skillspp 1.2.0 → 1.3.0

package/dist/background-executor.js

@@ -1,7 +1,7 @@
 // ../../packages/core/src/runtime/background-tasks.ts
-import fs15 from "node:fs";
+import fs13 from "node:fs";
 import os7 from "node:os";
-import path16 from "node:path";
+import path14 from "node:path";
 
 // ../../packages/core/src/runtime/agents.ts
 import fs from "node:fs";
@@ -12,264 +12,198 @@ var STANDARD_AGENTS = {
     displayName: "Universal",
     projectSkillsDir: ".agents/skills",
     globalSkillsDir: ".agents/skills",
-    projectPluginsDir: ".agents/plugins/cache",
-    globalPluginsDir: ".agents/plugins/cache",
     installMarkers: [".agents"]
   },
   adal: {
     displayName: "AdaL",
     projectSkillsDir: ".adal/skills",
     globalSkillsDir: ".adal/skills",
-    projectPluginsDir: ".adal/plugins/cache",
-    globalPluginsDir: ".adal/plugins/cache",
     installMarkers: [".adal"]
   },
   antigravity: {
     displayName: "Antigravity",
     projectSkillsDir: ".agent/skills",
     globalSkillsDir: ".gemini/antigravity/skills",
-    projectPluginsDir: ".agent/plugins/cache",
-    globalPluginsDir: ".gemini/antigravity/plugins/cache",
     installMarkers: [".gemini/antigravity"]
   },
   augment: {
     displayName: "Augment",
     projectSkillsDir: ".augment/skills",
     globalSkillsDir: ".augment/skills",
-    projectPluginsDir: ".augment/plugins/cache",
-    globalPluginsDir: ".augment/plugins/cache",
     installMarkers: [".augment"]
   },
   "claude-code": {
     displayName: "Claude Code",
     projectSkillsDir: ".claude/skills",
     globalSkillsDir: ".claude/skills",
-    projectPluginsDir: ".claude/plugins/cache",
-    globalPluginsDir: ".claude/plugins/cache",
     installMarkers: [".claude"]
   },
   "cortex-code": {
     displayName: "Cortex Code",
     projectSkillsDir: ".cortex/skills",
     globalSkillsDir: ".cortex/skills",
-    projectPluginsDir: ".cortex/plugins/cache",
-    globalPluginsDir: ".cortex/plugins/cache",
     installMarkers: [".cortex"]
   },
   crush: {
     displayName: "Crush",
     projectSkillsDir: ".crush/skills",
     globalSkillsDir: ".crush/skills",
-    projectPluginsDir: ".crush/plugins/cache",
-    globalPluginsDir: ".crush/plugins/cache",
     installMarkers: [".crush"]
   },
   droid: {
     displayName: "Droid",
     projectSkillsDir: ".factory/skills",
     globalSkillsDir: ".factory/skills",
-    projectPluginsDir: ".factory/plugins/cache",
-    globalPluginsDir: ".factory/plugins/cache",
     installMarkers: [".factory"]
   },
   goose: {
     displayName: "Goose",
     projectSkillsDir: ".goose/skills",
     globalSkillsDir: ".config/goose/skills",
-    projectPluginsDir: ".goose/plugins/cache",
-    globalPluginsDir: ".config/goose/plugins/cache",
     installMarkers: [".config/goose"]
   },
   "iflow-cli": {
     displayName: "iFlow CLI",
     projectSkillsDir: ".iflow/skills",
     globalSkillsDir: ".iflow/skills",
-    projectPluginsDir: ".iflow/plugins/cache",
-    globalPluginsDir: ".iflow/plugins/cache",
     installMarkers: [".iflow"]
   },
   junie: {
     displayName: "Junie",
     projectSkillsDir: ".junie/skills",
     globalSkillsDir: ".junie/skills",
-    projectPluginsDir: ".junie/plugins/cache",
-    globalPluginsDir: ".junie/plugins/cache",
     installMarkers: [".junie"]
   },
   "kiro-cli": {
     displayName: "Kiro CLI",
     projectSkillsDir: ".kiro/skills",
     globalSkillsDir: ".kiro/skills",
-    projectPluginsDir: ".kiro/plugins/cache",
-    globalPluginsDir: ".kiro/plugins/cache",
     installMarkers: [".kiro"]
   },
   kode: {
     displayName: "Kode",
     projectSkillsDir: ".kode/skills",
     globalSkillsDir: ".kode/skills",
-    projectPluginsDir: ".kode/plugins/cache",
-    globalPluginsDir: ".kode/plugins/cache",
     installMarkers: [".kode"]
   },
   openclaw: {
     displayName: "OpenClaw",
     projectSkillsDir: "skills",
     globalSkillsDir: ".openclaw/skills",
-    projectPluginsDir: "plugins/cache",
-    globalPluginsDir: ".openclaw/plugins/cache",
     installMarkers: [".openclaw"]
   },
   openhands: {
     displayName: "OpenHands",
     projectSkillsDir: ".openhands/skills",
     globalSkillsDir: ".openhands/skills",
-    projectPluginsDir: ".openhands/plugins/cache",
-    globalPluginsDir: ".openhands/plugins/cache",
     installMarkers: [".openhands"]
   },
   "mistral-vibe": {
     displayName: "Mistral Vibe",
     projectSkillsDir: ".vibe/skills",
     globalSkillsDir: ".vibe/skills",
-    projectPluginsDir: ".vibe/plugins/cache",
-    globalPluginsDir: ".vibe/plugins/cache",
     installMarkers: [".vibe"]
   },
   neovate: {
     displayName: "Neovate",
     projectSkillsDir: ".neovate/skills",
     globalSkillsDir: ".neovate/skills",
-    projectPluginsDir: ".neovate/plugins/cache",
-    globalPluginsDir: ".neovate/plugins/cache",
     installMarkers: [".neovate"]
   },
   pochi: {
     displayName: "Pochi",
     projectSkillsDir: ".pochi/skills",
     globalSkillsDir: ".pochi/skills",
-    projectPluginsDir: ".pochi/plugins/cache",
-    globalPluginsDir: ".pochi/plugins/cache",
     installMarkers: [".pochi"]
   },
   qoder: {
     displayName: "Qoder",
     projectSkillsDir: ".qoder/skills",
     globalSkillsDir: ".qoder/skills",
-    projectPluginsDir: ".qoder/plugins/cache",
-    globalPluginsDir: ".qoder/plugins/cache",
     installMarkers: [".qoder"]
   },
   "qwen-code": {
     displayName: "Qwen Code",
     projectSkillsDir: ".qwen/skills",
     globalSkillsDir: ".qwen/skills",
-    projectPluginsDir: ".qwen/plugins/cache",
-    globalPluginsDir: ".qwen/plugins/cache",
     installMarkers: [".qwen"]
   },
   roo: {
     displayName: "Roo Code",
     projectSkillsDir: ".roo/skills",
     globalSkillsDir: ".roo/skills",
-    projectPluginsDir: ".roo/plugins/cache",
-    globalPluginsDir: ".roo/plugins/cache",
     installMarkers: [".roo"]
   },
   trae: {
     displayName: "Trae",
     projectSkillsDir: ".trae/skills",
     globalSkillsDir: ".trae/skills",
-    projectPluginsDir: ".trae/plugins/cache",
-    globalPluginsDir: ".trae/plugins/cache",
     installMarkers: [".trae"]
   },
   "trae-cn": {
     displayName: "Trae CN",
     projectSkillsDir: ".trae/skills",
     globalSkillsDir: ".trae/skills",
-    projectPluginsDir: ".trae/plugins/cache",
-    globalPluginsDir: ".trae/plugins/cache",
     installMarkers: [".trae"]
   },
   windsurf: {
     displayName: "Windsurf",
     projectSkillsDir: ".windsurf/skills",
     globalSkillsDir: ".codeium/windsurf/skills",
-    projectPluginsDir: ".windsurf/plugins/cache",
-    globalPluginsDir: ".codeium/windsurf/plugins/cache",
     installMarkers: [".windsurf", ".codeium/windsurf"]
   },
   zencoder: {
     displayName: "Zencoder",
     projectSkillsDir: ".zencoder/skills",
     globalSkillsDir: ".zencoder/skills",
-    projectPluginsDir: ".zencoder/plugins/cache",
-    globalPluginsDir: ".zencoder/plugins/cache",
     installMarkers: [".zencoder"]
   },
   continue: {
     displayName: "Continue",
     projectSkillsDir: ".continue/skills",
     globalSkillsDir: ".continue/skills",
-    projectPluginsDir: ".continue/plugins/cache",
-    globalPluginsDir: ".continue/plugins/cache",
     installMarkers: [".continue"]
   },
   codebuddy: {
     displayName: "CodeBuddy",
     projectSkillsDir: ".codebuddy/skills",
     globalSkillsDir: ".codebuddy/skills",
-    projectPluginsDir: ".codebuddy/plugins/cache",
-    globalPluginsDir: ".codebuddy/plugins/cache",
     installMarkers: [".codebuddy"]
   },
   "command-code": {
     displayName: "Command Code",
     projectSkillsDir: ".commandcode/skills",
     globalSkillsDir: ".commandcode/skills",
-    projectPluginsDir: ".commandcode/plugins/cache",
-    globalPluginsDir: ".commandcode/plugins/cache",
     installMarkers: [".commandcode"]
   },
   kilo: {
     displayName: "Kilo Code",
     projectSkillsDir: ".kilocode/skills",
     globalSkillsDir: ".kilocode/skills",
-    projectPluginsDir: ".kilocode/plugins/cache",
-    globalPluginsDir: ".kilocode/plugins/cache",
     installMarkers: [".kilocode"]
   },
   mcpjam: {
     displayName: "MCPJam",
     projectSkillsDir: ".mcpjam/skills",
     globalSkillsDir: ".mcpjam/skills",
-    projectPluginsDir: ".mcpjam/plugins/cache",
-    globalPluginsDir: ".mcpjam/plugins/cache",
     installMarkers: [".mcpjam"]
   },
   mux: {
     displayName: "Mux",
     projectSkillsDir: ".mux/skills",
     globalSkillsDir: ".mux/skills",
-    projectPluginsDir: ".mux/plugins/cache",
-    globalPluginsDir: ".mux/plugins/cache",
     installMarkers: [".mux"]
   },
   pi: {
     displayName: "Pi",
     projectSkillsDir: ".pi/skills",
     globalSkillsDir: ".pi/agent/skills",
-    projectPluginsDir: ".pi/plugins/cache",
-    globalPluginsDir: ".pi/agent/plugins/cache",
     installMarkers: [".pi"]
   },
   replit: {
     displayName: "Replit",
     projectSkillsDir: ".agents/skills",
     globalSkillsDir: ".config/agents/skills",
-    projectPluginsDir: ".agents/plugins/cache",
-    globalPluginsDir: ".config/agents/plugins/cache",
     installMarkers: [".config/agents"]
   }
 };
@@ -279,64 +213,48 @@ var AGENTS = {
     displayName: "Codex",
     projectSkillsDir: ".agents/skills",
     globalSkillsDir: ".codex/skills",
-    projectPluginsDir: ".agents/plugins/cache",
-    globalPluginsDir: ".codex/plugins/cache",
     installMarkers: [".codex"]
   },
   cursor: {
     displayName: "Cursor",
     projectSkillsDir: ".agents/skills",
     globalSkillsDir: ".cursor/skills",
-    projectPluginsDir: ".agents/plugins/cache",
-    globalPluginsDir: ".cursor/plugins/cache",
     installMarkers: [".cursor"]
   },
   "gemini-cli": {
     displayName: "Gemini CLI",
     projectSkillsDir: ".agents/skills",
     globalSkillsDir: ".gemini/skills",
-    projectPluginsDir: ".agents/plugins/cache",
-    globalPluginsDir: ".gemini/plugins/cache",
     installMarkers: [".gemini"]
   },
   "github-copilot": {
     displayName: "GitHub Copilot",
     projectSkillsDir: ".agents/skills",
     globalSkillsDir: ".copilot/skills",
-    projectPluginsDir: ".agents/plugins/cache",
-    globalPluginsDir: ".copilot/plugins/cache",
     installMarkers: [".copilot"]
   },
   amp: {
     displayName: "Amp",
     projectSkillsDir: ".agents/skills",
     globalSkillsDir: ".config/agents/skills",
-    projectPluginsDir: ".agents/plugins/cache",
-    globalPluginsDir: ".config/agents/plugins/cache",
     installMarkers: [".config/agents"]
   },
   opencode: {
     displayName: "OpenCode",
     projectSkillsDir: ".agents/skills",
     globalSkillsDir: ".config/opencode/skills",
-    projectPluginsDir: ".agents/plugins/cache",
-    globalPluginsDir: ".config/opencode/plugins/cache",
     installMarkers: [".config/opencode"]
   },
   windsurf: {
     displayName: "Windsurf",
     projectSkillsDir: ".windsurf/skills",
     globalSkillsDir: ".codeium/windsurf/skills",
-    projectPluginsDir: ".windsurf/plugins/cache",
-    globalPluginsDir: ".codeium/windsurf/plugins/cache",
     installMarkers: [".windsurf", ".codeium/windsurf"]
   },
   cline: {
     displayName: "Cline",
     projectSkillsDir: ".cline/skills",
     globalSkillsDir: ".cline/skills",
-    projectPluginsDir: ".cline/plugins/cache",
-    globalPluginsDir: ".cline/plugins/cache",
     installMarkers: [".cline"]
   }
 };
@@ -369,11 +287,6 @@ function getAgentSkillsDir(agent, globalInstall, cwd) {
   const base = globalInstall ? os.homedir() : cwd;
   return path.join(base, relative);
 }
-function getAgentPluginsDir(agent, globalInstall, cwd) {
-  const relative = globalInstall ? AGENTS[agent].globalPluginsDir : AGENTS[agent].projectPluginsDir;
-  const base = globalInstall ? os.homedir() : cwd;
-  return path.join(base, relative);
-}
 function detectInstalledAgents(cwd = process.cwd()) {
   const found = [];
   for (const agent of Object.keys(AGENTS)) {
@@ -909,27 +822,6 @@ var SKILL_CONFIG = {
     };
   }
 };
-var PLUGIN_CONFIG = {
-  kind: "plugins",
-  displayLabel: "well-known plugins",
-  indexPath: "/.well-known/plugins/index.json",
-  entryLabel: "plugin",
-  requireDescription: false,
-  missingManifestMessage: (name) => `Well-known plugin '${name}' is missing plugin.json`,
-  hasRequiredManifest(filePath) {
-    return filePath.split("/").at(-1)?.toLowerCase() === "plugin.json";
-  },
-  buildRemoteResult({ entry, files, sourceUrl }) {
-    return {
-      name: entry.name,
-      description: entry.description || "",
-      installName: entry.name,
-      sourceUrl,
-      sourceType: "well-known",
-      files
-    };
-  }
-};
 var SecureWellKnownProvider = class {
   id = "well-known";
   displayName = "Secure Well-Known Skills";
@@ -955,9 +847,6 @@ var SecureWellKnownProvider = class {
   async fetchAllSkills(url, options = {}) {
     return this.fetchAllResources(url, options, SKILL_CONFIG);
   }
-  async fetchAllPlugins(url, options = {}) {
-    return this.fetchAllResources(url, options, PLUGIN_CONFIG);
-  }
   async fetchAllResources(url, options, config) {
     const normalized = this.normalizeOptions(options);
     const budget = { remaining: normalized.maxDownloadBytes };
