skillmaxxing 0.1.0

package/dist/plugin/sessions.js

@@ -0,0 +1,58 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { ensureDir } from '../util/fs.js';
+/**
+ * Per-session tool-call counter that gates the auto-reflection loop. The plugin
+ * hooks increment a counter on every tool use (PostToolUse) and, on Stop, fire
+ * reflection only once enough substantive work has accrued — the Hermes
+ * "iteration-gated review" idea, adapted to coding-agent hooks. State lives
+ * outside any skill dir so it never affects skill content hashes.
+ */
+const SESSIONS_DIR = path.join(os.homedir(), '.skillmax', 'sessions');
+function sessionPath(id) {
+    const safe = id.replace(/[^a-zA-Z0-9._-]+/g, '_') || 'session';
+    return path.join(SESSIONS_DIR, `${safe}.json`);
+}
+export function readSession(id) {
+    try {
+        const data = JSON.parse(fs.readFileSync(sessionPath(id), 'utf-8'));
+        if (typeof data?.tools === 'number') {
+            return { tools: data.tools, lastReflectTools: data.lastReflectTools ?? 0, reflectedAt: data.reflectedAt };
+        }
+    }
+    catch {
+        /* fall through to default */
+    }
+    return { tools: 0, lastReflectTools: 0 };
+}
+function writeSession(id, state) {
+    ensureDir(SESSIONS_DIR);
+    const target = sessionPath(id);
+    const tmp = target + '.tmp';
+    fs.writeFileSync(tmp, JSON.stringify(state, null, 2) + '\n');
+    fs.renameSync(tmp, target);
+}
+/** Record one tool use; returns the new total. */
+export function recordToolUse(id) {
+    const s = readSession(id);
+    s.tools += 1;
+    writeSession(id, s);
+    return s.tools;
+}
+/** Tool calls since the last reflection. */
+export function toolsSinceReflect(id) {
+    const s = readSession(id);
+    return s.tools - s.lastReflectTools;
+}
+/** True when enough substantive work has accrued to warrant a reflection. */
+export function shouldReflect(id, threshold) {
+    return toolsSinceReflect(id) >= threshold;
+}
+/** Mark that a reflection ran at the current tool count. */
+export function markReflected(id, now) {
+    const s = readSession(id);
+    s.lastReflectTools = s.tools;
+    s.reflectedAt = now;
+    writeSession(id, s);
+}

package/dist/source/parser.js

@@ -0,0 +1,63 @@
+import * as path from 'node:path';
+import { sanitizeSubpath } from '../util/sanitize.js';
+const GITHUB_SHORTHAND = /^([a-zA-Z0-9_.-]+)\/([a-zA-Z0-9_.-]+)(?:\/(.+))?$/;
+const GITHUB_URL = /^https?:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?(?:\/tree\/([^/]+)(?:\/(.+))?)?$/;
+const GIT_SSH = /^git@([^:]+):([^/]+)\/([^/]+?)(?:\.git)?$/;
+export function parseSource(input) {
+    const raw = input.trim();
+    if (raw.startsWith('./') || raw.startsWith('../') || raw.startsWith('/') || raw.match(/^[A-Z]:\\/)) {
+        return { type: 'local', localPath: path.resolve(raw), raw };
+    }
+    const ghUrl = raw.match(GITHUB_URL);
+    if (ghUrl) {
+        const subpath = ghUrl[4] ? sanitizeSubpath(ghUrl[4]) : undefined;
+        if (ghUrl[4] && subpath === null) {
+            throw new Error(`Unsafe subpath in URL: ${raw}`);
+        }
+        return {
+            type: 'github',
+            owner: ghUrl[1],
+            repo: ghUrl[2],
+            ref: ghUrl[3],
+            subpath: subpath ?? undefined,
+            url: `https://github.com/${ghUrl[1]}/${ghUrl[2]}.git`,
+            raw,
+        };
+    }
+    const ssh = raw.match(GIT_SSH);
+    if (ssh) {
+        return {
+            type: 'git',
+            owner: ssh[2],
+            repo: ssh[3],
+            url: raw,
+            raw,
+        };
+    }
+    if (raw.startsWith('https://') || raw.startsWith('http://')) {
+        return { type: 'git', url: raw, raw };
+    }
+    const shorthand = raw.match(GITHUB_SHORTHAND);
+    if (shorthand) {
+        const subpath = shorthand[3] ? sanitizeSubpath(shorthand[3]) : undefined;
+        if (shorthand[3] && subpath === null) {
+            throw new Error(`Unsafe subpath: ${raw}`);
+        }
+        return {
+            type: 'github',
+            owner: shorthand[1],
+            repo: shorthand[2],
+            subpath: subpath ?? undefined,
+            url: `https://github.com/${shorthand[1]}/${shorthand[2]}.git`,
+            raw,
+        };
+    }
+    throw new Error(`Cannot parse source: '${raw}'. Expected: owner/repo, GitHub URL, git URL, or local path.`);
+}
+export function sourceLabel(source) {
+    if (source.type === 'local')
+        return source.localPath;
+    if (source.owner && source.repo)
+        return `${source.owner}/${source.repo}`;
+    return source.url ?? source.raw;
+}

