+  );
+  server.tool(
+    "rate_skill",
+    "Rate an installed skill (1-5 stars)",
+    {
+      name: import_zod2.z.string().describe("Skill name to rate"),
+      rating: import_zod2.z.number().min(1).max(5).describe("Rating 1-5"),
+      comment: import_zod2.z.string().optional().describe("Optional review comment")
+    },
+    async ({ name, rating, comment }) => {
+      try {
+        const updated = await submitRating(name, rating, "mcp-user", comment);
+        return {
+          content: [
+            { type: "text", text: `Rated ${name}: ${formatRating(updated)}` }
+          ]
+        };
+      } catch (error) {
+        return { content: [{ type: "text", text: `Rating failed: ${error}` }], isError: true };
+      }
+    }
+  );
+  server.resource(
+    "installed-skills",
+    "skillli://installed",
+    { description: "List of all currently installed skillli skills" },
+    async () => {
+      const skills = await getInstalledSkills();
+      return {
+        contents: [
+          {
+            uri: "skillli://installed",
+            mimeType: "application/json",
+            text: JSON.stringify(skills, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  server.resource(
+    "skill-index",
+    "skillli://index",
+    { description: "The full skillli registry index" },
+    async () => {
+      const index = await getLocalIndex();
+      return {
+        contents: [
+          {
+            uri: "skillli://index",
+            mimeType: "application/json",
+            text: JSON.stringify(index, null, 2)
+          }
+        ]
+      };
+    }
+  );
+  return server;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  SkillMetadataSchema,
+  VERSION,
+  computeTrustScore,
+  createSkillliMcpServer,
+  extractManifest,
+  fetchIndex,
+  formatRating,
+  getConfig,
+  getInstalledSkills,
+  getLocalIndex,
+  getRatings,
+  getSkillEntry,
+  installFromGithub,
+  installFromLocal,
+  installFromRegistry,
+  linkToClaudeSkills,
+  packageSkill,
+  parseSkillContent,
+  parseSkillFile,
+  runSafeguards,
+  search,
+  searchByCategory,
+  searchByTags,
+  submitRating,
+  syncIndex,
+  trawl,
+  uninstall,
+  validateMetadata
+});
+//# sourceMappingURL=index.cjs.map