@@ -1249,33 +1138,6 @@ var HttpCatalogProvider = class {
       }
     });
   }
-  async fetchAllPlugins(url, options = {}) {
-    return this.fetchAllResources(url, options, {
-      kind: "plugins",
-      indexLabel: "catalog plugins",
-      resolveIndexUrl(parsed) {
-        return parsed.pathname.endsWith(".json") ? parsed.toString() : new URL(
-          "plugins/index.json",
-          parsed.toString().endsWith("/") ? parsed.toString() : `${parsed.toString()}/`
-        ).toString();
-      },
-      requireDescription: false,
-      missingManifestMessage: (name) => `Catalog plugin '${name}' is missing plugin.json`,
-      hasRequiredManifest(filePath) {
-        return filePath.split("/").at(-1)?.toLowerCase() === "plugin.json";
-      },
-      buildRemoteResult({ entry, files, sourceUrl }) {
-        return {
-          name: entry.name,
-          description: entry.description || "",
-          installName: entry.name,
-          sourceUrl,
-          sourceType: "catalog",
-          files
-        };
-      }
-    });
-  }
   async fetchAllResources(url, options, config) {
     const parsed = new URL(url);
     if (parsed.protocol !== "https:") {
@@ -1450,33 +1312,6 @@ async function resolveCatalogSkills(sourceUrl, options) {
     maxDownloadBytes: options.maxDownloadBytes
   });
 }
-async function resolveWellKnownPlugins(sourceUrl, options) {
-  initializeProviders();
-  const provider = getProviderById("well-known");
-  if (!provider) {
-    throw new Error("Well-known provider is not registered");
-  }
-  const wellKnown = provider;
-  return wellKnown.fetchAllPlugins(sourceUrl, {
-    allowHosts: options.allowHost,
-    denyHosts: options.denyHost,
-    maxDownloadBytes: options.maxDownloadBytes
-  });
-}
-async function resolveCatalogPlugins(sourceUrl, options) {
-  assertExperimentalFeatureEnabled("catalog", Boolean(options.experimental));
-  initializeProviders();
-  const provider = getProviderById("catalog");
-  if (!provider) {
-    throw new Error("Catalog provider is not registered");
-  }
-  const catalog = provider;
-  return catalog.fetchAllPlugins(sourceUrl, {
-    allowHosts: options.allowHost,
-    denyHosts: options.denyHost,
-    maxDownloadBytes: options.maxDownloadBytes
-  });
-}
 
 // ../../packages/core/src/runtime/hash.ts
 import fs4 from "node:fs";
@@ -1637,10 +1472,10 @@ function writePerSkillLockfile(canonicalDir, entry, format) {
 function isSkillDirEntry(entry) {
   return entry.isDirectory() || entry.isSymbolicLink();
 }
-function listInstalledResourceDirs(kind, globalInstall, cwd) {
+function listInstalledResourceDirs(_kind, globalInstall, cwd) {
   const out = /* @__PURE__ */ new Set();
   for (const agent of Object.keys(AGENTS)) {
-    const resourceRoot = kind === "plugin" ? getAgentPluginsDir(agent, globalInstall, cwd) : getAgentSkillsDir(agent, globalInstall, cwd);
+    const resourceRoot = getAgentSkillsDir(agent, globalInstall, cwd);
     if (!fs5.existsSync(resourceRoot) || !fs5.statSync(resourceRoot).isDirectory()) {
       continue;
     }
@@ -2028,693 +1863,203 @@ async function assessLockEntries(options, cwd, behavior = { keepResolved: false
   }
 }
 
-// ../../packages/core/src/runtime/plugin-check-analysis.ts
+// ../../packages/core/src/runtime/validate-analysis.ts
+import fs9 from "node:fs";
+import path10 from "node:path";
+import os5 from "node:os";
+import matter2 from "gray-matter";
+
+// ../../packages/core/src/runtime/skill-installer.ts
+import { spawnSync as spawnSync2 } from "node:child_process";
 import fs8 from "node:fs";
+import os4 from "node:os";
 import path9 from "node:path";
+import YAML2 from "yaml";
+import { z } from "zod";
 
-// ../../packages/core/src/sources/plugins.ts
+// ../../packages/core/src/runtime/installer-security.ts
 import fs7 from "node:fs";
 import path8 from "node:path";
-var SKIP_DIRS3 = /* @__PURE__ */ new Set([".git", "node_modules", "dist", "build", "__pycache__"]);
-async function resolvePluginsRootAsync(basePath) {
-  let stat;
-  try {
-    stat = await fs7.promises.stat(basePath);
-  } catch {
-    throw new Error(`Local source not found: ${basePath}`);
-  }
-  if (stat.isDirectory() && path8.basename(basePath) === "plugins") {
-    return basePath;
+function isInsideRoot(rootDir, candidatePath) {
+  const relative = path8.relative(rootDir, candidatePath);
+  return Boolean(relative) && !relative.startsWith("..") && !path8.isAbsolute(relative);
+}
+function toEscapeViolation(source) {
+  return {
+    rule: "installer-local-dependency-path-escape",
+    message: `local dependency escapes source root: ${source}`,
+    severity: "error",
+    blocking: true
+  };
+}
+function evaluateInstallerLocalDependency(input, _options = {}) {
+  if (path8.isAbsolute(input.source)) {
+    return {
+      ok: false,
+      violation: {
+        rule: "installer-local-dependency-absolute-path",
+        message: `absolute local dependency paths are not allowed: ${input.source}`,
+        severity: "error",
+        blocking: true
+      }
+    };
   }
-  const pluginsDir = path8.join(basePath, "plugins");
-  try {
-    const pluginsStat = await fs7.promises.stat(pluginsDir);
-    if (pluginsStat.isDirectory()) {
-      return pluginsDir;
-    }
-  } catch {
+  const resolvedRoot = path8.resolve(input.sourceRoot);
+  const resolvedSourcePath = path8.resolve(resolvedRoot, input.source);
+  if (!isInsideRoot(resolvedRoot, resolvedSourcePath)) {
+    return {
+      ok: false,
+      violation: toEscapeViolation(input.source)
+    };
   }
-  throw new Error("No plugins directory found in source");
-}
-async function collectPluginJsonFilesRecursiveAsync(dir, pluginRoot, out) {
-  const entries = await fs7.promises.readdir(dir, { withFileTypes: true });
-  for (const entry of entries) {
-    if (SKIP_DIRS3.has(entry.name)) {
-      continue;
-    }
-    const fullPath = path8.join(dir, entry.name);
-    if (entry.isDirectory()) {
-      await collectPluginJsonFilesRecursiveAsync(fullPath, pluginRoot, out);
-      continue;
-    }
-    if (entry.isFile() && path8.basename(fullPath).toLowerCase() === "plugin.json") {
-      out.push(path8.relative(pluginRoot, fullPath));
+  if (fs7.existsSync(resolvedSourcePath)) {
+    const realRoot = fs7.realpathSync.native ? fs7.realpathSync.native(resolvedRoot) : fs7.realpathSync(resolvedRoot);
+    const realSource = fs7.realpathSync.native ? fs7.realpathSync.native(resolvedSourcePath) : fs7.realpathSync(resolvedSourcePath);
+    if (!isInsideRoot(realRoot, realSource)) {
+      return {
+        ok: false,
+        violation: toEscapeViolation(input.source)
+      };
     }
   }
+  return {
+    ok: true,
+    resolvedPath: resolvedSourcePath
+  };
 }
-async function parsePluginManifestAsync(manifestPath, pluginName) {
-  let parsed;
-  try {
-    parsed = JSON.parse(await fs7.promises.readFile(manifestPath, "utf8"));
-  } catch {
-    throw new Error(`Plugin '${pluginName}' has invalid plugin.json`);
-  }
-  if (!parsed || typeof parsed !== "object") {
-    throw new Error(`Plugin '${pluginName}' has invalid plugin.json`);
-  }
-  const data = parsed;
-  if (typeof data.name !== "string" || data.name.trim().length === 0) {
-    throw new Error(`Plugin '${pluginName}' plugin.json is missing name`);
+
+// ../../packages/core/src/runtime/policy.ts
+function applyMode(result, mode) {
+  if (mode === "enforce" || result.ok) {
+    return result;
   }
-  if (data.name !== pluginName) {
-    throw new Error(`Plugin '${pluginName}' plugin.json name must match plugin folder name`);
+  const violation = "violation" in result ? result.violation : void 0;
+  if (!violation) {
+    return result;
   }
   return {
-    name: data.name,
-    description: typeof data.description === "string" ? data.description : void 0
+    ok: false,
+    violation: {
+      ...violation,
+      severity: "warning",
+      blocking: false
+    }
   };
 }
-function sortManifestCandidates(a, b) {
-  const depthA = a.split(path8.sep).length;
-  const depthB = b.split(path8.sep).length;
-  if (depthA !== depthB) {
-    return depthA - depthB;
-  }
-  return a.localeCompare(b);
+function evaluateInstallerLocalDependencyPolicy(input, mode) {
+  return applyMode(evaluateInstallerLocalDependency(input, { policyMode: "fixed" }), mode);
 }
-async function inspectPluginFolderAsync(pluginDir) {
-  const pluginName = path8.basename(pluginDir);
-  const pluginJsonRelativePaths = [];
-  await collectPluginJsonFilesRecursiveAsync(pluginDir, pluginDir, pluginJsonRelativePaths);
-  pluginJsonRelativePaths.sort(sortManifestCandidates);
-  if (pluginJsonRelativePaths.length === 0) {
-    return {
-      pluginName,
-      pluginDir,
-      error: new Error(`Plugin '${pluginName}' is missing plugin.json`)
-    };
+function evaluateHookTrustPolicy(input) {
+  if (input.sourceType !== "well-known") {
+    return { allowed: true };
   }
-  const manifests = [];
-  try {
-    for (const relativePath of pluginJsonRelativePaths) {
-      const manifest = await parsePluginManifestAsync(
-        path8.join(pluginDir, relativePath),
-        pluginName
-      );
-      manifests.push({
-        description: manifest.description || "",
-        relativePath
-      });
-    }
-  } catch (error) {
+  if (input.trustWellKnown) {
+    return { allowed: true };
+  }
+  if (input.mode === "warn") {
     return {
-      pluginName,
-      pluginDir,
-      error: error instanceof Error ? error : new Error(String(error))
+      allowed: true,
+      violation: {
+        rule: "hook-trust-required",
+        message: "Well-known hook commands are untrusted. Proceeding due to warning policy mode.",
+        severity: "warning",
+        blocking: false
+      }
     };
   }
-  const selectedManifest = manifests[0];
   return {
-    pluginName,
-    pluginDir,
-    plugin: {
-      name: pluginName,
-      description: selectedManifest?.description || "",
-      path: pluginDir
+    allowed: false,
+    violation: {
+      rule: "hook-trust-required",
+      message: "Blocked skill-installer hook commands for well-known source. Trust this source explicitly or use warning policy mode.",
+      severity: "error",
+      blocking: true
     }
   };
 }
-function filterRequestedPluginErrors(requestedPlugins, inspections) {
-  if (!requestedPlugins || requestedPlugins.length === 0) {
-    return;
-  }
-  if (requestedPlugins.includes("*")) {
-    return;
-  }
-  const inspectionByName = new Map(
-    inspections.map((inspection) => [inspection.pluginName, inspection])
-  );
-  for (const requestedPlugin of requestedPlugins) {
-    const inspection = inspectionByName.get(requestedPlugin);
-    if (inspection?.error) {
-      throw inspection.error;
-    }
+
+// ../../packages/core/src/runtime/skill-installer.ts
+var InstallerSecurityError = class extends Error {
+  violation;
+  constructor(violation) {
+    super(violation.message);
+    this.name = "InstallerSecurityError";
+    this.violation = violation;
   }
+};
+function isInstallerSecurityError(error) {
+  return error instanceof InstallerSecurityError;
 }
-async function discoverPluginsAsync(basePath, requestedPlugins) {
-  const pluginsRoot = await resolvePluginsRootAsync(basePath);
-  const entries = await fs7.promises.readdir(pluginsRoot, {
-    withFileTypes: true
-  });
-  const inspections = await Promise.all(
-    entries.filter((entry) => entry.isDirectory()).map((entry) => inspectPluginFolderAsync(path8.join(pluginsRoot, entry.name)))
-  );
-  filterRequestedPluginErrors(requestedPlugins, inspections);
-  return filterPluginsByName(
-    inspections.map((inspection) => inspection.plugin).filter((plugin) => Boolean(plugin)),
-    requestedPlugins
-  );
-}
-function filterPluginsByName(plugins, requested) {
-  if (!requested || requested.length === 0) {
-    return plugins;
-  }
-  if (requested.includes("*")) {
-    return plugins;
+var InstallerPolicyError = class extends Error {
+  violation;
+  constructor(violation) {
+    super(violation.message);
+    this.name = "InstallerPolicyError";
+    this.violation = violation;
   }
-  const wanted = new Set(requested.map((item) => item.toLowerCase()));
-  return plugins.filter((plugin) => wanted.has(plugin.name.toLowerCase()));
+};
+function isInstallerPolicyError(error) {
+  return error instanceof InstallerPolicyError;
 }
-function stageRemotePluginFilesToTempDir(pluginName, files) {
-  const prefixed = /* @__PURE__ */ new Map();
-  for (const [relativePath, content] of files.entries()) {
-    prefixed.set(path8.join("plugins", pluginName, relativePath), content);
+var dependencyObjectSchema = z.object({
+  source: z.string().min(1),
+  path: z.string().min(1)
+}).strict();
+var installerConfigSchema = z.object({
+  schemaVersion: z.literal(1),
+  "pre-install": z.array(z.string().min(1)).optional().default([]),
+  dependencies: z.array(z.union([z.string().min(1), dependencyObjectSchema])).optional().default([]),
+  "post-install": z.array(z.string().min(1)).optional().default([])
+}).strict();
+function ensureInsideRoot(rootDir, relativeTarget) {