package/dist/source/resolver.js

@@ -0,0 +1,120 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { gitClone, gitGetHeadSha, makeTempDir, cleanTempDir } from '../util/git.js';
+import { readSkillMeta } from '../util/frontmatter.js';
+/**
+ * Defense-in-depth guard for directory entries read from untrusted cloned repos
+ * (review S5): reject names that are path-traversal or separator-bearing before
+ * joining them into a filesystem path. readdir normally returns plain segments,
+ * but a maliciously crafted archive should never escape the scan root.
+ */
+export function isSafeEntryName(name) {
+    return (name !== '' &&
+        name !== '.' &&
+        name !== '..' &&
+        !name.includes('/') &&
+        !name.includes('\\') &&
+        !name.includes('\0'));
+}
+export async function resolveSource(source) {
+    if (source.type === 'local') {
+        return resolveLocal(source.localPath);
+    }
+    return resolveRemote(source);
+}
+function resolveLocal(localPath) {
+    const resolved = path.resolve(localPath);
+    if (!fs.existsSync(resolved)) {
+        throw new Error(`Local path does not exist: ${resolved}`);
+    }
+    const skillMd = path.join(resolved, 'SKILL.md');
+    if (fs.existsSync(skillMd)) {
+        const content = fs.readFileSync(skillMd, 'utf-8');
+        const meta = readSkillMeta(content);
+        if (!meta)
+            throw new Error(`Invalid SKILL.md frontmatter at ${skillMd}`);
+        return [{ name: meta.name, meta, dir: resolved, isTemp: false }];
+    }
+    const skills = [];
+    for (const entry of fs.readdirSync(resolved, { withFileTypes: true })) {
+        if (!entry.isDirectory())
+            continue;
+        if (!isSafeEntryName(entry.name))
+            continue;
+        const sub = path.join(resolved, entry.name, 'SKILL.md');
+        if (!fs.existsSync(sub))
+            continue;
+        const content = fs.readFileSync(sub, 'utf-8');
+        const meta = readSkillMeta(content);
+        if (meta) {
+            skills.push({ name: meta.name, meta, dir: path.join(resolved, entry.name), isTemp: false });
+        }
+    }
+    if (skills.length === 0) {
+        throw new Error(`No SKILL.md found in ${resolved} or its subdirectories`);
+    }
+    return skills;
+}
+async function resolveRemote(source) {
+    const tmpDir = makeTempDir('clone');
+    try {
+        await gitClone(source.url, tmpDir, source.ref);
+        const sha = await gitGetHeadSha(tmpDir);
+        let searchDir = tmpDir;
+        if (source.subpath) {
+            searchDir = path.join(tmpDir, source.subpath);
+            if (!fs.existsSync(searchDir)) {
+                throw new Error(`Subpath '${source.subpath}' not found in ${source.url}`);
+            }
+        }
+        const skillMd = path.join(searchDir, 'SKILL.md');
+        if (fs.existsSync(skillMd)) {
+            const content = fs.readFileSync(skillMd, 'utf-8');
+            const meta = readSkillMeta(content);
+            if (!meta)
+                throw new Error(`Invalid SKILL.md frontmatter in ${source.url}`);
+            return [{ name: meta.name, meta, dir: searchDir, commitSha: sha, isTemp: true }];
+        }
+        const skills = [];
+        for (const entry of fs.readdirSync(searchDir, { withFileTypes: true })) {
+            if (!entry.isDirectory())
+                continue;
+            if (!isSafeEntryName(entry.name))
+                continue;
+            const sub = path.join(searchDir, entry.name, 'SKILL.md');
+            if (!fs.existsSync(sub))
+                continue;
+            const content = fs.readFileSync(sub, 'utf-8');
+            const meta = readSkillMeta(content);
+            if (meta) {
+                skills.push({ name: meta.name, meta, dir: path.join(searchDir, entry.name), commitSha: sha, isTemp: true });
+            }
+        }
+        if (skills.length === 0) {
+            throw new Error(`No SKILL.md found in ${source.url}`);
+        }
+        return skills;
+    }
+    catch (err) {
+        cleanTempDir(tmpDir);
+        throw err;
+    }
+}
+export function cleanupResolved(skills) {
+    const cleaned = new Set();
+    for (const skill of skills) {
+        if (!skill.isTemp)
+            continue;
+        let dir = skill.dir;
+        while (dir.includes('skillmax-clone-')) {
+            const parent = path.dirname(dir);
+            if (parent === dir)
+                break;
+            dir = parent;
+        }
+        if (!cleaned.has(dir)) {
+            cleaned.add(dir);
+            cleanTempDir(dir);
+        }
+    }
+}

