skillvault-publisher 0.1.0

package/dist/commands/update.js

@@ -0,0 +1,152 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import * as jose from 'jose';
+import { readdirSync, readFileSync, writeFileSync, existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { getConfig, getKeypair } from '../credentials.js';
+const SKILLS_DIR = join(homedir(), '.claude', 'skills');
+export const updateCommand = new Command('update')
+    .description('Update installed skills to latest versions')
+    .argument('[skill]', 'Specific skill to update (or all if omitted)')
+    .action(async (skill) => {
+    try {
+        const config = getConfig();
+        if (!config) {
+            process.stderr.write(chalk.red('Not logged in. Run `skillvault login` first.\n'));
+            process.exit(1);
+        }
+        const keypair = getKeypair();
+        if (!keypair) {
+            process.stderr.write(chalk.red('Credentials not found. Run `skillvault login` first.\n'));
+            process.exit(1);
+        }
+        // Sign host JWT
+        const hostPrivJWK = keypair.privateKey.host;
+        const hostPubJWK = keypair.publicKey.host;
+        const hostPrivKey = await jose.importJWK(hostPrivJWK, 'EdDSA');
+        const hostJWT = await new jose.SignJWT({
+            iss: config.host_thumbprint,
+            aud: config.server_url,
+            host_public_key: hostPubJWK,
+            jti: crypto.randomUUID(),
+        })
+            .setProtectedHeader({ alg: 'EdDSA', typ: 'host+jwt' })
+            .setIssuedAt()
+            .setExpirationTime('60s')
+            .sign(hostPrivKey);
+        // Scan for installed skills
+        if (!existsSync(SKILLS_DIR)) {
+            console.log('No skills installed.');
+            return;
+        }
+        const skillDirs = readdirSync(SKILLS_DIR, { withFileTypes: true })
+            .filter((d) => d.isDirectory())
+            .map((d) => d.name);
+        if (skillDirs.length === 0) {
+            console.log('No skills installed.');
+            return;
+        }
+        // Filter to specific skill if provided
+        const toCheck = skill
+            ? skillDirs.filter((d) => d === skill)
+            : skillDirs;
+        if (toCheck.length === 0) {
+            process.stderr.write(chalk.red(`Skill "${skill}" is not installed.\n`));
+            process.exit(1);
+        }
+        let updatedCount = 0;
+        let upToDateCount = 0;
+        let errorCount = 0;
+        for (const skillDir of toCheck) {
+            const manifestPath = join(SKILLS_DIR, skillDir, 'manifest.json');
+            if (!existsSync(manifestPath)) {
+                continue;
+            }
+            let manifest;
+            try {
+                manifest = JSON.parse(readFileSync(manifestPath, 'utf8'));
+            }
+            catch {
+                process.stderr.write(chalk.dim(`Skipping ${skillDir}: invalid manifest\n`));
+                errorCount++;
+                continue;
+            }
+            // Check for newer version
+            try {
+                const checkRes = await fetch(`${config.server_url}/skills/check-update?name=${encodeURIComponent(manifest.capability_name)}&current_version=${encodeURIComponent(manifest.version)}`, {
+                    headers: { Authorization: `Bearer ${hostJWT}` },
+                });
+                if (!checkRes.ok) {
+                    process.stderr.write(chalk.dim(`  ${skillDir}: update check failed (${checkRes.status})\n`));