+  const resolved = path9.resolve(rootDir, relativeTarget);
+  const relative = path9.relative(rootDir, resolved);
+  if (!relative || relative.startsWith("..") || path9.isAbsolute(relative)) {
+    throw new Error(`Unsafe destination path: ${relativeTarget}`);
   }
-  return stageRemoteSkillFilesToTempDir(prefixed, {
-    prefix: "skillspp-remote-plugin-"
-  });
+  return resolved;
 }
-
-// ../../packages/core/src/runtime/plugin-check-analysis.ts
-function includeByPlugin(entry, selected) {
-  if (!selected || selected.length === 0 || selected.includes("*")) {
-    return true;
+function sourceLooksLikeUrl(source) {
+  try {
+    const parsed = new URL(source);
+    return parsed.protocol === "http:" || parsed.protocol === "https:";
+  } catch {
+    return false;
   }
-  return selected.includes(entry.skillName);
 }
-function migrateHint2(pluginName) {
-  return `pluginspp update ${pluginName} --migrate <new-plugin-source>`;
+function sourceLooksLikeRepoShorthand(source) {
+  const trimmed = source.trim().replace(/^https?:\/\//, "");
+  return /^(github\.com|gitlab\.com)\/[^/]+\/[^/]+(?:\.git)?\/?$/.test(trimmed);
 }
-function resolveSourceMetadataIssue2(entry) {
-  if (!entry.source.canonical) {
-    return `source canonical metadata missing; run ${migrateHint2(entry.skillName)}`;
+function parseRepoSource(source) {
+  const withoutProtocol = source.trim().replace(/^https?:\/\//, "").replace(/\/+$/, "");
+  const match = withoutProtocol.match(/^(github\.com|gitlab\.com)\/([^/]+)\/([^/]+?)(?:\.git)?$/);
+  if (!match) {
+    throw new Error(`Unsupported repository dependency source: ${source}`);
   }
-  if (entry.source.type === "local") {
-    if (!entry.source.resolvedPath) {
-      return `local source metadata missing; run ${migrateHint2(entry.skillName)}`;
-    }
-    if (!fs8.existsSync(entry.source.canonical)) {
-      return `local source path not found; run ${migrateHint2(entry.skillName)}`;
+  const host = match[1];
+  const owner = match[2];
+  const repo = match[3];
+  return {
+    repoUrl: `https://${host}/${owner}/${repo}.git`,
+    repoName: repo
+  };
+}
+function deriveDestinationNameFromSource(source) {
+  if (sourceLooksLikeUrl(source)) {
+    const parsed = new URL(source);
+    const parts = parsed.pathname.split("/").filter(Boolean);
+    const leaf2 = parts[parts.length - 1];
+    if (!leaf2) {
+      throw new Error(`Cannot derive dependency name from URL source: ${source}`);
     }
-    return null;
-  }
-  if (!entry.source.pinnedRef) {
-    return `remote pin metadata missing; run ${migrateHint2(entry.skillName)}`;
-  }
-  return null;
-}
-function createRetainedCleanup2(cleanup) {
-  let cleaned = false;
-  let refCount = 0;
-  const runCleanup = () => {
-    if (cleaned) {
-      return;
-    }
-    cleaned = true;
-    cleanup?.();
-  };
-  const cleanupNow = () => {
-    if (refCount === 0) {
-      runCleanup();
-    }
-  };
-  const retainCleanup = () => {
-    refCount += 1;
-    let released = false;
-    return () => {
-      if (released) {
-        return;
-      }
-      released = true;
-      refCount -= 1;
-      if (refCount === 0) {
-        runCleanup();
-      }
-    };
-  };
-  return {
-    cleanupNow,
-    retainCleanup
-  };
-}
-function toAsyncResult2(promise) {
-  return promise.then(
-    (value) => ({ ok: true, value }),
-    (error) => ({ ok: false, error })
-  );
-}
-function unwrapAsyncResult2(result) {
-  if (result.ok) {
-    return result.value;
-  }
-  throw result.error;
-}
-async function loadCachedSource2(entry, options) {
-  const sourceInput = resolveSourceLoadInput(entry.source);
-  const parsed = parseSource(sourceInput);
-  if (parsed.type === "well-known" || parsed.type === "catalog") {
-    const remotePlugins = parsed.type === "well-known" ? await resolveWellKnownPlugins(parsed.url, options) : await resolveCatalogPlugins(parsed.url, options);
-    return {
-      kind: "remote",
-      remotePlugins
-    };
-  }
-  const prepared = await prepareSourceDirAsync(
-    parsed
-  );
-  const retainedCleanup = createRetainedCleanup2(prepared.cleanup);
-  try {
-    const plugins = await discoverPluginsAsync(prepared.basePath);
-    return {
-      kind: "prepared",
-      basePath: prepared.basePath,
-      plugins,
-      cleanupNow: retainedCleanup.cleanupNow,
-      retainCleanup: retainedCleanup.retainCleanup
-    };
-  } catch (error) {
-    retainedCleanup.cleanupNow();
-    throw error;
-  }
-}
-function resolveSafeRealPath2(inputPath) {
-  try {
-    return fs8.realpathSync(inputPath);
-  } catch {
-    return path9.resolve(inputPath);
-  }
-}
-function isLocalSymlinkSource2(localPath) {
-  try {
-    if (!fs8.existsSync(localPath)) {
-      return false;
-    }
-    return fs8.lstatSync(localPath).isSymbolicLink();
-  } catch {
-    return false;
-  }
-}
-async function buildRefreshedSourceMetadata2(entry, resolved, cachedSource, sourceHash) {
-  if (entry.source.type === "local") {
-    const canonical2 = entry.source.canonical || entry.source.input;
-    return {
-      canonical: canonical2,
-      resolvedPath: resolveSafeRealPath2(resolved.plugin.path),
-      isSymlinkSource: isLocalSymlinkSource2(canonical2),
-      sourcePluginPath: resolved.sourcePluginPath
-    };
-  }
-  if (entry.source.type === "git" || entry.source.type === "github") {
-    const nextPinnedRef = cachedSource.kind === "prepared" ? await resolveGitHeadRefAsync(cachedSource.basePath) : entry.source.pinnedRef;
-    return {
-      canonical: entry.source.canonical,
-      pinnedRef: nextPinnedRef,
-      sourcePluginPath: resolved.sourcePluginPath
-    };
-  }
-  const canonical = resolved.wellKnownSourceUrl || entry.source.canonical;
-  return {
-    canonical,
-    pinnedRef: sourceHash,
-    wellKnownSourceUrl: resolved.wellKnownSourceUrl
-  };
-}
-function resolveCandidateFromCachedSource2(entry, cachedSource, keepResolved) {
-  if (cachedSource.kind === "remote") {
-    const matched2 = cachedSource.remotePlugins.find(
-      (item) => item.installName === entry.source.selector.skillName
-    );
-    if (!matched2) {
-      throw new Error(`Plugin '${entry.source.selector.skillName}' not found in well-known source`);
-    }
-    const staged = stageRemotePluginFilesToTempDir(matched2.installName, matched2.files);
-    return {
-      plugin: {
-        name: matched2.installName,
-        description: matched2.description,
-        path: path9.join(staged.path, "plugins", matched2.installName)
-      },
-      wellKnownSourceUrl: matched2.sourceUrl,
-      cleanup: staged.cleanup
-    };
-  }
-  const matched = entry.source.selector.relativePath ? cachedSource.plugins.find(
-    (item) => path9.resolve(item.path) === path9.resolve(path9.join(cachedSource.basePath, entry.source.selector.relativePath))
-  ) : cachedSource.plugins.find((item) => item.name === entry.source.selector.skillName);
-  if (!matched) {
-    throw new Error(`Plugin '${entry.source.selector.skillName}' not found in source`);
-  }
-  return {
-    plugin: matched,
-    sourcePluginPath: path9.relative(cachedSource.basePath, matched.path) || ".",
-    cleanup: keepResolved ? cachedSource.retainCleanup() : void 0
-  };
-}
-async function assessPluginLockEntries(options, cwd, behavior = { keepResolved: false }) {
-  const lock = readResourceLockfile("plugin", Boolean(options.global), cwd);
-  const entries = lock.entries.filter((entry) => includeByPlugin(entry, options.plugin));
-  const drift = [];
-  const assessments = [];
-  const sourceOptions = {
-    global: options.global,
-    allowHost: options.allowHost,
-    denyHost: options.denyHost,
-    maxDownloadBytes: options.maxDownloadBytes,
-    policyMode: options.policyMode,
-    experimental: options.experimental
-  };
-  const sourceCache = /* @__PURE__ */ new Map();
-  const getCachedSource = (entry) => {
-    const key = buildSourceLoadCacheKey(entry.source);
-    const existing = sourceCache.get(key);
-    if (existing) {
-      return existing;
-    }
-    const created = loadCachedSource2(entry, sourceOptions);
-    sourceCache.set(key, created);
-    return created;
-  };
-  try {
-    for (const entry of entries) {
-      const assessment = {
-        entry,
-        drift: []
-      };
-      if (!fs8.existsSync(entry.canonicalDir) || !fs8.statSync(entry.canonicalDir).isDirectory()) {
-        const row = {
-          skillName: entry.skillName,
-          kind: "local-modified",
-          detail: "canonical directory is missing"
-        };
-        drift.push(row);
-        assessment.drift.push(row);
-        assessments.push(assessment);
-        continue;
-      }
-      const installedHash = unwrapAsyncResult2(
-        await toAsyncResult2(hashDirectoryAsync(entry.canonicalDir))
-      );
-      if (installedHash !== entry.installedHash) {
-        const row = {
-          skillName: entry.skillName,
-          kind: "local-modified",
-          detail: "installed content differs from lockfile hash"
-        };
-        drift.push(row);
-        assessment.drift.push(row);
-      }
-      const metadataIssue = resolveSourceMetadataIssue2(entry);
-      if (metadataIssue) {
-        const row = {
-          skillName: entry.skillName,
-          kind: "migrate-required",
-          detail: metadataIssue
-        };
-        drift.push(row);
-        assessment.drift.push(row);
-        assessments.push(assessment);
-        continue;
-      }
-      let resolved;
-      try {
-        const cachedSource = unwrapAsyncResult2(await toAsyncResult2(getCachedSource(entry)));
-        resolved = resolveCandidateFromCachedSource2(entry, cachedSource, behavior.keepResolved);
-        if (entry.source.type === "local") {
-          const currentResolvedPath = fs8.realpathSync(resolved.plugin.path);
-          if (currentResolvedPath !== path9.resolve(entry.source.resolvedPath)) {
-            const row = {
-              skillName: entry.skillName,
-              kind: "migrate-required",
-              detail: `local source identity changed; run ${migrateHint2(entry.skillName)}`
-            };
-            drift.push(row);
-            assessment.drift.push(row);
-            if (resolved.cleanup && !behavior.keepResolved) {
-              resolved.cleanup();
-              resolved = void 0;
-            }
-            assessments.push(assessment);
-            continue;
-          }
-        }
-        const sourceHash = await hashDirectoryAsync(resolved.plugin.path);
-        assessment.sourceHash = sourceHash;
-        assessment.refreshedSource = await buildRefreshedSourceMetadata2(
-          entry,
-          resolved,
-          cachedSource,
-          sourceHash
-        );
-        if (sourceHash !== entry.sourceHash) {
-          const row = {
-            skillName: entry.skillName,
-            kind: "changed-source",
-            detail: "source hash changed"
-          };
-          drift.push(row);
-          assessment.drift.push(row);
-        }
-        if (behavior.keepResolved) {
-          assessment.resolved = resolved;
-        }
-      } catch (error) {
-        const asText = error instanceof Error ? error.message : String(error);
-        const migrateRequired = entry.source.type === "local" && (asText.includes("Local source not found") || asText.includes("not found in source"));
-        const row = {
-          skillName: entry.skillName,
-          kind: migrateRequired ? "migrate-required" : "missing-source",
-          detail: migrateRequired ? `local source identity changed; run ${migrateHint2(entry.skillName)}` : asText
-        };
-        drift.push(row);
-        assessment.drift.push(row);
-      } finally {
-        if (resolved?.cleanup && !behavior.keepResolved) {
-          resolved.cleanup();
-        }
-      }
-      assessments.push(assessment);
-    }
-    const canonical = listCanonicalResourceDirs("plugin", Boolean(options.global), cwd);
-    const lockNames = new Set(lock.entries.map((item) => item.skillName));
-    for (const pluginName of canonical) {
-      if (!lockNames.has(pluginName) && includeByPlugin({ skillName: pluginName }, options.plugin)) {
-        drift.push({
-          skillName: pluginName,
-          kind: "lock-missing",
-          detail: "installed plugin is not tracked in lockfile"
-        });
-      }
-    }
-    return { drift, checked: entries.length, assessments };
-  } finally {
-    if (!behavior.keepResolved) {
-      for (const cachedSourcePromise of sourceCache.values()) {
-        const cachedSource = await cachedSourcePromise.catch(() => null);
-        if (cachedSource?.kind === "prepared") {
-          cachedSource.cleanupNow();
-        }
-      }
-    }
-  }
-}
-
-// ../../packages/core/src/runtime/validate-analysis.ts
-import fs11 from "node:fs";
-import path12 from "node:path";
-import os5 from "node:os";
-import matter2 from "gray-matter";
-
-// ../../packages/core/src/runtime/skill-installer.ts
-import { spawnSync as spawnSync2 } from "node:child_process";
-import fs10 from "node:fs";
-import os4 from "node:os";
-import path11 from "node:path";