package/dist/state/store.js

@@ -0,0 +1,120 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { createHash } from 'node:crypto';
+import { ensureDir } from '../util/fs.js';
+const STATE_DIR = path.join(os.homedir(), '.skillmax', 'state');
+/** Default cap on retained score-history entries (review SG5: bound unbounded growth). */
+export const MAX_SCORE_HISTORY = 20;
+/**
+ * Filesystem-safe state key. Pass an origin-namespaced identity (e.g. a
+ * workspace-synced skill's qualified name) so two same-named skills from
+ * different origins do not share one sidecar file — see plan U3 / review A5.
+ */
+export function stateKey(identity) {
+    const safe = identity.replace(/[^a-zA-Z0-9._-]+/g, '_').replace(/^[._]+/, '') || 'unnamed';
+    // Append a short hash of the RAW identity so two identities that sanitize to
+    // the same string (e.g. "team/a" and "team_a") never share one sidecar file —
+    // otherwise their trust flag and score history would silently merge (review A5).
+    const hash = createHash('sha256').update(identity).digest('hex').slice(0, 8);
+    return `${safe}-${hash}`;
+}
+function statePath(identity) {
+    return path.join(STATE_DIR, `${stateKey(identity)}.json`);
+}
+/** Read a skill's state sidecar, or null if absent/corrupt. Never throws. */
+export function loadState(identity) {
+    try {
+        const raw = fs.readFileSync(statePath(identity), 'utf-8');
+        const data = JSON.parse(raw);
+        if (!data || typeof data.name !== 'string' || typeof data.id !== 'string') {
+            return null;
+        }
+        return data;
+    }
+    catch {
+        return null;
+    }
+}
+/** Write a skill's state sidecar atomically, trimming score history. */
+export function saveState(state) {
+    ensureDir(STATE_DIR);
+    const target = statePath(state.id);
+    const trimmed = {
+        ...state,
+        scoreHistory: state.scoreHistory.slice(-MAX_SCORE_HISTORY),
+        updatedAt: state.updatedAt,
+    };
+    const tmp = target + '.tmp';
+    fs.writeFileSync(tmp, JSON.stringify(trimmed, null, 2) + '\n');
+    fs.renameSync(tmp, target);
+}
+/** Load existing state for `id`, or create-and-persist a default (trusted:false). */
+export function ensureState(init, now) {
+    const id = init.id ?? init.name;
+    const existing = loadState(id);
+    if (existing)
+        return existing;
+    const state = {
+        name: init.name,
+        id,
+        origin: init.origin,
+        trusted: false,
+        version: init.version ?? '1.0.0',
+        lifecycle: init.lifecycle ?? 'committed',
+        scoreHistory: [],
+        source: init.source,
+        createdAt: now,
+        updatedAt: now,
+    };
+    saveState(state);
+    return state;
+}
+/** Append a score entry (trimmed on save) and persist. No-op if state absent. */
+export function recordScore(id, entry) {
+    const state = loadState(id);
+    if (!state)
+        return;
+    state.scoreHistory.push(entry);
+    state.updatedAt = entry.at;
+    saveState(state);
+}
+/** Transition lifecycle and persist. No-op if state absent. */
+export function setLifecycle(id, lifecycle, now) {
+    const state = loadState(id);
+    if (!state)
+        return;
+    state.lifecycle = lifecycle;
+    state.updatedAt = now;
+    saveState(state);
+}
+/** List all persisted skill states (best-effort; skips corrupt files). */
+export function listStates() {
+    let names;
+    try {
+        names = fs.readdirSync(STATE_DIR);
+    }
+    catch {
+        return [];
+    }
+    const out = [];
+    for (const file of names) {
+        if (!file.endsWith('.json'))
+            continue;
+        const id = file.slice(0, -'.json'.length);
+        const state = loadState(id);
+        if (state)
+            out.push(state);
+    }
+    return out;
+}
+/** Test/maintenance hook: remove a state sidecar. Returns true if removed. */
+export function deleteState(id) {
+    try {
+        fs.rmSync(statePath(id));
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/state/trust.js