+                    errorCount++;
+                    continue;
+                }
+                const checkData = (await checkRes.json());
+                if (!checkData.update_available) {
+                    upToDateCount++;
+                    continue;
+                }
+                // Download and replace vault
+                if (checkData.vault_data) {
+                    const vaultData = Buffer.from(checkData.vault_data, 'base64');
+                    const vaultPath = join(SKILLS_DIR, skillDir, 'skill.vault');
+                    writeFileSync(vaultPath, vaultData);
+                    // Update manifest
+                    manifest.version = checkData.latest_version;
+                    manifest.vault_hash = checkData.vault_hash || '';
+                    manifest.installed_at = new Date().toISOString();
+                    writeFileSync(manifestPath, JSON.stringify(manifest, null, 2), 'utf8');
+                    console.log(chalk.green(`  ${skillDir}: ${checkData.current_version} -> ${checkData.latest_version}`));
+                    updatedCount++;
+                }
+                else {
+                    // Version available but no vault data in response — fetch separately
+                    const dlRes = await fetch(`${config.server_url}/skills/download?name=${encodeURIComponent(manifest.capability_name)}`, {
+                        headers: { Authorization: `Bearer ${hostJWT}` },
+                    });
+                    if (dlRes.ok) {
+                        const dlData = (await dlRes.json());
+                        const vaultData = Buffer.from(dlData.vault_data, 'base64');
+                        writeFileSync(join(SKILLS_DIR, skillDir, 'skill.vault'), vaultData);
+                        manifest.version = dlData.version;
+                        manifest.vault_hash = dlData.vault_hash;
+                        manifest.installed_at = new Date().toISOString();
+                        writeFileSync(manifestPath, JSON.stringify(manifest, null, 2), 'utf8');
+                        console.log(chalk.green(`  ${skillDir}: ${checkData.current_version} -> ${dlData.version}`));
+                        updatedCount++;
+                    }
+                    else {
+                        process.stderr.write(chalk.dim(`  ${skillDir}: download failed\n`));
+                        errorCount++;
+                    }
+                }
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                process.stderr.write(chalk.dim(`  ${skillDir}: ${msg}\n`));
+                errorCount++;
+            }
+        }
+        // Print summary
+        console.log();
+        if (updatedCount > 0) {
+            console.log(chalk.green(`Updated ${updatedCount} skill${updatedCount === 1 ? '' : 's'}.`));
+        }
+        if (upToDateCount > 0) {
+            console.log(chalk.dim(`${upToDateCount} skill${upToDateCount === 1 ? '' : 's'} already up to date.`));
+        }
+        if (errorCount > 0) {
+            console.log(chalk.yellow(`${errorCount} skill${errorCount === 1 ? '' : 's'} had errors.`));
+        }
+        if (updatedCount === 0 && upToDateCount === 0 && errorCount === 0) {
+            console.log('No skills to update.');
+        }
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        process.stderr.write(chalk.red(`Update failed: ${message}\n`));
+        process.exit(1);
+    }
+});
+//# sourceMappingURL=update.js.map

