skillvault 0.5.3 → 0.7.1

package/dist/cli.js

@@ -20,7 +20,7 @@
 import { existsSync, readFileSync, writeFileSync, mkdirSync, readdirSync, rmSync } from 'node:fs';
 import { join } from 'node:path';
 import { createDecipheriv, createPublicKey, diffieHellman, hkdfSync, generateKeyPairSync, } from 'node:crypto';
-const VERSION = '0.5.3';
+const VERSION = '0.7.1';
 const HOME = process.env.HOME || process.env.USERPROFILE || '~';
 const API_URL = process.env.SKILLVAULT_API_URL || 'https://api.getskillvault.com';
 const CONFIG_DIR = join(HOME, '.skillvault');
@@ -107,6 +107,19 @@ async function setup(code) {
     if (!response.ok) {
         const err = await response.json().catch(() => ({ message: response.statusText }));
         console.error(`   ❌ Failed: ${err.message}`);
+        console.error('');
+        if (err.message.includes('404') || err.message.includes('not found')) {
+            console.error('   The invite code was not found. Check that you entered it correctly.');
+            console.error('   Invite codes are 8 characters (e.g. A1B2C3D4).');
+        }
+        else if (err.message.includes('400') || err.message.includes('expired')) {
+            console.error('   This invite code has already been used or has expired.');
+            console.error('   Ask the publisher for a new invite code.');
+        }
+        else {
+            console.error('   Could not reach the SkillVault server. Check your internet connection.');
+            console.error(`   Server: ${API_URL}`);
+        }
         process.exit(1);
     }
     const data = await response.json();
@@ -235,24 +248,33 @@ async function showStatus() {
     console.log('');
     let skills = [];
     let online = false;
-    try {
-        const token = config.customer_token || (config.publishers.length > 0 ? config.publishers[0].token : null);
-        if (token) {
-            const res = await fetch(`${config.api_url}/customer/skills`, {
-                headers: { 'Authorization': `Bearer ${token}` },
+    // Fetch skills from each publisher using companion tokens
+    for (const pub of config.publishers) {
+        try {
+            const res = await fetch(`${config.api_url}/agent/skills?publisher_id=${encodeURIComponent(pub.id)}`, {
+                headers: { 'Authorization': `Bearer ${pub.token}` },
                 signal: AbortSignal.timeout(5000),
             });
             if (res.ok) {
                 const data = await res.json();
-                skills = data.skills || [];
+                for (const s of (data.skills || [])) {
+                    skills.push({
+                        skill_name: s.skill_name,
+                        publisher_id: pub.id,
+                        publisher_name: pub.name,
+                        status: s.status || 'active',
+                        expires_at: null,
+                        last_used: null,
+                    });
+                }
                 online = true;
             }
             else if (res.status === 401) {
-                console.log('   ⚠️  Session expired. Run: npx skillvault --refresh\n');
+                console.log(`   ⚠️  Token expired for ${pub.name}. Run: npx skillvault --refresh\n`);
             }
         }
+        catch { }
     }
-    catch { }
     console.log('   Publishers:');
     console.log('   ' + '-'.repeat(60));
     console.log(`   ${'Name'.padEnd(25)} ${'Skills'.padEnd(10)} ${'Status'.padEnd(15)}`);
@@ -318,14 +340,14 @@ async function refreshTokens() {
                 anyRefreshed = true;
             }
             else if (res.status === 401) {
-                console.error('❌ expired — re-invite required');
+                console.error('❌ expired — ask the publisher for a new invite code');
             }
             else {
-                console.error(`❌ server error (${res.status})`);
+                console.error(`❌ server error (${res.status}). Try again later or contact the publisher.`);
             }
         }
         catch {
-            console.error('❌ offline');
+            console.error('❌ offline — check your internet connection');
         }
     }
     if (anyRefreshed) {
@@ -348,12 +370,12 @@ async function syncSkills() {
         mkdirSync(pubVaultDir, { recursive: true });
         let skills = [];
         try {
-            const res = await fetch(`${config.api_url}/skills?publisher_id=${encodeURIComponent(pub.id)}`, {
+            const res = await fetch(`${config.api_url}/agent/skills?publisher_id=${encodeURIComponent(pub.id)}`, {
                 headers: { 'Authorization': `Bearer ${pub.token}` },
                 signal: AbortSignal.timeout(10000),
             });
             if (!res.ok) {
-                errors.push(`${pub.name}: ${res.status === 401 ? 'auth expired' : `failed (${res.status})`}`);
+                errors.push(`${pub.name}: ${res.status === 401 ? 'auth expired — run npx skillvault --refresh' : `server returned ${res.status}`}`);
                 continue;
             }
             const data = await res.json();
@@ -642,25 +664,128 @@ function watermark(content, id) {
 function validateSkillName(name) {
     return /^[a-zA-Z0-9_-]+$/.test(name) && name.length > 0 && name.length <= 128;
 }
+/**
+ * Quick sync for a single skill — checks for vault update before decrypting.
+ * Returns true if the vault was updated. Status goes to stderr.