-import YAML2 from "yaml";
-import { z } from "zod";
-
-// ../../packages/core/src/runtime/installer-security.ts
-import fs9 from "node:fs";
-import path10 from "node:path";
-function isInsideRoot(rootDir, candidatePath) {
-  const relative = path10.relative(rootDir, candidatePath);
-  return Boolean(relative) && !relative.startsWith("..") && !path10.isAbsolute(relative);
-}
-function toEscapeViolation(source) {
-  return {
-    rule: "installer-local-dependency-path-escape",
-    message: `local dependency escapes source root: ${source}`,
-    severity: "error",
-    blocking: true
-  };
-}
-function evaluateInstallerLocalDependency(input, _options = {}) {
-  if (path10.isAbsolute(input.source)) {
-    return {
-      ok: false,
-      violation: {
-        rule: "installer-local-dependency-absolute-path",
-        message: `absolute local dependency paths are not allowed: ${input.source}`,
-        severity: "error",
-        blocking: true
-      }
-    };
-  }
-  const resolvedRoot = path10.resolve(input.sourceRoot);
-  const resolvedSourcePath = path10.resolve(resolvedRoot, input.source);
-  if (!isInsideRoot(resolvedRoot, resolvedSourcePath)) {
-    return {
-      ok: false,
-      violation: toEscapeViolation(input.source)
-    };
-  }
-  if (fs9.existsSync(resolvedSourcePath)) {
-    const realRoot = fs9.realpathSync.native ? fs9.realpathSync.native(resolvedRoot) : fs9.realpathSync(resolvedRoot);
-    const realSource = fs9.realpathSync.native ? fs9.realpathSync.native(resolvedSourcePath) : fs9.realpathSync(resolvedSourcePath);
-    if (!isInsideRoot(realRoot, realSource)) {
-      return {
-        ok: false,
-        violation: toEscapeViolation(input.source)
-      };
-    }
-  }
-  return {
-    ok: true,
-    resolvedPath: resolvedSourcePath
-  };
-}
-
-// ../../packages/core/src/runtime/policy.ts
-function applyMode(result, mode) {
-  if (mode === "enforce" || result.ok) {
-    return result;
-  }
-  const violation = "violation" in result ? result.violation : void 0;
-  if (!violation) {
-    return result;
-  }
-  return {
-    ok: false,
-    violation: {
-      ...violation,
-      severity: "warning",
-      blocking: false
-    }
-  };
-}
-function evaluateInstallerLocalDependencyPolicy(input, mode) {
-  return applyMode(evaluateInstallerLocalDependency(input, { policyMode: "fixed" }), mode);
-}
-function evaluateHookTrustPolicy(input) {
-  if (input.sourceType !== "well-known") {
-    return { allowed: true };
-  }
-  if (input.trustWellKnown) {
-    return { allowed: true };
-  }
-  if (input.mode === "warn") {
-    return {
-      allowed: true,
-      violation: {
-        rule: "hook-trust-required",
-        message: "Well-known hook commands are untrusted. Proceeding due to warning policy mode.",
-        severity: "warning",
-        blocking: false
-      }
-    };
-  }
-  return {
-    allowed: false,
-    violation: {
-      rule: "hook-trust-required",
-      message: "Blocked skill-installer hook commands for well-known source. Trust this source explicitly or use warning policy mode.",
-      severity: "error",
-      blocking: true
-    }
-  };
-}
-
-// ../../packages/core/src/runtime/skill-installer.ts
-var InstallerSecurityError = class extends Error {
-  violation;
-  constructor(violation) {
-    super(violation.message);
-    this.name = "InstallerSecurityError";
-    this.violation = violation;
-  }
-};
-function isInstallerSecurityError(error) {
-  return error instanceof InstallerSecurityError;
-}
-var InstallerPolicyError = class extends Error {
-  violation;
-  constructor(violation) {
-    super(violation.message);
-    this.name = "InstallerPolicyError";
-    this.violation = violation;
-  }
-};
-function isInstallerPolicyError(error) {
-  return error instanceof InstallerPolicyError;
-}
-var dependencyObjectSchema = z.object({
-  source: z.string().min(1),
-  path: z.string().min(1)
-}).strict();
-var installerConfigSchema = z.object({
-  schemaVersion: z.literal(1),
-  "pre-install": z.array(z.string().min(1)).optional().default([]),
-  dependencies: z.array(z.union([z.string().min(1), dependencyObjectSchema])).optional().default([]),
-  "post-install": z.array(z.string().min(1)).optional().default([])
-}).strict();
-function ensureInsideRoot(rootDir, relativeTarget) {
-  const resolved = path11.resolve(rootDir, relativeTarget);
-  const relative = path11.relative(rootDir, resolved);
-  if (!relative || relative.startsWith("..") || path11.isAbsolute(relative)) {
-    throw new Error(`Unsafe destination path: ${relativeTarget}`);
-  }
-  return resolved;
-}
-function sourceLooksLikeUrl(source) {
-  try {
-    const parsed = new URL(source);
-    return parsed.protocol === "http:" || parsed.protocol === "https:";
-  } catch {
-    return false;
-  }
-}
-function sourceLooksLikeRepoShorthand(source) {
-  const trimmed = source.trim().replace(/^https?:\/\//, "");
-  return /^(github\.com|gitlab\.com)\/[^/]+\/[^/]+(?:\.git)?\/?$/.test(trimmed);
-}
-function parseRepoSource(source) {
-  const withoutProtocol = source.trim().replace(/^https?:\/\//, "").replace(/\/+$/, "");
-  const match = withoutProtocol.match(/^(github\.com|gitlab\.com)\/([^/]+)\/([^/]+?)(?:\.git)?$/);
-  if (!match) {
-    throw new Error(`Unsupported repository dependency source: ${source}`);
-  }
-  const host = match[1];
-  const owner = match[2];
-  const repo = match[3];
-  return {
-    repoUrl: `https://${host}/${owner}/${repo}.git`,
-    repoName: repo
-  };
-}
-function deriveDestinationNameFromSource(source) {
-  if (sourceLooksLikeUrl(source)) {
-    const parsed = new URL(source);
-    const parts = parsed.pathname.split("/").filter(Boolean);
-    const leaf2 = parts[parts.length - 1];
-    if (!leaf2) {
-      throw new Error(`Cannot derive dependency name from URL source: ${source}`);
-    }
-    return leaf2;
+    return leaf2;
   }
   if (sourceLooksLikeRepoShorthand(source)) {
     return parseRepoSource(source).repoName;
   }
-  const leaf = path11.basename(source);
-  if (!leaf || leaf === "." || leaf === path11.sep) {
+  const leaf = path9.basename(source);
+  if (!leaf || leaf === "." || leaf === path9.sep) {
     throw new Error(`Cannot derive dependency name from source: ${source}`);
   }
   return leaf;
@@ -2770,11 +2115,11 @@ function parseConfigObject(raw) {
   };
 }
 function assertNoLegacyInstallerBlock(skillDir) {
-  const openAiYamlPath = path11.join(skillDir, "agents", "openai.yaml");
-  if (!fs10.existsSync(openAiYamlPath) || !fs10.statSync(openAiYamlPath).isFile()) {
+  const openAiYamlPath = path9.join(skillDir, "agents", "openai.yaml");
+  if (!fs8.existsSync(openAiYamlPath) || !fs8.statSync(openAiYamlPath).isFile()) {
     return;
   }
-  const parsed = YAML2.parse(fs10.readFileSync(openAiYamlPath, "utf8"));
+  const parsed = YAML2.parse(fs8.readFileSync(openAiYamlPath, "utf8"));
   if (parsed && typeof parsed === "object" && typeof parsed["skill-installer"] !== "undefined") {
     throw new Error(
       "Legacy skill-installer config detected in agents/openai.yaml. Move it to skill-installer.yaml or skill-installer.json."
@@ -2783,10 +2128,10 @@ function assertNoLegacyInstallerBlock(skillDir) {
 }
 function loadInstallerConfig(skillDir) {
   assertNoLegacyInstallerBlock(skillDir);
-  const yamlPath = path11.join(skillDir, "skill-installer.yaml");
-  const jsonPath = path11.join(skillDir, "skill-installer.json");
-  const hasYaml = fs10.existsSync(yamlPath) && fs10.statSync(yamlPath).isFile();
-  const hasJson = fs10.existsSync(jsonPath) && fs10.statSync(jsonPath).isFile();
+  const yamlPath = path9.join(skillDir, "skill-installer.yaml");
+  const jsonPath = path9.join(skillDir, "skill-installer.json");
+  const hasYaml = fs8.existsSync(yamlPath) && fs8.statSync(yamlPath).isFile();
+  const hasJson = fs8.existsSync(jsonPath) && fs8.statSync(jsonPath).isFile();
   if (hasYaml && hasJson) {
     throw new Error(
       "Both skill-installer.yaml and skill-installer.json exist. Keep only one installer config file."
@@ -2801,10 +2146,10 @@ function loadInstallerConfig(skillDir) {
     };
   }
   if (hasYaml) {
-    const parsed = YAML2.parse(fs10.readFileSync(yamlPath, "utf8"));
+    const parsed = YAML2.parse(fs8.readFileSync(yamlPath, "utf8"));
     return parseConfigObject(parsed);
   }
-  const raw = JSON.parse(fs10.readFileSync(jsonPath, "utf8"));
+  const raw = JSON.parse(fs8.readFileSync(jsonPath, "utf8"));
   return parseConfigObject(raw);
 }
 function runHookPhase(phase, commands, cwd, events) {
@@ -2869,11 +2214,11 @@ async function prepareDependency(source, targetPath, index, sourceCwd, stagingDi
         message: `[skills] ${violation.message}`
       });
     }
-    const sourcePath = evaluation.ok ? evaluation.resolvedPath : path11.resolve(sourceCwd, source);
-    if (!fs10.existsSync(sourcePath)) {
+    const sourcePath = evaluation.ok ? evaluation.resolvedPath : path9.resolve(sourceCwd, source);
+    if (!fs8.existsSync(sourcePath)) {
       throw new Error(`Dependency[${index}] (local) source not found: ${source}`);
     }
-    fs10.accessSync(sourcePath, fs10.constants.R_OK);
+    fs8.accessSync(sourcePath, fs8.constants.R_OK);
     events.push({
       level: "info",
       message: `[skills] dependency[${index}] preflight-validated: ${source}`
@@ -2889,7 +2234,7 @@ async function prepareDependency(source, targetPath, index, sourceCwd, stagingDi
   if (sourceKind === "repo") {
     const stagePath = ensureInsideRoot(
       stagingDir,
-      `repo-${index}-${path11.basename(targetPath).replace(/[^a-zA-Z0-9._-]/g, "_")}`
+      `repo-${index}-${path9.basename(targetPath).replace(/[^a-zA-Z0-9._-]/g, "_")}`
     );
     const { repoUrl } = parseRepoSource(source);
     runGitClone(repoUrl, stagePath);
@@ -2917,10 +2262,10 @@ async function prepareDependency(source, targetPath, index, sourceCwd, stagingDi
   }
   const stagedFilePath = ensureInsideRoot(
     stagingDir,
-    `remote-${index}-${path11.basename(targetPath)}`
+    `remote-${index}-${path9.basename(targetPath)}`
   );
-  fs10.mkdirSync(path11.dirname(stagedFilePath), { recursive: true });
-  fs10.writeFileSync(stagedFilePath, Buffer.from(await response.arrayBuffer()));
+  fs8.mkdirSync(path9.dirname(stagedFilePath), { recursive: true });
+  fs8.writeFileSync(stagedFilePath, Buffer.from(await response.arrayBuffer()));
   events.push({
     level: "info",
     message: `[skills] dependency[${index}] staged: ${source}`
@@ -2969,7 +2314,7 @@ async function prepareInstallerArtifacts(skillDir, sourceCwd, options = {}) {
       events
     };
   }
-  const stagingDir = fs10.mkdtempSync(path11.join(os4.tmpdir(), "skillspp-installer-stage-"));
+  const stagingDir = fs8.mkdtempSync(path9.join(os4.tmpdir(), "skillspp-installer-stage-"));
   const preparedDependencies = [];
   const seenTargetPaths = /* @__PURE__ */ new Set();
   try {
@@ -2982,9 +2327,9 @@ async function prepareInstallerArtifacts(skillDir, sourceCwd, options = {}) {
       }
       seenTargetPaths.add(normalizedTarget);
       const destinationInSkill = ensureInsideRoot(skillDir, targetPath);
-      if (fs10.existsSync(destinationInSkill)) {
+      if (fs8.existsSync(destinationInSkill)) {
         throw new Error(
-          `Dependency[${i}] destination already exists: ${path11.relative(
+          `Dependency[${i}] destination already exists: ${path9.relative(
             skillDir,
             destinationInSkill
           )}`
@@ -3009,13 +2354,13 @@ async function prepareInstallerArtifacts(skillDir, sourceCwd, options = {}) {
       events
     };
   } catch (error) {
-    fs10.rmSync(stagingDir, { recursive: true, force: true });
+    fs8.rmSync(stagingDir, { recursive: true, force: true });
     throw error;
   }
 }
 function cleanupPreparedInstallerArtifacts(prepared) {
   if (prepared.stagingDir) {
-    fs10.rmSync(prepared.stagingDir, { recursive: true, force: true });
+    fs8.rmSync(prepared.stagingDir, { recursive: true, force: true });
   }
 }
 async function applyInstallerArtifacts(installedSkillDir, prepared) {
@@ -3025,37 +2370,37 @@ async function applyInstallerArtifacts(installedSkillDir, prepared) {
   runHookPhase("pre-install", prepared.preInstall, installedSkillDir, prepared.events);
   for (const dep of prepared.preparedDependencies) {
     const destinationPath = ensureInsideRoot(installedSkillDir, dep.targetPath);
-    if (fs10.existsSync(destinationPath)) {
+    if (fs8.existsSync(destinationPath)) {
       throw new Error(
-        `Dependency[${dep.index}] destination already exists: ${path11.relative(
+        `Dependency[${dep.index}] destination already exists: ${path9.relative(
           installedSkillDir,
           destinationPath
         )}`
       );
     }
-    fs10.mkdirSync(path11.dirname(destinationPath), { recursive: true });
+    fs8.mkdirSync(path9.dirname(destinationPath), { recursive: true });
     if (dep.kind === "local") {
-      const stat = fs10.statSync(dep.sourcePath);
+      const stat = fs8.statSync(dep.sourcePath);
       if (stat.isDirectory()) {
-        fs10.cpSync(dep.sourcePath, destinationPath, {