package/dist/commands/update.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"update.js","sourceRoot":"","sources":["../../src/commands/update.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAY,MAAM,SAAS,CAAC;AACzF,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE1D,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AAkBxD,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,4CAA4C,CAAC;KACzD,QAAQ,CAAC,SAAS,EAAE,8CAA8C,CAAC;KACnE,MAAM,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;IAC/B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC,CAAC;YAClF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC,CAAC;YAC1F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,gBAAgB;QAChB,MAAM,WAAW,GAAI,OAAO,CAAC,UAAiC,CAAC,IAAI,CAAC;QACpE,MAAM,UAAU,GAAI,OAAO,CAAC,SAAgC,CAAC,IAAI,CAAC;QAClE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAE/D,MAAM,OAAO,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC;YACrC,GAAG,EAAE,MAAM,CAAC,eAAe;YAC3B,GAAG,EAAE,MAAM,CAAC,UAAU;YACtB,eAAe,EAAE,UAAU;YAC3B,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE;SACzB,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;aACrD,WAAW,EAAE;aACb,iBAAiB,CAAC,KAAK,CAAC;aACxB,IAAI,CAAC,WAAW,CAAC,CAAC;QAErB,4BAA4B;QAC5B,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;YACpC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;aAC/D,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;aAC9B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAEtB,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;YACpC,OAAO;QACT,CAAC;QAED,uCAAuC;QACvC,MAAM,OAAO,GAAG,KAAK;YACnB,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,KAAK,CAAC;YACtC,CAAC,CAAC,SAAS,CAAC;QAEd,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,KAAK,uBAAuB,CAAC,CAAC,CAAC;YACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,KAAK,MAAM,QAAQ,IAAI,OAAO,EAAE,CAAC;YAC/B,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;YACjE,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC9B,SAAS;YACX,CAAC;YAED,IAAI,QAAuB,CAAC;YAC5B,IAAI,CAAC;gBACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAkB,CAAC;YAC7E,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,QAAQ,sBAAsB,CAAC,CAAC,CAAC;gBAC5E,UAAU,EAAE,CAAC;gBACb,SAAS;YACX,CAAC;YAED,0BAA0B;YAC1B,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,GAAG,MAAM,CAAC,UAAU,6BAA6B,kBAAkB,CAAC,QAAQ,CAAC,eAAe,CAAC,oBAAoB,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,EACvJ;oBACE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,EAAE,EAAE;iBAChD,CACF,CAAC;gBAEF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,QAAQ,0BAA0B,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC;oBAC7F,UAAU,EAAE,CAAC;oBACb,SAAS;gBACX,CAAC;gBAED,MAAM,SAAS,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAyB,CAAC;gBAElE,IAAI,CAAC,SAAS,CAAC,gBAAgB,EAAE,CAAC;oBAChC,aAAa,EAAE,CAAC;oBAChB,SAAS;gBACX,CAAC;gBAED,6BAA6B;gBAC7B,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;oBACzB,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;oBAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;oBAC5D,aAAa,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;oBAEpC,kBAAkB;oBAClB,QAAQ,CAAC,OAAO,GAAG,SAAS,CAAC,cAAc,CAAC;oBAC5C,QAAQ,CAAC,UAAU,GAAG,SAAS,CAAC,UAAU,IAAI,EAAE,CAAC;oBACjD,QAAQ,CAAC,YAAY,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;oBACjD,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;oBAEvE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CACrB,KAAK,QAAQ,KAAK,SAAS,CAAC,eAAe,OAAO,SAAS,CAAC,cAAc,EAAE,CAC7E,CAAC,CAAC;oBACH,YAAY,EAAE,CAAC;gBACjB,CAAC;qBAAM,CAAC;oBACN,qEAAqE;oBACrE,MAAM,KAAK,GAAG,MAAM,KAAK,CACvB,GAAG,MAAM,CAAC,UAAU,yBAAyB,kBAAkB,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,EAC3F;wBACE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,EAAE,EAAE;qBAChD,CACF,CAAC;oBAEF,IAAI,KAAK,CAAC,EAAE,EAAE,CAAC;wBACb,MAAM,MAAM,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,EAAE,CAIjC,CAAC;wBACF,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;wBAC3D,aAAa,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,aAAa,CAAC,EAAE,SAAS,CAAC,CAAC;wBAEpE,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;wBAClC,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;wBACxC,QAAQ,CAAC,YAAY,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;wBACjD,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;wBAEvE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CACrB,KAAK,QAAQ,KAAK,SAAS,CAAC,eAAe,OAAO,MAAM,CAAC,OAAO,EAAE,CACnE,CAAC,CAAC;wBACH,YAAY,EAAE,CAAC;oBACjB,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,QAAQ,qBAAqB,CAAC,CAAC,CAAC;wBACpE,UAAU,EAAE,CAAC;oBACf,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,QAAQ,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC;gBAC3D,UAAU,EAAE,CAAC;YACf,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,WAAW,YAAY,SAAS,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QAC7F,CAAC;QACD,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,aAAa,SAAS,aAAa,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,sBAAsB,CAAC,CAAC,CAAC;QACxG,CAAC;QACD,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,UAAU,SAAS,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,cAAc,CAAC,CAAC,CAAC;QAC7F,CAAC;QACD,IAAI,YAAY,KAAK,CAAC,IAAI,aAAa,KAAK,CAAC,IAAI,UAAU,KAAK,CAAC,EAAE,CAAC;YAClE,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,kBAAkB,OAAO,IAAI,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC"}