@@ -0,0 +1,31 @@
+import { loadState, saveState } from './store.js';
+/**
+ * Trust model: agent-created and publicly-discovered skills default to
+ * `trusted: false` (set at state creation in store.ensureState). The execution
+ * sandbox refuses to auto-execute untrusted skills (see util/exec.ts). Trust is
+ * granted only by an explicit user action through `grantTrust`.
+ */
+/** True only when a state record exists AND is explicitly trusted. */
+export function isTrusted(id) {
+    return loadState(id)?.trusted ?? false;
+}
+/** Grant trust to a skill. No-op if no state record exists. Returns success. */
+export function grantTrust(id, now) {
+    const state = loadState(id);
+    if (!state)
+        return false;
+    state.trusted = true;
+    state.updatedAt = now;
+    saveState(state);
+    return true;
+}
+/** Revoke trust from a skill. No-op if no state record exists. Returns success. */
+export function revokeTrust(id, now) {
+    const state = loadState(id);
+    if (!state)
+        return false;
+    state.trusted = false;
+    state.updatedAt = now;
+    saveState(state);
+    return true;
+}

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/dist/util/collision.js

@@ -0,0 +1,46 @@
+import * as fs from 'node:fs';
+import { validateName, sanitizeName } from './sanitize.js';
+/** Validate a skill name at a write boundary (review I6: validateName was never called). */
+export function ensureValidName(name) {
+    const err = validateName(name);
+    if (err)
+        return { ok: false, reason: `invalid skill name "${name}": ${err}` };
+    return { ok: true };
+}
+/**
+ * Decide whether writing a skill named `name` into `destDir` is safe. Refuses to
+ * overwrite an existing skill unless `force` — the guarded replacement for the
+ * silent delete-then-write in fs.symlinkOrCopy on managed write paths (review C2).
+ */
+export function checkWrite(destDir, name, opts = {}) {
+    const valid = ensureValidName(name);
+    if (!valid.ok)
+        return valid;
+    if (fs.existsSync(destDir) && !opts.force) {
+        return {
+            ok: false,
+            reason: `skill "${name}" already exists at ${destDir} (pass force to overwrite)`,
+        };
+    }
+    return { ok: true };
+}
+/**
+ * Case-insensitive collision check against existing names. Returns the colliding
+ * existing name, or null. Catches the `code-review` vs `Code-Review` footgun.
+ */
+export function collidesWith(name, existing) {
+    const lower = name.toLowerCase();
+    for (const e of existing) {
+        if (e === name || e.toLowerCase() === lower)
+            return e;
+    }
+    return null;
+}
+/**
+ * Origin-namespaced name so a workspace sync never clobbers a local skill of the
+ * same name (review C2 / AE2). E.g. ("team-acme","code-review") →
+ * "team-acme-code-review" (sanitized to a valid skill name).
+ */
+export function namespacedName(origin, name) {
+    return sanitizeName(`${origin}-${name}`);
+}