+        fs8.cpSync(dep.sourcePath, destinationPath, {
           recursive: true,
           force: false,
           errorOnExist: true
         });
       } else {
-        fs10.copyFileSync(dep.sourcePath, destinationPath);
+        fs8.copyFileSync(dep.sourcePath, destinationPath);
       }
     } else if (dep.kind === "remote-bytes") {
-      fs10.copyFileSync(dep.remoteBufferPath, destinationPath);
+      fs8.copyFileSync(dep.remoteBufferPath, destinationPath);
     } else {
       try {
-        fs10.renameSync(dep.repoStagePath, destinationPath);
+        fs8.renameSync(dep.repoStagePath, destinationPath);
       } catch (error) {
         const code = typeof error === "object" && error !== null && "code" in error && typeof error.code === "string" ? error.code : "";
         if (code !== "EXDEV") {
           throw error;
         }
-        fs10.cpSync(dep.repoStagePath, destinationPath, {
+        fs8.cpSync(dep.repoStagePath, destinationPath, {
           recursive: true,
           force: false,
           errorOnExist: true
@@ -3114,8 +2459,8 @@ var typeRules = [
     id: "framework-references-dir",
     when: (frontmatter) => frontmatter.type === "framework",
     validate: ({ skillDir, skillName, diagnostics }) => {
-      const referencesDir = path12.join(skillDir, "references");
-      if (!fs11.existsSync(referencesDir) || !fs11.statSync(referencesDir).isDirectory()) {
+      const referencesDir = path10.join(skillDir, "references");
+      if (!fs9.existsSync(referencesDir) || !fs9.statSync(referencesDir).isDirectory()) {
         addDiagnostic(diagnostics, {
           severity: "error",
           skill: skillName,
@@ -3128,11 +2473,11 @@ var typeRules = [
   }
 ];
 async function validateInstallerDependencies(skillDir, sourceRoot, diagnostics, skillName) {
-  const installerConfigPath = fs11.existsSync(path12.join(skillDir, "skill-installer.yaml")) ? path12.join(skillDir, "skill-installer.yaml") : path12.join(skillDir, "skill-installer.json");
+  const installerConfigPath = fs9.existsSync(path10.join(skillDir, "skill-installer.yaml")) ? path10.join(skillDir, "skill-installer.yaml") : path10.join(skillDir, "skill-installer.json");
   try {
     const installer = loadInstallerConfig(skillDir);
     const fallbackRoots = Array.from(
-      /* @__PURE__ */ new Set([path12.resolve(sourceRoot), path12.resolve(process.cwd())])
+      /* @__PURE__ */ new Set([path10.resolve(sourceRoot), path10.resolve(process.cwd())])
     );
     let hasSecurityViolation = false;
     for (const dep of installer.dependencies) {
@@ -3172,18 +2517,18 @@ async function validateInstallerDependencies(skillDir, sourceRoot, diagnostics,
     if (hasSecurityViolation) {
       return;
     }
-    const tempSkillDir = fs11.mkdtempSync(path12.join(os5.tmpdir(), "skillspp-validate-installer-"));
+    const tempSkillDir = fs9.mkdtempSync(path10.join(os5.tmpdir(), "skillspp-validate-installer-"));
     try {
       const filesToCopy = ["SKILL.md", "skill-installer.yaml", "skill-installer.json"];
       for (const fileName of filesToCopy) {
-        const src = path12.join(skillDir, fileName);
-        if (fs11.existsSync(src) && fs11.statSync(src).isFile()) {
-          fs11.copyFileSync(src, path12.join(tempSkillDir, fileName));
+        const src = path10.join(skillDir, fileName);
+        if (fs9.existsSync(src) && fs9.statSync(src).isFile()) {
+          fs9.copyFileSync(src, path10.join(tempSkillDir, fileName));
         }
       }
-      const agentsDir = path12.join(skillDir, "agents");
-      if (fs11.existsSync(agentsDir) && fs11.statSync(agentsDir).isDirectory()) {
-        fs11.cpSync(agentsDir, path12.join(tempSkillDir, "agents"), {
+      const agentsDir = path10.join(skillDir, "agents");
+      if (fs9.existsSync(agentsDir) && fs9.statSync(agentsDir).isDirectory()) {
+        fs9.cpSync(agentsDir, path10.join(tempSkillDir, "agents"), {
           recursive: true,
           force: true
         });
@@ -3225,7 +2570,7 @@ async function validateInstallerDependencies(skillDir, sourceRoot, diagnostics,
         throw lastMissingSourceError;
       }
     } finally {
-      fs11.rmSync(tempSkillDir, { recursive: true, force: true });
+      fs9.rmSync(tempSkillDir, { recursive: true, force: true });
     }
   } catch (error) {
     if (isInstallerSecurityError(error)) {
@@ -3258,9 +2603,9 @@ async function validateInstallerDependencies(skillDir, sourceRoot, diagnostics,
   }
 }
 async function validateSkillDir(skillDir, sourceRoot, diagnostics, strict, thresholds) {
-  const skillMd = path12.join(skillDir, "SKILL.md");
-  const skillName = path12.basename(skillDir);
-  if (!fs11.existsSync(skillMd)) {
+  const skillMd = path10.join(skillDir, "SKILL.md");
+  const skillName = path10.basename(skillDir);
+  if (!fs9.existsSync(skillMd)) {
     addDiagnostic(diagnostics, {
       severity: "error",
       skill: skillName,
@@ -3270,7 +2615,7 @@ async function validateSkillDir(skillDir, sourceRoot, diagnostics, strict, thres
     });
     return;
   }
-  const content = fs11.readFileSync(skillMd, "utf8");
+  const content = fs9.readFileSync(skillMd, "utf8");
   const lines = content.split(/\r?\n/);
   if (lines.length > thresholds.maxLines) {
     addDiagnostic(diagnostics, {
@@ -3336,12 +2681,12 @@ async function validateSkillDir(skillDir, sourceRoot, diagnostics, strict, thres
     }
   }
   for (const ref of discoverMarkdownReferences(content)) {
-    const resolved = path12.resolve(skillDir, ref);
-    const rel = path12.relative(skillDir, resolved);
-    if (!rel || rel.startsWith("..") || path12.isAbsolute(rel)) {
+    const resolved = path10.resolve(skillDir, ref);
+    const rel = path10.relative(skillDir, resolved);
+    if (!rel || rel.startsWith("..") || path10.isAbsolute(rel)) {
       continue;
     }
-    if (!fs11.existsSync(resolved)) {
+    if (!fs9.existsSync(resolved)) {
       addDiagnostic(diagnostics, {
         severity: "error",
         skill: skillName,
@@ -3359,11 +2704,11 @@ async function validateSkillDir(skillDir, sourceRoot, diagnostics, strict, thres
   await validateInstallerDependencies(skillDir, sourceRoot, diagnostics, skillName);
 }
 async function stageAndValidateLocalRoot(rootPath, dependencyRoot, seenSkillPaths, diagnostics, strict, thresholds, emitProgress) {
-  const resolvedRoot = path12.resolve(rootPath);
-  if (!fs11.existsSync(resolvedRoot) || !fs11.statSync(resolvedRoot).isDirectory()) {
+  const resolvedRoot = path10.resolve(rootPath);
+  if (!fs9.existsSync(resolvedRoot) || !fs9.statSync(resolvedRoot).isDirectory()) {
     addDiagnostic(diagnostics, {
       severity: "error",
-      skill: path12.basename(resolvedRoot),
+      skill: path10.basename(resolvedRoot),
       file: resolvedRoot,
       rule: "missing-root",
       message: "validation root does not exist"
@@ -3375,7 +2720,7 @@ async function stageAndValidateLocalRoot(rootPath, dependencyRoot, seenSkillPath
   if (skills.length === 0) {
     addDiagnostic(diagnostics, {
       severity: "error",
-      skill: path12.basename(resolvedRoot),
+      skill: path10.basename(resolvedRoot),
       file: resolvedRoot,
       rule: "no-skills-discovered",
       message: "no SKILL.md files discovered"
@@ -3383,7 +2728,7 @@ async function stageAndValidateLocalRoot(rootPath, dependencyRoot, seenSkillPath
     return;
   }
   for (const skill of skills) {
-    const resolvedSkillPath = path12.resolve(skill.path);
+    const resolvedSkillPath = path10.resolve(skill.path);
     if (seenSkillPaths.has(resolvedSkillPath)) {
       continue;
     }
@@ -3495,45 +2840,45 @@ async function runValidateAnalysis(options, emitProgress) {
 }
 
 // ../../packages/core/src/runtime/installer.ts
-import fs12 from "node:fs";
-import path13 from "node:path";
+import fs10 from "node:fs";
+import path11 from "node:path";
 function sanitizeSkillName(name) {
   const sanitized = name.toLowerCase().replace(/[^a-z0-9._-]+/g, "-").replace(/^[.-]+|[.-]+$/g, "");
   return sanitized || "unnamed-skill";
 }
 function ensureSafeInside(baseDir, target) {
-  const resolvedBase = path13.resolve(baseDir);
-  const resolvedTarget = path13.resolve(target);
-  if (!(resolvedTarget === resolvedBase || resolvedTarget.startsWith(`${resolvedBase}${path13.sep}`))) {
+  const resolvedBase = path11.resolve(baseDir);
+  const resolvedTarget = path11.resolve(target);
+  if (!(resolvedTarget === resolvedBase || resolvedTarget.startsWith(`${resolvedBase}${path11.sep}`))) {
     throw new Error(`Unsafe path detected: ${target}`);
   }
 }
 function symlinkRelative(target, linkPath) {
-  const parent = path13.dirname(linkPath);
-  const relative = path13.relative(parent, target);
+  const parent = path11.dirname(linkPath);
+  const relative = path11.relative(parent, target);
   const symlinkType = process.platform === "win32" ? "junction" : void 0;
-  fs12.symlinkSync(relative, linkPath, symlinkType);
+  fs10.symlinkSync(relative, linkPath, symlinkType);
 }
 function installToAgent(itemName, canonicalDir, agent, mode, globalInstall, cwd, resolveAgentBaseDir) {
   const agentBase = resolveAgentBaseDir(agent, globalInstall, cwd);
-  const agentDir = path13.join(agentBase, itemName);
-  fs12.mkdirSync(agentBase, { recursive: true });
+  const agentDir = path11.join(agentBase, itemName);
+  fs10.mkdirSync(agentBase, { recursive: true });
   ensureSafeInside(agentBase, agentDir);
-  if (path13.resolve(agentDir) === path13.resolve(canonicalDir)) {
+  if (path11.resolve(agentDir) === path11.resolve(canonicalDir)) {
     return { agent, path: canonicalDir, mode };
   }
   if (mode === "copy") {
-    fs12.rmSync(agentDir, { recursive: true, force: true });
-    fs12.cpSync(canonicalDir, agentDir, { recursive: true, force: true });
+    fs10.rmSync(agentDir, { recursive: true, force: true });
+    fs10.cpSync(canonicalDir, agentDir, { recursive: true, force: true });
     return { agent, path: agentDir, mode };
   }
   try {
-    fs12.rmSync(agentDir, { recursive: true, force: true });
+    fs10.rmSync(agentDir, { recursive: true, force: true });
     symlinkRelative(canonicalDir, agentDir);
     return { agent, path: agentDir, mode: "symlink" };
   } catch {
-    fs12.rmSync(agentDir, { recursive: true, force: true });
-    fs12.cpSync(canonicalDir, agentDir, { recursive: true, force: true });
+    fs10.rmSync(agentDir, { recursive: true, force: true });
+    fs10.cpSync(canonicalDir, agentDir, { recursive: true, force: true });
     return { agent, path: agentDir, mode: "copy" };
   }
 }
@@ -3548,23 +2893,12 @@ function installSkillToAgent(skillName, canonicalDir, agent, mode, globalInstall
     getAgentSkillsDir
   );
 }
-function installPluginToAgent(pluginName, canonicalDir, agent, mode, globalInstall, cwd) {
-  return installToAgent(
-    pluginName,
-    canonicalDir,
-    agent,
-    mode,
-    globalInstall,
-    cwd,
-    getAgentPluginsDir
-  );
-}
 function installToCanonicalDir(sourcePath, itemName, canonicalBase) {
-  const canonicalDir = path13.join(canonicalBase, itemName);
-  fs12.mkdirSync(canonicalBase, { recursive: true });
+  const canonicalDir = path11.join(canonicalBase, itemName);
+  fs10.mkdirSync(canonicalBase, { recursive: true });
   ensureSafeInside(canonicalBase, canonicalDir);
-  fs12.rmSync(canonicalDir, { recursive: true, force: true });
-  fs12.cpSync(sourcePath, canonicalDir, { recursive: true, force: true });
+  fs10.rmSync(canonicalDir, { recursive: true, force: true });
+  fs10.cpSync(sourcePath, canonicalDir, { recursive: true, force: true });
   return canonicalDir;
 }
 function installSkill(skill, agents, options) {
@@ -3595,48 +2929,20 @@ function installSkill(skill, agents, options) {
     installedTo
   };
 }
-function installPlugin(plugin, agents, options) {
-  if (agents.length === 0) {
-    throw new Error("At least one target agent is required for installation.");
-  }
-  const uniqueAgents = Array.from(new Set(agents));
-  const pluginName = sanitizeSkillName(plugin.name);
-  const canonicalAgent = uniqueAgents[0];
-  const canonicalBase = getAgentPluginsDir(canonicalAgent, options.globalInstall, options.cwd);
-  const canonicalDir = installToCanonicalDir(plugin.path, pluginName, canonicalBase);
-  const installedTo = [
-    { agent: canonicalAgent, path: canonicalDir, mode: options.mode },
-    ...uniqueAgents.slice(1).map(
-      (agent) => installPluginToAgent(
-        pluginName,
-        canonicalDir,
-        agent,
-        options.mode,
-        options.globalInstall,
-        options.cwd
-      )
-    )
-  ];
-  return {
-    skillName: pluginName,
-    canonicalDir,
-    installedTo
-  };
-}
 
 // ../../packages/core/src/sources/scanner.ts
-import fs13 from "node:fs";
+import fs11 from "node:fs";
 import os6 from "node:os";
-import path14 from "node:path";
+import path12 from "node:path";
 function listDirs(dir) {
-  if (!fs13.existsSync(dir) || !fs13.statSync(dir).isDirectory()) {
+  if (!fs11.existsSync(dir) || !fs11.statSync(dir).isDirectory()) {
     return [];
   }