package/dist/commands/whoami.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare const whoamiCommand: Command;
+//# sourceMappingURL=whoami.d.ts.map

package/dist/commands/whoami.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"whoami.d.ts","sourceRoot":"","sources":["../../src/commands/whoami.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAmBpC,eAAO,MAAM,aAAa,SAsItB,CAAC"}

package/dist/commands/whoami.js

@@ -0,0 +1,128 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import * as jose from 'jose';
+import { getConfig, getKeypair } from '../credentials.js';
+import { getDeviceFingerprint } from '../fingerprint.js';
+export const whoamiCommand = new Command('whoami')
+    .description('Show current user, active grants, and device fingerprint')
+    .option('--json', 'Output as JSON')
+    .action(async (options) => {
+    try {
+        const config = getConfig();
+        if (!config) {
+            console.log(chalk.yellow('\n  Not logged in.'));
+            console.log(chalk.dim('  Run `skillvault login` to authenticate.\n'));
+            return;
+        }
+        const keypair = getKeypair();
+        if (!keypair) {
+            console.log(chalk.yellow('\n  Keypair not found. Please log in again.'));
+            console.log(chalk.dim('  Run `skillvault login` to authenticate.\n'));
+            return;
+        }
+        const fingerprint = getDeviceFingerprint();
+        // Sign a host JWT for the status endpoint
+        const hostPrivateKeyJWK = keypair.privateKey.host;
+        const privateKey = await jose.importJWK(hostPrivateKeyJWK, 'EdDSA');
+        const hostJWT = await new jose.SignJWT({
+            iss: config.host_thumbprint,
+            aud: config.server_url,
+            fingerprint,
+            jti: crypto.randomUUID(),
+        })
+            .setProtectedHeader({ alg: 'EdDSA', typ: 'host+jwt' })
+            .setIssuedAt()
+            .setExpirationTime('60s')
+            .sign(privateKey);
+        // Call server status endpoint
+        const response = await fetch(`${config.server_url}/agent/status`, {
+            headers: {
+                Authorization: `Bearer ${hostJWT}`,
+            },
+        });
+        if (!response.ok) {
+            // Show local info even if server is unreachable
+            if (options.json) {
+                console.log(JSON.stringify({
+                    host_id: config.host_id,
+                    agent_id: config.agent_id,
+                    device_fingerprint: fingerprint,
+                    server_url: config.server_url,
+                    server_status: 'unreachable',
+                }, null, 2));
+                return;
+            }
+            console.log();
+            console.log(chalk.bold('  Skill Vault Identity'));
+            console.log();
+            console.log(`  ${'Host ID:'.padEnd(22)} ${config.host_id}`);
+            console.log(`  ${'Agent ID:'.padEnd(22)} ${config.agent_id}`);
+            console.log(`  ${'Device Fingerprint:'.padEnd(22)} ${fingerprint}`);
+            console.log(`  ${'Server:'.padEnd(22)} ${config.server_url}`);
+            console.log();
+            console.log(chalk.yellow(`  Server unreachable (${response.status}). Showing local config only.`));
+            console.log();
+            return;
+        }
+        const data = await response.json();
+        // JSON output mode
+        if (options.json) {
+            console.log(JSON.stringify({
+                host_id: data.host_id ?? config.host_id,
+                agent_id: data.agent_id ?? config.agent_id,
+                device_fingerprint: fingerprint,
+                server_url: config.server_url,
+                status: data.status,
+                grants: data.grants ?? [],
+            }, null, 2));
+            return;
+        }
+        // Formatted output
+        console.log();
+        console.log(chalk.bold('  Skill Vault Identity'));
+        console.log();
+        console.log(`  ${'Host ID:'.padEnd(22)} ${data.host_id ?? config.host_id}`);
+        console.log(`  ${'Agent ID:'.padEnd(22)} ${data.agent_id ?? config.agent_id}`);
+        console.log(`  ${'Device Fingerprint:'.padEnd(22)} ${fingerprint}`);
+        console.log(`  ${'Server:'.padEnd(22)} ${config.server_url}`);
+        console.log(`  ${'Status:'.padEnd(22)} ${chalk.green(data.status)}`);
+        // Grants table
+        if (data.grants && data.grants.length > 0) {
+            console.log();
+            console.log(chalk.bold('  Active Grants'));
+            console.log();
+            const capWidth = Math.max(20, ...data.grants.map((g) => g.capability.length + 2));
+            const statusWidth = 12;
+            const header = [
+                chalk.dim('Capability'.padEnd(capWidth)),
+                chalk.dim('Status'.padEnd(statusWidth)),
+                chalk.dim('Expires'),
+            ].join('  ');
+            console.log(`  ${header}`);
+            console.log(`  ${chalk.dim('-'.repeat(capWidth + statusWidth + 24))}`);
+            for (const grant of data.grants) {
+                const statusColor = grant.status === 'active' ? chalk.green : chalk.yellow;
+                const expiresAt = grant.expires_at
+                    ? new Date(grant.expires_at).toLocaleString()
+                    : '-';
+                const row = [
+                    chalk.cyan(grant.capability.padEnd(capWidth)),
+                    statusColor(grant.status.padEnd(statusWidth)),
+                    chalk.dim(expiresAt),
+                ].join('  ');
+                console.log(`  ${row}`);
+            }
+        }
+        else {
+            console.log();
+            console.log(chalk.dim('  No active grants.'));
+        }
+        console.log();
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(chalk.red(`Error: ${message}`));
+        process.exit(1);
+    }
+});
+//# sourceMappingURL=whoami.js.map