package/dist/util/exec.js

@@ -0,0 +1,78 @@
+import { execFile } from 'node:child_process';
+import * as path from 'node:path';
+import * as fs from 'node:fs';
+import { isTrusted } from '../state/trust.js';
+/**
+ * Constrained subprocess runner for skill-authored scripts and eval rollouts.
+ *
+ * Honest scope (review S1/F3/KTD6): this is PROCESS-LEVEL hardening, NOT a
+ * security container. It does: no shell, a hard timeout, an env ALLOWLIST
+ * (default-deny — credentials like GITHUB_TOKEN never pass; review S8), a working
+ * directory, and an output-size cap. It does NOT: block network egress (not
+ * enforceable via env alone on macOS/Linux), prevent absolute-path writes, or
+ * cap memory/PIDs. Treat it as defense-in-depth. For untrusted skills, the trust
+ * gate below — not the subprocess limits — is the primary control.
+ */
+/** Env vars passed through to sandboxed children. Default-deny everything else. */
+const ALLOWED_ENV = ['PATH', 'HOME', 'LANG', 'LC_ALL', 'LC_CTYPE', 'TMPDIR', 'TEMP', 'TZ'];
+export class SandboxRefusedError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'SandboxRefusedError';
+    }
+}
+function safeEnv(extra) {
+    const env = {};
+    for (const key of ALLOWED_ENV) {
+        const v = process.env[key];
+        if (v !== undefined)
+            env[key] = v;
+    }
+    // Best-effort network discouragement (NOT enforcement — see header note).
+    env.NO_PROXY = '*';
+    if (extra)
+        Object.assign(env, extra);
+    return env;
+}
+/**
+ * Run a command under the sandbox. Rejects (throws SandboxRefusedError) before
+ * spawning when the skill is untrusted and allowExec is not set — `trusted:false`
+ * skills never auto-execute (review C3/AE1).
+ */
+export function runSandboxed(command, args, opts) {
+    if (!opts.allowExec) {
+        if (!opts.skillId || !isTrusted(opts.skillId)) {
+            const who = opts.skillId ? ` "${opts.skillId}"` : '';
+            return Promise.reject(new SandboxRefusedError(`refusing to execute untrusted skill${who}; grant trust or pass allowExec`));
+        }
+    }
+    const cwd = path.resolve(opts.cwd);
+    if (!fs.existsSync(cwd)) {
+        return Promise.reject(new SandboxRefusedError(`sandbox cwd does not exist: ${cwd}`));
+    }
+    const maxBuffer = opts.maxOutputBytes ?? 1024 * 1024;
+    return new Promise((resolve) => {
+        execFile(command, args, {
+            cwd,
+            env: safeEnv(opts.env),
+            timeout: opts.timeoutMs ?? 30_000,
+            maxBuffer,
+            shell: false,
+            windowsHide: true,
+        }, (err, stdout, stderr) => {
+            const e = err;
+            const timedOut = !!(e && e.killed && e.signal === 'SIGTERM');
+            const truncated = !!(e && e.code === 'ERR_CHILD_PROCESS_STDIO_MAXBUFFER');
+            const code = typeof e?.code === 'number' ? e.code : e ? null : 0;
+            resolve({
+                ok: !err,
+                code,
+                signal: e?.signal ?? null,
+                stdout: stdout?.toString() ?? '',
+                stderr: stderr?.toString() ?? '',
+                timedOut,
+                truncated,
+            });
+        });
+    });
+}