-  return fs13.readdirSync(dir, { withFileTypes: true }).filter((entry) => entry.isDirectory()).map((entry) => entry.name);
+  return fs11.readdirSync(dir, { withFileTypes: true }).filter((entry) => entry.isDirectory()).map((entry) => entry.name);
 }
 function detectLocalGlobalConflicts(cwd) {
-  const localDir = path14.join(cwd, ".agents", "skills");
-  const globalDir = path14.join(os6.homedir(), ".config", "agents", "skills");
+  const localDir = path12.join(cwd, ".agents", "skills");
+  const globalDir = path12.join(os6.homedir(), ".config", "agents", "skills");
   const local = new Set(listDirs(localDir));
   const global = new Set(listDirs(globalDir));
   const overlap = [...local].filter((name) => global.has(name));
@@ -3646,30 +2952,30 @@ function detectLocalGlobalConflicts(cwd) {
   }));
 }
 function readPackageMeta(packageDir) {
-  const packageJson = path14.join(packageDir, "package.json");
-  if (!fs13.existsSync(packageJson) || !fs13.statSync(packageJson).isFile()) {
+  const packageJson = path12.join(packageDir, "package.json");
+  if (!fs11.existsSync(packageJson) || !fs11.statSync(packageJson).isFile()) {
     return {
-      name: path14.basename(packageDir),
+      name: path12.basename(packageDir),
       version: "0.0.0"
     };
   }
-  const parsed = JSON.parse(fs13.readFileSync(packageJson, "utf8"));
+  const parsed = JSON.parse(fs11.readFileSync(packageJson, "utf8"));
   return {
-    name: parsed.name || path14.basename(packageDir),
+    name: parsed.name || path12.basename(packageDir),
     version: parsed.version || "0.0.0"
   };
 }
 function collectSkillsFromPackage(packageDir, depth, out) {
   const meta = readPackageMeta(packageDir);
-  const skillsDir = path14.join(packageDir, "skills");
-  if (fs13.existsSync(skillsDir) && fs13.statSync(skillsDir).isDirectory()) {
-    for (const entry of fs13.readdirSync(skillsDir, { withFileTypes: true })) {
+  const skillsDir = path12.join(packageDir, "skills");
+  if (fs11.existsSync(skillsDir) && fs11.statSync(skillsDir).isDirectory()) {
+    for (const entry of fs11.readdirSync(skillsDir, { withFileTypes: true })) {
       if (!entry.isDirectory()) {
         continue;
       }
-      const skillDir = path14.join(skillsDir, entry.name);
-      const skillMd = path14.join(skillDir, "SKILL.md");
-      if (!fs13.existsSync(skillMd) || !fs13.statSync(skillMd).isFile()) {
+      const skillDir = path12.join(skillsDir, entry.name);
+      const skillMd = path12.join(skillDir, "SKILL.md");
+      if (!fs11.existsSync(skillMd) || !fs11.statSync(skillMd).isFile()) {
         continue;
       }
       out.push({
@@ -3683,42 +2989,42 @@ function collectSkillsFromPackage(packageDir, depth, out) {
   }
 }
 function walkNodeModules(nodeModulesDir, depth, maxDepth, seen, out) {
-  const resolvedNodeModules = path14.resolve(nodeModulesDir);
+  const resolvedNodeModules = path12.resolve(nodeModulesDir);
   if (seen.has(resolvedNodeModules) || depth > maxDepth) {
     return;
   }
   seen.add(resolvedNodeModules);
-  if (!fs13.existsSync(resolvedNodeModules) || !fs13.statSync(resolvedNodeModules).isDirectory()) {
+  if (!fs11.existsSync(resolvedNodeModules) || !fs11.statSync(resolvedNodeModules).isDirectory()) {
     return;
   }
-  for (const entry of fs13.readdirSync(resolvedNodeModules, {
+  for (const entry of fs11.readdirSync(resolvedNodeModules, {
     withFileTypes: true
   })) {
     if (!entry.isDirectory()) {
       continue;
     }
     if (entry.name.startsWith("@")) {
-      const scopeDir = path14.join(resolvedNodeModules, entry.name);
-      for (const scoped of fs13.readdirSync(scopeDir, { withFileTypes: true })) {
+      const scopeDir = path12.join(resolvedNodeModules, entry.name);
+      for (const scoped of fs11.readdirSync(scopeDir, { withFileTypes: true })) {
         if (!scoped.isDirectory()) {
           continue;
         }
-        const packageDir2 = path14.join(scopeDir, scoped.name);
+        const packageDir2 = path12.join(scopeDir, scoped.name);
         collectSkillsFromPackage(packageDir2, depth, out);
-        walkNodeModules(path14.join(packageDir2, "node_modules"), depth + 1, maxDepth, seen, out);
+        walkNodeModules(path12.join(packageDir2, "node_modules"), depth + 1, maxDepth, seen, out);
       }
       continue;
     }
-    const packageDir = path14.join(resolvedNodeModules, entry.name);
+    const packageDir = path12.join(resolvedNodeModules, entry.name);
     collectSkillsFromPackage(packageDir, depth, out);
-    walkNodeModules(path14.join(packageDir, "node_modules"), depth + 1, maxDepth, seen, out);
+    walkNodeModules(path12.join(packageDir, "node_modules"), depth + 1, maxDepth, seen, out);
   }
 }
 function discoverTransitiveSkillCandidates(cwd, options = {}) {
   const maxDepth = options.maxDepth ?? 8;
   const out = [];
   const seen = /* @__PURE__ */ new Set();
-  walkNodeModules(path14.join(cwd, "node_modules"), 0, maxDepth, seen, out);
+  walkNodeModules(path12.join(cwd, "node_modules"), 0, maxDepth, seen, out);
   return out.sort((a, b) => {
     if (a.skillName !== b.skillName) {
       return a.skillName.localeCompare(b.skillName);
@@ -3769,8 +3075,8 @@ function detectTransitiveSkillConflicts(candidates) {
 }
 
 // ../../packages/core/src/runtime/installer-scaffold.ts
-import fs14 from "node:fs";
-import path15 from "node:path";
+import fs12 from "node:fs";
+import path13 from "node:path";
 import YAML3 from "yaml";
 function installerConfigSkeleton() {
   return {
@@ -3781,11 +3087,11 @@ function installerConfigSkeleton() {
   };
 }
 function isFile(filePath) {
-  return fs14.existsSync(filePath) && fs14.statSync(filePath).isFile();
+  return fs12.existsSync(filePath) && fs12.statSync(filePath).isFile();
 }
 function getInstallerConfigState(skillDir) {
-  const yamlPath = path15.join(skillDir, "skill-installer.yaml");
-  const jsonPath = path15.join(skillDir, "skill-installer.json");
+  const yamlPath = path13.join(skillDir, "skill-installer.yaml");
+  const jsonPath = path13.join(skillDir, "skill-installer.json");
   const hasYaml = isFile(yamlPath);
   const hasJson = isFile(jsonPath);
   if (hasYaml && hasJson) {
@@ -3811,7 +3117,7 @@ function scaffoldInstallerConfigFile(skillDir, format) {
   }
   const content = format === "yaml" ? YAML3.stringify(installerConfigSkeleton()) : JSON.stringify(installerConfigSkeleton(), null, 2);
   const destinationPath = format === "yaml" ? state.yamlPath : state.jsonPath;
-  fs14.writeFileSync(destinationPath, `${content}
+  fs12.writeFileSync(destinationPath, `${content}
 `, "utf8");
   return { created: true, filePath: destinationPath };
 }
@@ -3873,19 +3179,19 @@ function canonicalSourceIdentity(options) {
   }
   return options.parsedSource.repoUrl;
 }
-function resolveSafeRealPath3(inputPath) {
+function resolveSafeRealPath2(inputPath) {
   try {
-    return fs15.realpathSync(inputPath);
+    return fs13.realpathSync(inputPath);
   } catch {
-    return path16.resolve(inputPath);
+    return path14.resolve(inputPath);
   }
 }
-function isLocalSymlinkSource3(localPath) {
+function isLocalSymlinkSource2(localPath) {
   try {
-    if (!fs15.existsSync(localPath)) {
+    if (!fs13.existsSync(localPath)) {
       return false;
     }
-    return fs15.lstatSync(localPath).isSymbolicLink();
+    return fs13.lstatSync(localPath).isSymbolicLink();
   } catch {
     return false;
   }
@@ -3899,18 +3205,18 @@ function staleLockfileNameForFormat(format) {
 function propagateLockfileVisibility(options) {
   const lockName = lockfileNameForFormat(options.lockFormat);
   const staleLockName = staleLockfileNameForFormat(options.lockFormat);
-  const canonicalLockPath = path16.join(options.canonicalDir, lockName);
-  const canonicalRealPath = fs15.existsSync(options.canonicalDir) ? fs15.realpathSync(options.canonicalDir) : path16.resolve(options.canonicalDir);
+  const canonicalLockPath = path14.join(options.canonicalDir, lockName);
+  const canonicalRealPath = fs13.existsSync(options.canonicalDir) ? fs13.realpathSync(options.canonicalDir) : path14.resolve(options.canonicalDir);
   for (const targetDir of options.targetDirs) {
-    const targetRealPath = fs15.existsSync(targetDir) ? fs15.realpathSync(targetDir) : path16.resolve(targetDir);
+    const targetRealPath = fs13.existsSync(targetDir) ? fs13.realpathSync(targetDir) : path14.resolve(targetDir);
     if (targetRealPath === canonicalRealPath) {
       continue;
     }
-    const targetLockPath = path16.join(targetDir, lockName);
-    const staleTargetPath = path16.join(targetDir, staleLockName);
-    fs15.copyFileSync(canonicalLockPath, targetLockPath);
-    if (fs15.existsSync(staleTargetPath)) {
-      fs15.rmSync(staleTargetPath, { force: true });
+    const targetLockPath = path14.join(targetDir, lockName);
+    const staleTargetPath = path14.join(targetDir, staleLockName);
+    fs13.copyFileSync(canonicalLockPath, targetLockPath);
+    if (fs13.existsSync(staleTargetPath)) {
+      fs13.rmSync(staleTargetPath, { force: true });
     }
   }
 }
@@ -3955,12 +3261,12 @@ function writeLockEntryAfterInstall(options) {
     targetDirs: options.outcome.installedTo.map((destination) => destination.path),
     lockFormat: selectedFormat
   });
-  const staleLockPath = path16.join(
+  const staleLockPath = path14.join(
     options.outcome.canonicalDir,
     staleLockfileNameForFormat(selectedFormat)
   );
-  if (fs15.existsSync(staleLockPath)) {
-    fs15.rmSync(staleLockPath, { force: true });
+  if (fs13.existsSync(staleLockPath)) {
+    fs13.rmSync(staleLockPath, { force: true });
   }
 }
 function buildRemoteSkill(remote) {
@@ -3974,23 +3280,6 @@ function buildRemoteSkill(remote) {
     cleanup: staged.cleanup
   };
 }
-async function buildRemotePlugin(remote) {
-  const staged = stageRemotePluginFilesToTempDir(remote.installName, remote.files);
-  try {
-    const plugins = await discoverPluginsAsync(staged.path, [remote.installName]);
-    const plugin = plugins[0];
-    if (!plugin) {
-      throw new Error(`Plugin '${remote.installName}' is missing plugin.json`);
-    }
-    return {
-      plugin,
-      cleanup: staged.cleanup
-    };
-  } catch (error) {
-    staged.cleanup();
-    throw error;
-  }
-}
 async function runCheckScanTask(cwd, options, emitProgress) {
   await emitProgress("checking drift");
   const assessed = await assessLockEntries(options, cwd, {
@@ -4017,20 +3306,11 @@ async function runUpdateAssessTask(cwd, options, emitProgress) {
     assessments: serializeAssessments(assessed.assessments)
   };
 }
-async function runPluginUpdateAssessTask(cwd, options, emitProgress) {
-  await emitProgress("assessing drift");
-  const assessed = await assessPluginLockEntries(options, cwd, {
-    keepResolved: false
-  });
-  return {
-    assessments: serializeAssessments(assessed.assessments)
-  };
-}
 function createBackupDir(skillName, sourceDir) {
-  const backupRoot = fs15.mkdtempSync(path16.join(os7.tmpdir(), "skillspp-update-backup-"));
-  const backupDir = path16.join(backupRoot, skillName);
-  fs15.mkdirSync(backupDir, { recursive: true });
-  fs15.cpSync(sourceDir, backupDir, { recursive: true, force: true });
+  const backupRoot = fs13.mkdtempSync(path14.join(os7.tmpdir(), "skillspp-update-backup-"));
+  const backupDir = path14.join(backupRoot, skillName);
+  fs13.mkdirSync(backupDir, { recursive: true });
+  fs13.cpSync(sourceDir, backupDir, { recursive: true, force: true });
   return backupDir;
 }
 async function applyEntryUpdate(assessment, options, cwd) {
@@ -4090,70 +3370,7 @@ async function applyEntryUpdate(assessment, options, cwd) {
     });
     throw error;
   } finally {
-    fs15.rmSync(path16.dirname(backupDir), { recursive: true, force: true });
-    if (resolved.cleanup) {
-      resolved.cleanup();
-    }
-  }
-}
-async function applyPluginEntryUpdate(assessment, options, cwd) {
-  const { entry } = assessment;
-  if (!assessment.resolved || !assessment.sourceHash) {
-    throw new Error(`No resolved source available for ${entry.skillName}`);
-  }
-  const resolved = assessment.resolved;
-  const sourceHash = assessment.sourceHash;
-  const backupDir = createBackupDir(entry.skillName, entry.canonicalDir);
-  try {
-    const preparedInstaller = await prepareInstallerArtifacts(resolved.plugin.path, cwd, {
-      sourceType: entry.source.type,
-      policyMode: options.policyMode || "enforce",
-      trustWellKnown: Boolean(options.trustWellKnown)
-    });
-    const outcome = installPlugin(resolved.plugin, entry.agents, {
-      mode: entry.installMode,
-      globalInstall: entry.global,
-      cwd
-    });
-    try {
-      await applyInstallerArtifacts(outcome.canonicalDir, preparedInstaller);
-    } finally {
-      cleanupPreparedInstallerArtifacts(preparedInstaller);
-    }
-    const installedHash = await hashDirectoryAsync(outcome.canonicalDir);
-    return {
-      ...entry,
-      source: {
-        ...entry.source,
-        canonical: assessment.refreshedSource?.canonical ?? entry.source.canonical,
-        pinnedRef: assessment.refreshedSource?.pinnedRef ?? entry.source.pinnedRef,