package/dist/commands/whoami.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"whoami.js","sourceRoot":"","sources":["../../src/commands/whoami.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AAezD,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,0DAA0D,CAAC;KACvE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,KAAK,EAAE,OAA2B,EAAE,EAAE;IAC5C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC,CAAC;YACtE,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,6CAA6C,CAAC,CAAC,CAAC;YACzE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC,CAAC;YACtE,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,oBAAoB,EAAE,CAAC;QAE3C,0CAA0C;QAC1C,MAAM,iBAAiB,GAAI,OAAO,CAAC,UAAiC,CAAC,IAAI,CAAC;QAC1E,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QAEpE,MAAM,OAAO,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC;YACrC,GAAG,EAAE,MAAM,CAAC,eAAe;YAC3B,GAAG,EAAE,MAAM,CAAC,UAAU;YACtB,WAAW;YACX,GAAG,EAAE,MAAM,CAAC,UAAU,EAAE;SACzB,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;aACrD,WAAW,EAAE;aACb,iBAAiB,CAAC,KAAK,CAAC;aACxB,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,8BAA8B;QAC9B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,UAAU,eAAe,EAAE;YAChE,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,OAAO,EAAE;aACnC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,gDAAgD;YAChD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;oBACzB,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,kBAAkB,EAAE,WAAW;oBAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;oBAC7B,aAAa,EAAE,aAAa;iBAC7B,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBACb,OAAO;YACT,CAAC;YAED,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;YAClD,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAqB,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC,CAAC;YACpE,OAAO,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;YAC9D,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,yBAAyB,QAAQ,CAAC,MAAM,+BAA+B,CAAC,CAAC,CAAC;YACnG,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAoB,CAAC;QAErD,mBAAmB;QACnB,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;gBACzB,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO;gBACvC,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ;gBAC1C,kBAAkB,EAAE,WAAW;gBAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE;aAC1B,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACb,OAAO;QACT,CAAC;QAED,mBAAmB;QACnB,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;QAClD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,KAAK,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC/E,OAAO,CAAC,GAAG,CAAC,KAAK,qBAAqB,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAErE,eAAe;QACf,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1C,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;YAC3C,OAAO,CAAC,GAAG,EAAE,CAAC;YAEd,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;YAClF,MAAM,WAAW,GAAG,EAAE,CAAC;YAEvB,MAAM,MAAM,GAAG;gBACb,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACxC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;gBACvC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;aACrB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,EAAE,CAAC,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,GAAG,WAAW,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;YAEvE,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;gBAC3E,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU;oBAChC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,cAAc,EAAE;oBAC7C,CAAC,CAAC,GAAG,CAAC;gBACR,MAAM,GAAG,GAAG;oBACV,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;oBAC7C,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;oBAC7C,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;iBACrB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACb,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC;QAChD,CAAC;QAED,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC"}