package/dist/util/frontmatter.js

@@ -0,0 +1,72 @@
+import * as fs from 'node:fs';
+import { parse as parseYaml, stringify as stringifyYaml } from 'yaml';
+import { stripTerminalEscapes } from './sanitize.js';
+export function parseFrontmatter(raw) {
+    const match = raw.match(/^---\r?\n([\s\S]*?)\r?\n---\r?\n?([\s\S]*)$/);
+    if (!match)
+        return null;
+    let data;
+    try {
+        data = parseYaml(match[1]);
+    }
+    catch {
+        return null;
+    }
+    if (!data || typeof data !== 'object')
+        return null;
+    const name = data.name;
+    const description = data.description;
+    if (typeof name !== 'string' || typeof description !== 'string')
+        return null;
+    const meta = {
+        ...data,
+        name: stripTerminalEscapes(name),
+        description: stripTerminalEscapes(description),
+    };
+    return { meta, content: match[2] };
+}
+export function readSkillMeta(skillMdContent) {
+    const result = parseFrontmatter(skillMdContent);
+    return result?.meta ?? null;
+}
+/**
+ * Recursively neutralize untrusted values before serialization: strip terminal
+ * escapes from strings and coerce functions to strings. The `yaml` package does
+ * not support executable tags (`!!js/function`) the way `gray-matter` does — the
+ * repo chose `yaml` deliberately to avoid eval-based RCE — but we sanitize
+ * defensively so a poisoned description can never round-trip into something a
+ * downstream parser treats as more than data (review S3).
+ */
+function sanitizeYamlValue(value) {
+    if (typeof value === 'string')
+        return stripTerminalEscapes(value);
+    if (typeof value === 'function')
+        return String(value);
+    if (Array.isArray(value))
+        return value.map(sanitizeYamlValue);
+    if (value && typeof value === 'object') {
+        const out = {};
+        for (const [k, v] of Object.entries(value)) {
+            if (v === undefined)
+                continue;
+            out[k] = sanitizeYamlValue(v);
+        }
+        return out;
+    }
+    return value;
+}
+/**
+ * Serialize skill metadata + body back into SKILL.md text. Data-only YAML — no
+ * custom tags, no executable constructs. Pairs with parseFrontmatter so
+ * parse(serialize(x)) preserves the frontmatter block.
+ */
+export function serializeFrontmatter(meta, body = '') {
+    const clean = sanitizeYamlValue(meta);
+    const yaml = stringifyYaml(clean, { lineWidth: 0 }).replace(/\n$/, '');
+    const trimmedBody = body.replace(/^\n+/, '');
+    return `---\n${yaml}\n---\n${trimmedBody}`;
+}
+/** Write a SKILL.md file from metadata + body using the safe serializer. */
+export function writeSkillFile(skillMdPath, meta, body = '') {
+    fs.writeFileSync(skillMdPath, serializeFrontmatter(meta, body));
+}

package/dist/util/fs.js

@@ -0,0 +1,77 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+export function ensureDir(dir) {
+    fs.mkdirSync(dir, { recursive: true });
+}
+export function symlinkOrCopy(src, dest, forceCopy = false) {
+    ensureDir(path.dirname(dest));
+    if (fs.existsSync(dest)) {
+        const stat = fs.lstatSync(dest);
+        if (stat.isSymbolicLink())
+            fs.unlinkSync(dest);
+        else if (stat.isDirectory())
+            fs.rmSync(dest, { recursive: true });
+        else
+            fs.unlinkSync(dest);
+    }
+    if (forceCopy) {
+        copyDir(src, dest);
+        return 'copy';
+    }
+    try {
+        const rel = path.relative(path.dirname(dest), src);
+        fs.symlinkSync(rel, dest);
+        return 'symlink';
+    }
+    catch {
+        copyDir(src, dest);
+        return 'copy';
+    }
+}
+export function copyDir(src, dest) {
+    ensureDir(dest);
+    for (const entry of fs.readdirSync(src, { withFileTypes: true })) {
+        const srcPath = path.join(src, entry.name);
+        const destPath = path.join(dest, entry.name);
+        if (entry.name === '.git')
+            continue;
+        if (entry.isDirectory()) {
+            copyDir(srcPath, destPath);
+        }
+        else {
+            fs.copyFileSync(srcPath, destPath);
+        }
+    }
+}
+export function removeDir(dir) {
+    try {
+        const stat = fs.lstatSync(dir);
+        if (stat.isSymbolicLink()) {
+            fs.unlinkSync(dir);
+        }
+        else {
+            fs.rmSync(dir, { recursive: true });
+        }
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export function isSymlink(p) {
+    try {
+        return fs.lstatSync(p).isSymbolicLink();
+    }
+    catch {
+        return false;
+    }
+}
+export function fileExists(p) {
+    try {
+        fs.accessSync(p);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}