-        resolvedPath: assessment.refreshedSource?.resolvedPath ?? entry.source.resolvedPath,
-        isSymlinkSource: assessment.refreshedSource?.isSymlinkSource ?? entry.source.isSymlinkSource,
-        selector: {
-          ...entry.source.selector,
-          relativePath: assessment.refreshedSource?.sourcePluginPath ?? entry.source.selector.relativePath,
-          wellKnownSourceUrl: assessment.refreshedSource?.wellKnownSourceUrl ?? entry.source.selector.wellKnownSourceUrl
-        }
-      },
-      sourceHash,
-      installedHash,
-      canonicalDir: outcome.canonicalDir,
-      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-    };
-  } catch (error) {
-    const rollbackPlugin = {
-      name: entry.skillName,
-      description: `Rollback for ${entry.skillName}`,
-      path: backupDir
-    };
-    installPlugin(rollbackPlugin, entry.agents, {
-      mode: entry.installMode,
-      globalInstall: entry.global,
-      cwd
-    });
-    throw error;
-  } finally {
-    fs15.rmSync(path16.dirname(backupDir), { recursive: true, force: true });
+    fs13.rmSync(path14.dirname(backupDir), { recursive: true, force: true });
     if (resolved.cleanup) {
       resolved.cleanup();
     }
@@ -4164,61 +3381,8 @@ async function runUpdateApplyTask(payload, emitProgress) {
     ...payload.options,
     skill: payload.selectedSkillNames
   };
-  await emitProgress("assessing selected skills");
-  const assessed = await assessLockEntries(selectedOptions, payload.cwd, {
-    keepResolved: true
-  });
-  const candidateAssessments = assessed.assessments.filter(
-    (assessment) => !assessment.drift.some((item) => item.kind === "migrate-required") && assessment.drift.some(
-      (item) => item.kind === "changed-source" || item.kind === "local-modified"
-    )
-  );
-  let nextLock = readLockfile(Boolean(payload.options.global), payload.cwd);
-  const updatedEntries = [];
-  const ordered = [...candidateAssessments].sort(
-    (a, b) => a.entry.skillName.localeCompare(b.entry.skillName)
-  );
-  try {
-    for (const assessment of ordered) {
-      await emitProgress(`updating ${assessment.entry.skillName}`);
-      const updated = await applyEntryUpdate(assessment, payload.options, payload.cwd);
-      updatedEntries.push(updated);
-      nextLock = upsertLockEntry(nextLock, updated);
-    }
-    await emitProgress("writing lockfile");
-    writeLockfile(Boolean(payload.options.global), payload.cwd, nextLock, payload.lockFormat);
-    for (const updated of updatedEntries) {
-      const targetDirs = Array.from(
-        new Set(
-          updated.agents.map(
-            (agent) => path16.join(getAgentSkillsDir(agent, updated.global, payload.cwd), updated.skillName)
-          )
-        )
-      );
-      propagateLockfileVisibility({
-        canonicalDir: updated.canonicalDir,
-        targetDirs,
-        lockFormat: payload.lockFormat
-      });
-    }
-    return {
-      updatedSkillNames: ordered.map((assessment) => assessment.entry.skillName)
-    };
-  } finally {
-    for (const assessment of assessed.assessments) {
-      if (assessment.resolved?.cleanup) {
-        assessment.resolved.cleanup();
-      }
-    }
-  }
-}
-async function runPluginUpdateApplyTask(payload, emitProgress) {
-  const selectedOptions = {
-    ...payload.options,
-    skill: payload.selectedPluginNames
-  };
-  await emitProgress("assessing selected plugins");
-  const assessed = await assessPluginLockEntries(selectedOptions, payload.cwd, {
+  await emitProgress("assessing selected skills");
+  const assessed = await assessLockEntries(selectedOptions, payload.cwd, {
     keepResolved: true
   });
   const candidateAssessments = assessed.assessments.filter(
@@ -4226,7 +3390,7 @@ async function runPluginUpdateApplyTask(payload, emitProgress) {
       (item) => item.kind === "changed-source" || item.kind === "local-modified"
     )
   );
-  let nextLock = readResourceLockfile("plugin", Boolean(payload.options.global), payload.cwd);
+  let nextLock = readLockfile(Boolean(payload.options.global), payload.cwd);
   const updatedEntries = [];
   const ordered = [...candidateAssessments].sort(
     (a, b) => a.entry.skillName.localeCompare(b.entry.skillName)
@@ -4234,23 +3398,17 @@ async function runPluginUpdateApplyTask(payload, emitProgress) {
   try {
     for (const assessment of ordered) {
       await emitProgress(`updating ${assessment.entry.skillName}`);
-      const updated = await applyPluginEntryUpdate(assessment, payload.options, payload.cwd);
+      const updated = await applyEntryUpdate(assessment, payload.options, payload.cwd);
       updatedEntries.push(updated);
-      nextLock = upsertResourceLockEntry(nextLock, updated);
+      nextLock = upsertLockEntry(nextLock, updated);
     }
     await emitProgress("writing lockfile");
-    writeResourceLockfile(
-      "plugin",
-      Boolean(payload.options.global),
-      payload.cwd,
-      nextLock,
-      payload.lockFormat
-    );
+    writeLockfile(Boolean(payload.options.global), payload.cwd, nextLock, payload.lockFormat);
     for (const updated of updatedEntries) {
       const targetDirs = Array.from(
         new Set(
           updated.agents.map(
-            (agent) => path16.join(getAgentPluginsDir(agent, updated.global, payload.cwd), updated.skillName)
+            (agent) => path14.join(getAgentSkillsDir(agent, updated.global, payload.cwd), updated.skillName)
           )
         )
       );
@@ -4261,7 +3419,7 @@ async function runPluginUpdateApplyTask(payload, emitProgress) {
       });
     }
     return {
-      updatedPluginNames: ordered.map((assessment) => assessment.entry.skillName)
+      updatedSkillNames: ordered.map((assessment) => assessment.entry.skillName)
     };
   } finally {
     for (const assessment of assessed.assessments) {
@@ -4311,67 +3469,12 @@ async function resolveMigrationSource(options) {
     return {
       parsedSource,
       skill,
-      sourceSkillPath: path16.relative(prepared.basePath, skill.path) || ".",
-      sourceHash,
-      sourceCanonical: canonicalSourceIdentity({ parsedSource }),
-      sourcePinnedRef,
-      sourceResolvedPath: parsedSource.type === "local" ? resolveSafeRealPath3(skill.path) : void 0,
-      sourceIsSymlink: parsedSource.type === "local" ? isLocalSymlinkSource3(parsedSource.localPath) : void 0,
-      cleanup: prepared.cleanup
-    };
-  } catch (error) {
-    if (prepared.cleanup) {
-      prepared.cleanup();
-    }
-    throw error;
-  }
-}
-async function resolvePluginMigrationSource(options) {
-  const parsedSource = parseSource(options.sourceInput);
-  if (parsedSource.type === "well-known" || parsedSource.type === "catalog") {
-    const remotePlugins = parsedSource.type === "well-known" ? await resolveWellKnownPlugins(parsedSource.url, options.addOptions) : await resolveCatalogPlugins(parsedSource.url, options.addOptions);
-    const remote = remotePlugins.find((item) => item.installName === options.pluginName);
-    if (!remote) {
-      throw new Error(`Plugin '${options.pluginName}' not found in migration source`);
-    }
-    const staged = await buildRemotePlugin(remote);
-    const sourceHash = hashDirectory(staged.plugin.path);
-    return {
-      parsedSource,
-      plugin: staged.plugin,
-      sourceHash,
-      sourceCanonical: canonicalSourceIdentity({
-        parsedSource,
-        wellKnownSourceUrl: remote.sourceUrl
-      }),
-      sourcePinnedRef: sourceHash,
-      wellKnownSourceUrl: remote.sourceUrl,
-      cleanup: staged.cleanup
-    };
-  }
-  const prepared = await prepareSourceDirAsync(
-    parsedSource
-  );
-  try {
-    const plugins = await discoverPluginsAsync(prepared.basePath, [options.pluginName]);
-    const plugin = plugins.find((item) => item.name === options.pluginName);
-    if (!plugin) {
-      throw new Error(`Plugin '${options.pluginName}' not found in migration source`);
-    }
-    const sourceHash = sourceHashForInstalledSkill({
-      parsedSource,
-      skillPath: plugin.path
-    });
-    const sourcePinnedRef = parsedSource.type === "github" || parsedSource.type === "git" ? await resolveGitHeadRefAsync(prepared.basePath) : void 0;
-    return {
-      parsedSource,
-      plugin,
-      sourcePluginPath: path16.relative(prepared.basePath, plugin.path) || ".",
+      sourceSkillPath: path14.relative(prepared.basePath, skill.path) || ".",
       sourceHash,
       sourceCanonical: canonicalSourceIdentity({ parsedSource }),
       sourcePinnedRef,
-      sourceResolvedPath: parsedSource.type === "local" ? resolveSafeRealPath3(plugin.path) : void 0,
-      sourceIsSymlink: parsedSource.type === "local" ? isLocalSymlinkSource3(parsedSource.localPath) : void 0,
+      sourceResolvedPath: parsedSource.type === "local" ? resolveSafeRealPath2(skill.path) : void 0,
+      sourceIsSymlink: parsedSource.type === "local" ? isLocalSymlinkSource2(parsedSource.localPath) : void 0,
       cleanup: prepared.cleanup
     };
   } catch (error) {
@@ -4442,82 +3545,13 @@ async function runUpdateMigrateTask(payload, emitProgress) {
     });
     throw error;
   } finally {
-    fs15.rmSync(path16.dirname(backupDir), { recursive: true, force: true });
+    fs13.rmSync(path14.dirname(backupDir), { recursive: true, force: true });
     if (source.cleanup) {
       source.cleanup();
     }
   }
   return { skillName: entry.skillName };
 }
-async function runPluginUpdateMigrateTask(payload, emitProgress) {
-  await emitProgress("resolving migration source");
-  const lock = readResourceLockfile("plugin", Boolean(payload.options.global), payload.cwd);
-  const entry = lock.entries.find((item) => item.skillName === payload.pluginName);
-  if (!entry) {
-    throw new Error(`Unknown plugin for migration: ${payload.pluginName}`);
-  }
-  const source = await resolvePluginMigrationSource({
-    sourceInput: payload.sourceInput,
-    pluginName: payload.pluginName,
-    addOptions: payload.options
-  });
-  const backupDir = createBackupDir(entry.skillName, entry.canonicalDir);
-  try {
-    await emitProgress(`migrating ${entry.skillName}`);
-    const preparedInstaller = await prepareInstallerArtifacts(source.plugin.path, payload.cwd, {
-      sourceType: source.parsedSource.type,
-      policyMode: payload.options.policyMode || "enforce",
-      trustWellKnown: Boolean(payload.options.trustWellKnown)
-    });
-    const outcome = installPlugin(source.plugin, entry.agents, {
-      mode: entry.installMode,
-      globalInstall: entry.global,
-      cwd: payload.cwd
-    });
-    try {
-      await applyInstallerArtifacts(outcome.canonicalDir, preparedInstaller);
-      await emitProgress("writing lockfile");
-      writeLockEntryAfterInstall({
-        resourceKind: "plugin",
-        globalInstall: entry.global,
-        cwd: payload.cwd,
-        sourceInput: payload.sourceInput,
-        sourceType: source.parsedSource.type,
-        sourceCanonical: source.sourceCanonical,
-        sourcePinnedRef: source.sourcePinnedRef,
-        sourceResolvedPath: source.sourceResolvedPath,
-        sourceIsSymlink: source.sourceIsSymlink,
-        sourceSkillName: source.plugin.name,
-        sourceSkillPath: source.sourcePluginPath,
-        wellKnownSourceUrl: source.wellKnownSourceUrl,
-        sourceHash: source.sourceHash,
-        outcome,
-        mode: entry.installMode,
-        lockFormat: payload.lockFormat
-      });
-    } finally {
-      cleanupPreparedInstallerArtifacts(preparedInstaller);
-    }
-  } catch (error) {
-    const rollbackPlugin = {
-      name: entry.skillName,
-      description: `Rollback for ${entry.skillName}`,
-      path: backupDir
-    };
-    installPlugin(rollbackPlugin, entry.agents, {
-      mode: entry.installMode,
-      globalInstall: entry.global,
-      cwd: payload.cwd
-    });
-    throw error;
-  } finally {
-    fs15.rmSync(path16.dirname(backupDir), { recursive: true, force: true });
-    if (source.cleanup) {
-      source.cleanup();
-    }
-  }
-  return { pluginName: entry.skillName };
-}
 async function runListDetectAgentsTask(cwd, options, emitProgress) {
   await emitProgress("detecting installed agents");
   const agents = options.agent ? filterInstalledAgents(resolveAgents(options.agent), cwd) : detectInstalledAgents(cwd);
@@ -4528,17 +3562,17 @@ async function runListScanInventoryTask(payload, emitProgress) {
   for (const agent of payload.agents) {
     await emitProgress(`scanning installed skills (${AGENTS[agent].displayName})`);
     const dir = getAgentSkillsDir(agent, payload.globalInstall, payload.cwd);
-    if (!fs15.existsSync(dir) || !fs15.statSync(dir).isDirectory()) {
+    if (!fs13.existsSync(dir) || !fs13.statSync(dir).isDirectory()) {
       continue;
     }
-    for (const entry of fs15.readdirSync(dir, { withFileTypes: true })) {
+    for (const entry of fs13.readdirSync(dir, { withFileTypes: true })) {
       if (!entry.isDirectory() && !entry.isSymbolicLink()) {
         continue;
       }
-      const fullPath = path16.join(dir, entry.name);
+      const fullPath = path14.join(dir, entry.name);
       let resolvedPath = fullPath;