package/dist/credentials.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Cross-platform credential storage.
+ * Stores config in ~/.skillvault/ and uses macOS Keychain where available.
+ */
+export interface SkillVaultConfig {
+    server_url: string;
+    host_id: string;
+    agent_id: string;
+    email?: string;
+    publisher_id?: string;
+    host_thumbprint: string;
+}
+export declare function getConfig(): SkillVaultConfig | null;
+export declare function saveConfig(config: SkillVaultConfig): void;
+export declare function removeConfig(): void;
+/**
+ * Store host keypair in macOS Keychain (or fallback to file).
+ */
+export declare function storeKeypair(privateKeyJWK: object, publicKeyJWK: object): void;
+/**
+ * Retrieve host keypair from macOS Keychain (or fallback to file).
+ */
+export declare function getKeypair(): {
+    privateKey: object;
+    publicKey: object;
+} | null;
+/**
+ * Remove host keypair from storage.
+ */
+export declare function removeKeypair(): void;
+export declare function getConfigDir(): string;
+//# sourceMappingURL=credentials.d.ts.map

package/dist/credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAaH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;CACzB;AAMD,wBAAgB,SAAS,IAAI,gBAAgB,GAAG,IAAI,CAOnD;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,gBAAgB,GAAG,IAAI,CAGzD;AAED,wBAAgB,YAAY,IAAI,IAAI,CAGnC;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,aAAa,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,CA2B9E;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAoB7E;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,IAAI,CAWpC;AAED,wBAAgB,YAAY,IAAI,MAAM,CAErC"}

package/dist/credentials.js

@@ -0,0 +1,106 @@
+/**
+ * Cross-platform credential storage.
+ * Stores config in ~/.skillvault/ and uses macOS Keychain where available.
+ */
+import { mkdirSync, readFileSync, writeFileSync, rmSync, existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { execSync } from 'node:child_process';
+const CONFIG_DIR = join(homedir(), '.skillvault');
+const CONFIG_FILE = join(CONFIG_DIR, 'config.json');
+const GRANTS_CACHE_FILE = join(CONFIG_DIR, 'grants-cache.json');
+const KEYCHAIN_SERVICE = 'com.skillvault.cli';
+const KEYCHAIN_ACCOUNT = 'host-keypair';
+function ensureConfigDir() {
+    mkdirSync(CONFIG_DIR, { recursive: true });
+}
+export function getConfig() {
+    try {
+        if (!existsSync(CONFIG_FILE))
+            return null;
+        return JSON.parse(readFileSync(CONFIG_FILE, 'utf8'));
+    }
+    catch {
+        return null;
+    }
+}
+export function saveConfig(config) {
+    ensureConfigDir();
+    writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));
+}
+export function removeConfig() {
+    try {
+        rmSync(CONFIG_FILE);
+    }
+    catch { /* ok if missing */ }
+    try {
+        rmSync(GRANTS_CACHE_FILE);
+    }
+    catch { /* ok if missing */ }
+}
+/**
+ * Store host keypair in macOS Keychain (or fallback to file).
+ */
+export function storeKeypair(privateKeyJWK, publicKeyJWK) {
+    ensureConfigDir();
+    const data = JSON.stringify({ privateKey: privateKeyJWK, publicKey: publicKeyJWK });
+    if (process.platform === 'darwin') {
+        try {
+            // Delete existing entry silently
+            try {
+                execSync(`security delete-generic-password -s "${KEYCHAIN_SERVICE}" -a "${KEYCHAIN_ACCOUNT}" 2>/dev/null`, { stdio: 'pipe' });
+            }
+            catch { /* ok if missing */ }
+            // Add new entry
+            execSync(`security add-generic-password -s "${KEYCHAIN_SERVICE}" -a "${KEYCHAIN_ACCOUNT}" -w "${data.replace(/"/g, '\\"')}" -U`, { stdio: 'pipe' });
+            return;
+        }
+        catch {
+            // Fall through to file storage
+        }
+    }
+    // Fallback: store in config directory
+    writeFileSync(join(CONFIG_DIR, 'keypair.json'), data, { mode: 0o600 });
+}
+/**
+ * Retrieve host keypair from macOS Keychain (or fallback to file).
+ */
+export function getKeypair() {
+    if (process.platform === 'darwin') {
+        try {
+            const result = execSync(`security find-generic-password -s "${KEYCHAIN_SERVICE}" -a "${KEYCHAIN_ACCOUNT}" -w`, { encoding: 'utf8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
+            return JSON.parse(result);
+        }
+        catch {
+            // Fall through to file
+        }
+    }
+    try {
+        const filePath = join(CONFIG_DIR, 'keypair.json');
+        if (!existsSync(filePath))
+            return null;
+        return JSON.parse(readFileSync(filePath, 'utf8'));
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Remove host keypair from storage.
+ */
+export function removeKeypair() {
+    if (process.platform === 'darwin') {
+        try {
+            execSync(`security delete-generic-password -s "${KEYCHAIN_SERVICE}" -a "${KEYCHAIN_ACCOUNT}" 2>/dev/null`, { stdio: 'pipe' });
+        }
+        catch { /* ok if missing */ }
+    }
+    try {
+        rmSync(join(CONFIG_DIR, 'keypair.json'));
+    }
+    catch { /* ok */ }
+}
+export function getConfigDir() {
+    return CONFIG_DIR;
+}
+//# sourceMappingURL=credentials.js.map

package/dist/credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrF,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAE9C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,aAAa,CAAC,CAAC;AAClD,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;AACpD,MAAM,iBAAiB,GAAG,IAAI,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;AAChE,MAAM,gBAAgB,GAAG,oBAAoB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,cAAc,CAAC;AAWxC,SAAS,eAAe;IACtB,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,SAAS;IACvB,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAAwB;IACjD,eAAe,EAAE,CAAC;IAClB,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,IAAI,CAAC;QAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,CAAC;IAC1D,IAAI,CAAC;QAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,aAAqB,EAAE,YAAoB;IACtE,eAAe,EAAE,CAAC;IAClB,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC,CAAC;IAEpF,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,IAAI,CAAC;YACH,iCAAiC;YACjC,IAAI,CAAC;gBACH,QAAQ,CACN,wCAAwC,gBAAgB,SAAS,gBAAgB,eAAe,EAChG,EAAE,KAAK,EAAE,MAAM,EAAE,CAClB,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAE/B,gBAAgB;YAChB,QAAQ,CACN,qCAAqC,gBAAgB,SAAS,gBAAgB,SAAS,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,EACtH,EAAE,KAAK,EAAE,MAAM,EAAE,CAClB,CAAC;YACF,OAAO;QACT,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,aAAa,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,QAAQ,CACrB,sCAAsC,gBAAgB,SAAS,gBAAgB,MAAM,EACrF,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACtD,CAAC,IAAI,EAAE,CAAC;YACT,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAClD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QACvC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,IAAI,CAAC;YACH,QAAQ,CACN,wCAAwC,gBAAgB,SAAS,gBAAgB,eAAe,EAChG,EAAE,KAAK,EAAE,MAAM,EAAE,CAClB,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,CAAC;IACjC,CAAC;IAED,IAAI,CAAC;QAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/fingerprint.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Device fingerprinting for host identification.
+ * Generates a stable 16-char hex fingerprint from hardware/OS attributes.
+ */
+/**
+ * Generate a stable 16-character hex device fingerprint.
+ *
+ * Components hashed:
+ * - hostname
+ * - username
+ * - platform (e.g. 'darwin', 'linux')
+ * - arch (e.g. 'arm64', 'x64')
+ * - macOS hardware UUID (when available)
+ *
+ * The result is cached in-memory for the lifetime of the process.
+ */
+export declare function getDeviceFingerprint(): string;
+//# sourceMappingURL=fingerprint.d.ts.map

package/dist/fingerprint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fingerprint.d.ts","sourceRoot":"","sources":["../src/fingerprint.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA0BH;;;;;;;;;;;GAWG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAc7C"}