       try {
-        resolvedPath = fs15.realpathSync(fullPath);
+        resolvedPath = fs13.realpathSync(fullPath);
       } catch {
         resolvedPath = fullPath;
       }
@@ -4595,56 +3629,6 @@ async function resolveAddSourceSkills(sourceInput, options, emitProgress) {
     }
   }
 }
-async function resolveAddSourcePlugins(sourceInput, options, emitProgress) {
-  const parsed = parseSource(sourceInput);
-  const requestedPlugins = options.skill;
-  if (parsed.type === "well-known" || parsed.type === "catalog") {
-    await emitProgress("fetching plugin index");
-    const remotePlugins = parsed.type === "well-known" ? await resolveWellKnownPlugins(parsed.url, options) : await resolveCatalogPlugins(parsed.url, options);
-    if (remotePlugins.length === 0) {
-      throw new Error("No plugins found at remote endpoint");
-    }
-    const selectedRemotePlugins = requestedPlugins && !requestedPlugins.includes("*") ? remotePlugins.filter((remote) => requestedPlugins.includes(remote.installName)) : remotePlugins;
-    const discoveredPlugins = [];
-    for (const remote of selectedRemotePlugins) {
-      const staged = await buildRemotePlugin(remote);
-      try {
-        discoveredPlugins.push(staged.plugin);
-      } finally {
-        staged.cleanup();
-      }
-    }
-    if (discoveredPlugins.length === 0) {
-      throw new Error("No plugins found in source");
-    }
-    return {
-      plugins: discoveredPlugins.map((plugin) => ({
-        name: plugin.name,
-        description: plugin.description
-      }))
-    };
-  }
-  await emitProgress("loading source");
-  const prepared = await prepareSourceDirAsync(
-    parsed
-  );
-  try {
-    const plugins = await discoverPluginsAsync(prepared.basePath, requestedPlugins);
-    if (plugins.length === 0) {
-      throw new Error("No plugins found in source");
-    }
-    return {
-      plugins: plugins.map((plugin) => ({
-        name: plugin.name,
-        description: plugin.description
-      }))
-    };
-  } finally {
-    if (prepared.cleanup) {
-      prepared.cleanup();
-    }
-  }
-}
 async function installSelectedAddSkills(payload, emitProgress) {
   const parsedSource = parseSource(payload.sourceInput);
   const globalInstall = resolveAddGlobalInstall(payload.options);
@@ -4703,7 +3687,6 @@ async function installSelectedAddSkills(payload, emitProgress) {
         try {
           await applyInstallerArtifacts(outcome.canonicalDir, preparedInstaller);
           writeLockEntryAfterInstall({
-            resourceKind: "plugin",
             globalInstall,
             cwd: payload.cwd,
             sourceInput: payload.sourceInput,
@@ -4738,7 +3721,7 @@ async function installSelectedAddSkills(payload, emitProgress) {
   try {
     const sourceCanonical = canonicalSourceIdentity({ parsedSource });
     const sourcePinnedRef = parsedSource.type === "github" || parsedSource.type === "git" ? await resolveGitHeadRefAsync(prepared.basePath) : void 0;
-    const sourceIsSymlink = parsedSource.type === "local" ? isLocalSymlinkSource3(parsedSource.localPath) : void 0;
+    const sourceIsSymlink = parsedSource.type === "local" ? isLocalSymlinkSource2(parsedSource.localPath) : void 0;
     const skills = await discoverSkillsAsync(prepared.basePath);
     const selected = skills.filter((skill) => payload.selectedSkillNames.includes(skill.name));
     if (selected.length === 0) {
@@ -4758,9 +3741,9 @@ async function installSelectedAddSkills(payload, emitProgress) {
       scaffoldInstallerConfigForSkills(missingInstallerSkillDirs, scaffoldFormat);
     }
     for (const skill of selected) {
-      const sourceResolvedPath = parsedSource.type === "local" ? resolveSafeRealPath3(skill.path) : void 0;
+      const sourceResolvedPath = parsedSource.type === "local" ? resolveSafeRealPath2(skill.path) : void 0;
       await emitProgress(`installing ${skill.name}`);
-      const sourceSkillPath = path16.relative(prepared.basePath, skill.path) || ".";
+      const sourceSkillPath = path14.relative(prepared.basePath, skill.path) || ".";
       const preparedInstaller = await prepareInstallerArtifacts(skill.path, payload.cwd, {
         sourceType: parsedSource.type,
         policyMode: payload.options.policyMode || "enforce",
@@ -4774,7 +3757,6 @@ async function installSelectedAddSkills(payload, emitProgress) {
       try {
         await applyInstallerArtifacts(outcome.canonicalDir, preparedInstaller);
         writeLockEntryAfterInstall({
-          resourceKind: "plugin",
           globalInstall,
           cwd: payload.cwd,
           sourceInput: payload.sourceInput,
@@ -4808,166 +3790,6 @@ async function installSelectedAddSkills(payload, emitProgress) {
     }
   }
 }
-async function installSelectedAddPlugins(payload, emitProgress) {
-  const parsedSource = parseSource(payload.sourceInput);
-  const globalInstall = resolveAddGlobalInstall(payload.options);
-  const mode = resolveAddInstallMode(payload.options);
-  if (parsedSource.type === "well-known" || parsedSource.type === "catalog") {
-    await emitProgress("fetching selected plugins");
-    const remotePlugins = parsedSource.type === "well-known" ? await resolveWellKnownPlugins(parsedSource.url, payload.options) : await resolveCatalogPlugins(parsedSource.url, payload.options);
-    const remoteByName = new Map(remotePlugins.map((remote) => [remote.installName, remote]));
-    const tempCleanups = [];
-    const stagedSelected = [];
-    const sourceHashesBefore = /* @__PURE__ */ new Map();
-    try {
-      for (const pluginName of payload.selectedPluginNames) {
-        const remote = remoteByName.get(pluginName);
-        if (!remote) {
-          throw new Error("No matching plugins found in source");
-        }
-        const staged = await buildRemotePlugin(remote);
-        tempCleanups.push(staged.cleanup);
-        stagedSelected.push(staged.plugin);
-        sourceHashesBefore.set(staged.plugin.path, hashDirectory(staged.plugin.path));
-      }
-      const missingInstallerPluginDirs = listSkillsMissingInstallerConfig(
-        stagedSelected.map((item) => item.path)
-      );
-      const scaffoldFormat = resolveAddInstallerScaffoldFormat(
-        payload.options,
-        missingInstallerPluginDirs.length
-      );
-      if (scaffoldFormat) {
-        scaffoldInstallerConfigForSkills(missingInstallerPluginDirs, scaffoldFormat);
-      }
-      for (const localPlugin of stagedSelected) {
-        const remote = remoteByName.get(localPlugin.name);
-        if (!remote) {
-          throw new Error(
-            `Could not resolve remote metadata for selected plugin '${localPlugin.name}'`
-          );
-        }
-        const sourceHash = sourceHashesBefore.get(localPlugin.path) || hashDirectory(localPlugin.path);
-        const sourceCanonical = canonicalSourceIdentity({
-          parsedSource,
-          wellKnownSourceUrl: remote.sourceUrl
-        });
-        await emitProgress(`installing ${localPlugin.name}`);
-        const preparedInstaller = await prepareInstallerArtifacts(localPlugin.path, payload.cwd, {
-          sourceType: parsedSource.type,
-          policyMode: payload.options.policyMode || "enforce",
-          trustWellKnown: Boolean(payload.options.trustWellKnown)
-        });
-        const outcome = installPlugin(localPlugin, payload.agents, {
-          mode,
-          globalInstall,
-          cwd: payload.cwd
-        });
-        try {
-          await applyInstallerArtifacts(outcome.canonicalDir, preparedInstaller);
-          writeLockEntryAfterInstall({
-            globalInstall,
-            cwd: payload.cwd,
-            sourceInput: payload.sourceInput,
-            sourceType: parsedSource.type,
-            sourceCanonical,
-            sourcePinnedRef: sourceHash,
-            sourceSkillName: remote.installName,
-            sourceHash,
-            wellKnownSourceUrl: remote.sourceUrl,
-            outcome,
-            mode,
-            lockFormat: payload.options.lockFormat
-          });
-        } finally {
-          cleanupPreparedInstallerArtifacts(preparedInstaller);
-        }
-      }
-    } finally {
-      for (const cleanup of tempCleanups) {
-        cleanup();
-      }
-    }
-    return {
-      installedPluginNames: [...payload.selectedPluginNames],
-      agentCount: payload.agents.length
-    };
-  }
-  await emitProgress("loading source");
-  const prepared = await prepareSourceDirAsync(
-    parsedSource
-  );
-  try {
-    const sourceCanonical = canonicalSourceIdentity({ parsedSource });
-    const sourcePinnedRef = parsedSource.type === "github" || parsedSource.type === "git" ? await resolveGitHeadRefAsync(prepared.basePath) : void 0;
-    const sourceIsSymlink = parsedSource.type === "local" ? isLocalSymlinkSource3(parsedSource.localPath) : void 0;
-    const selected = await discoverPluginsAsync(prepared.basePath, payload.selectedPluginNames);
-    if (selected.length === 0) {
-      throw new Error("No matching plugins found in source");
-    }
-    const sourceHashesBefore = new Map(
-      selected.map((plugin) => [plugin.path, hashDirectory(plugin.path)])
-    );
-    const missingInstallerPluginDirs = listSkillsMissingInstallerConfig(
-      selected.map((plugin) => plugin.path)
-    );
-    const scaffoldFormat = resolveAddInstallerScaffoldFormat(
-      payload.options,
-      missingInstallerPluginDirs.length
-    );
-    if (scaffoldFormat) {
-      scaffoldInstallerConfigForSkills(missingInstallerPluginDirs, scaffoldFormat);
-    }
-    for (const plugin of selected) {
-      const sourceResolvedPath = parsedSource.type === "local" ? resolveSafeRealPath3(plugin.path) : void 0;
-      await emitProgress(`installing ${plugin.name}`);
-      const sourceSkillPath = path16.relative(prepared.basePath, plugin.path) || ".";
-      const preparedInstaller = await prepareInstallerArtifacts(plugin.path, payload.cwd, {
-        sourceType: parsedSource.type,
-        policyMode: payload.options.policyMode || "enforce",
-        trustWellKnown: Boolean(payload.options.trustWellKnown)
-      });
-      const outcome = installPlugin(plugin, payload.agents, {
-        mode,
-        globalInstall,
-        cwd: payload.cwd
-      });
-      try {
-        await applyInstallerArtifacts(outcome.canonicalDir, preparedInstaller);
-        writeLockEntryAfterInstall({
-          globalInstall,
-          cwd: payload.cwd,
-          sourceInput: payload.sourceInput,
-          sourceType: parsedSource.type,
-          sourceCanonical,
-          sourcePinnedRef,
-          sourceResolvedPath,
-          sourceIsSymlink,
-          sourceSkillName: plugin.name,
-          sourceSkillPath,
-          sourceHash: sourceHashForInstalledSkill({
-            parsedSource,
-            skillPath: plugin.path,
-            beforeHash: sourceHashesBefore.get(plugin.path)
-          }),
-          outcome,
-          mode,
-          lockFormat: payload.options.lockFormat
-        });
-      } finally {
-        cleanupPreparedInstallerArtifacts(preparedInstaller);
-      }
-    }
-    return {
-      installedPluginNames: selected.map((plugin) => plugin.name),
-      agentCount: payload.agents.length
-    };
-  } finally {
-    if (prepared.cleanup) {
-      prepared.cleanup();
-    }
-  }
-}
 async function runFindFetchInventoryTask(sourceInput, options, emitProgress) {
   await emitProgress("parsing source");
   const parsedSource = parseSource(sourceInput);
@@ -5030,20 +3852,10 @@ async function executeBackgroundTask(request, emitProgress) {
       return await runCheckScanTask(request.payload.cwd, request.payload.options, emitProgress);
     case "update.assess":
       return await runUpdateAssessTask(request.payload.cwd, request.payload.options, emitProgress);
-    case "plugin.update.assess":
-      return await runPluginUpdateAssessTask(
-        request.payload.cwd,
-        request.payload.options,
-        emitProgress
-      );
     case "update.apply":
       return await runUpdateApplyTask(request.payload, emitProgress);
-    case "plugin.update.apply":
-      return await runPluginUpdateApplyTask(request.payload, emitProgress);
     case "update.migrate":
       return await runUpdateMigrateTask(request.payload, emitProgress);
-    case "plugin.update.migrate":
-      return await runPluginUpdateMigrateTask(request.payload, emitProgress);
     case "list.detectAgents":
       return await runListDetectAgentsTask(
         request.payload.cwd,
@@ -5060,14 +3872,6 @@ async function executeBackgroundTask(request, emitProgress) {
       );
     case "add.install":
       return await installSelectedAddSkills(request.payload, emitProgress);
-    case "plugin.add.fetchOrDiscover":
-      return await resolveAddSourcePlugins(
-        request.payload.sourceInput,
-        request.payload.options,
-        emitProgress
-      );
-    case "plugin.add.install":
-      return await installSelectedAddPlugins(request.payload, emitProgress);
     case "find.fetchInventory":
       return await runFindFetchInventoryTask(
         request.payload.sourceInput,