package/dist/fingerprint.js

@@ -0,0 +1,51 @@
+/**
+ * Device fingerprinting for host identification.
+ * Generates a stable 16-char hex fingerprint from hardware/OS attributes.
+ */
+import { createHash } from 'node:crypto';
+import { hostname, userInfo, platform, arch } from 'node:os';
+import { execSync } from 'node:child_process';
+let cachedFingerprint = null;
+/**
+ * Retrieve macOS hardware UUID via ioreg.
+ * Returns empty string on non-macOS or if command fails.
+ */
+function getMacHardwareUUID() {
+    if (platform() !== 'darwin')
+        return '';
+    try {
+        const output = execSync('ioreg -rd1 -c IOPlatformExpertDevice', { encoding: 'utf8', stdio: ['pipe', 'pipe', 'pipe'] });
+        const match = output.match(/"IOPlatformUUID"\s*=\s*"([^"]+)"/);
+        return match ? match[1] : '';
+    }
+    catch {
+        return '';
+    }
+}
+/**
+ * Generate a stable 16-character hex device fingerprint.
+ *
+ * Components hashed:
+ * - hostname
+ * - username
+ * - platform (e.g. 'darwin', 'linux')
+ * - arch (e.g. 'arm64', 'x64')
+ * - macOS hardware UUID (when available)
+ *
+ * The result is cached in-memory for the lifetime of the process.
+ */
+export function getDeviceFingerprint() {
+    if (cachedFingerprint !== null)
+        return cachedFingerprint;
+    const components = [
+        hostname(),
+        userInfo().username,
+        platform(),
+        arch(),
+        getMacHardwareUUID(),
+    ].join(':');
+    const hash = createHash('sha256').update(components).digest('hex');
+    cachedFingerprint = hash.substring(0, 16);
+    return cachedFingerprint;
+}
+//# sourceMappingURL=fingerprint.js.map

package/dist/fingerprint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fingerprint.js","sourceRoot":"","sources":["../src/fingerprint.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAC7D,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAE9C,IAAI,iBAAiB,GAAkB,IAAI,CAAC;AAE5C;;;GAGG;AACH,SAAS,kBAAkB;IACzB,IAAI,QAAQ,EAAE,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACvC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CACrB,sCAAsC,EACtC,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CACtD,CAAC;QACF,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAC/D,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,oBAAoB;IAClC,IAAI,iBAAiB,KAAK,IAAI;QAAE,OAAO,iBAAiB,CAAC;IAEzD,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE;QACV,QAAQ,EAAE,CAAC,QAAQ;QACnB,QAAQ,EAAE;QACV,IAAI,EAAE;QACN,kBAAkB,EAAE;KACrB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEZ,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACnE,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1C,OAAO,iBAAiB,CAAC;AAC3B,CAAC"}

package/dist/grant-cache.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Offline grant caching with TTL and grace periods.
+ * Cache file: ~/.skillvault/grants-cache.json
+ */
+export interface CachedGrantEntry {
+    capability: string;
+    grant: unknown;
+    cached_at: string;
+}
+/**
+ * Store a grant in the cache with a timestamp.
+ */
+export declare function cacheGrant(capability: string, grant: unknown): void;
+/**
+ * Retrieve a cached grant if it exists and is within TTL.
+ * Returns null if missing or expired.
+ */
+export declare function getCachedGrant(capability: string): unknown | null;
+/**
+ * Check if a cached grant is within the soft grace period (TTL + 10 min).
+ * Returns true if the grant exists and is within soft grace, even if past TTL.
+ */
+export declare function isWithinSoftGrace(capability: string): boolean;
+/**
+ * Check if a cached grant is within the hard grace period (TTL + 30 min).
+ * Returns true if the grant exists and is within hard grace, even if past TTL.
+ */
+export declare function isWithinHardGrace(capability: string): boolean;
+/**
+ * Remove the cache file entirely.
+ */
+export declare function clearCache(): void;
+/** Exported for testing */
+export declare const _internals: {
+    CACHE_FILE: string;
+    DEFAULT_TTL_MS: number;
+    SOFT_GRACE_MS: number;
+    HARD_GRACE_MS: number;
+};
+//# sourceMappingURL=grant-cache.d.ts.map

package/dist/grant-cache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grant-cache.d.ts","sourceRoot":"","sources":["../src/grant-cache.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAmBH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAgCD;;GAEG;AACH,wBAAgB,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAQnE;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,GAAG,IAAI,CASjE;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAO7D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAO7D;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,IAAI,CAMjC;AAED,2BAA2B;AAC3B,eAAO,MAAM,UAAU;;;;;CAKtB,CAAC"}