+ */
+async function syncSingleSkill(skillName, pub, config) {
+    try {
+        const capabilityName = `skill/${skillName.toLowerCase()}`;
+        const res = await fetch(`${config.api_url}/skills/check-update?capability=${encodeURIComponent(capabilityName)}&current_version=0.0.0`, { signal: AbortSignal.timeout(5000) });
+        if (!res.ok)
+            return false;
+        const data = await res.json();
+        // Check if local vault hash matches
+        const vaultPath = join(VAULT_DIR, pub.id, `${skillName}.vault`);
+        const hashPath = vaultPath + '.hash';
+        if (existsSync(hashPath) && data.vault_hash) {
+            const localHash = readFileSync(hashPath, 'utf8').trim();
+            if (localHash === data.vault_hash)
+                return false; // already up to date
+        }
+        // Download updated vault
+        const dlRes = await fetch(`${config.api_url}/skills/download?capability=${encodeURIComponent(capabilityName)}`, { headers: { 'Authorization': `Bearer ${pub.token}` }, signal: AbortSignal.timeout(15000) });
+        if (!dlRes.ok)
+            return false;
+        const dlData = await dlRes.json();
+        const vaultBuffer = Buffer.from(dlData.vault_data, 'base64');
+        mkdirSync(join(VAULT_DIR, pub.id), { recursive: true });
+        writeFileSync(vaultPath, vaultBuffer, { mode: 0o600 });
+        if (dlData.vault_hash)
+            writeFileSync(hashPath, dlData.vault_hash, { mode: 0o600 });
+        writeFileSync(vaultPath + '.meta', JSON.stringify({
+            skill_name: skillName,
+            description: '',
+            capability_name: capabilityName,
+            version: dlData.version || data.latest_version,
+            publisher_name: pub.name,
+            publisher_id: pub.id,
+        }), { mode: 0o600 });
+        console.error(`[sync] Updated "${skillName}" to v${dlData.version || data.latest_version}`);
+        return true;
+    }
+    catch {
+        return false; // sync failure is non-fatal — use existing vault
+    }
+}
+/**
+ * Background sync for all skills across all publishers.
+ * Discovers new skills the customer has been granted since last sync.
+ * Runs async — doesn't block the load operation.
+ */
+async function backgroundSyncAll(config) {
+    try {
+        await syncSkills();
+        await installSkillStubs();
+    }
+    catch { } // non-fatal
+}
 /**
  * Load (decrypt) a skill and output to stdout.
+ * Syncs the requested skill first to ensure latest version.
+ * Triggers background sync for all other skills.
  * Status messages go to stderr so they don't pollute the skill content.
  */
 async function loadSkill(skillName) {
     if (!validateSkillName(skillName)) {
-        console.error('Error: Invalid skill name.');
+        console.error('Error: Invalid skill name. Skill names can only contain letters, numbers, hyphens, and underscores (max 128 chars).');
+        console.error('Example: npx skillvault --load my-skill-name');
         process.exit(1);
     }
     const config = loadConfig();
     if (!config) {
-        console.error('Error: Not configured. Run: npx skillvault --invite YOUR_CODE');
+        console.error('Error: SkillVault is not configured on this machine.');
+        console.error('');
+        console.error('To set up, you need an invite code from a skill publisher.');
+        console.error('Run: npx skillvault --invite YOUR_INVITE_CODE');
+        console.error('');
+        console.error('If you already set up SkillVault, the config file may be missing:');
+        console.error(`  Expected: ${CONFIG_PATH}`);
         process.exit(1);
     }
-    const resolved = resolveSkillPublisher(skillName, config);
+    // Pre-load sync: ensure we have the latest vault for this skill
+    let resolved = resolveSkillPublisher(skillName, config);
+    if (resolved) {
+        await syncSingleSkill(skillName, resolved.publisher, config);
+        // Re-resolve in case the vault was just downloaded
+        resolved = resolveSkillPublisher(skillName, config);
+    }
+    else {
+        // Skill not found locally — try a full sync first (may be a newly granted skill)
+        console.error(`[sync] Skill "${skillName}" not found locally, syncing...`);
+        await syncSkills();
+        await installSkillStubs();
+        resolved = resolveSkillPublisher(skillName, config);
+    }
     if (!resolved) {
-        console.error(`Error: Vault not found for "${skillName}". Run: npx skillvault --sync`);
+        console.error(`Error: Skill "${skillName}" not found after syncing with server.`);
+        console.error('');
+        console.error('Possible causes:');
+        console.error('  1. You don\'t have a license for this skill — ask the publisher for an invite');
+        console.error('  2. The skill name is misspelled — check the exact name with: npx skillvault --status');
+        console.error('  3. Your token expired — refresh with: npx skillvault --refresh');
+        console.error('');
+        console.error('Available skills on this machine:');
+        const localConfig = loadConfig();
+        if (localConfig) {
+            for (const pub of localConfig.publishers) {
+                const pubVaultDir = join(VAULT_DIR, pub.id);
+                try {
+                    if (existsSync(pubVaultDir)) {
+                        const vaults = readdirSync(pubVaultDir).filter(f => f.endsWith('.vault'));
+                        for (const v of vaults)
+                            console.error(`  - ${v.replace('.vault', '')} (from ${pub.name})`);
+                    }
+                }
+                catch { }
+            }
+            if (localConfig.publishers.length === 0)
+                console.error('  (none — no publishers configured)');
+        }
         process.exit(1);
     }
+    // Kick off background sync for all other skills (non-blocking)
+    backgroundSyncAll(config).catch(() => { });
     const licenseeId = config.customer_email || 'unknown';
     // Fetch CEK — validates license on every load
     let cek;
@@ -668,8 +793,27 @@ async function loadSkill(skillName) {
         cek = await fetchCEK(skillName, resolved.publisher.token);
     }
     catch (err) {
-        console.error(`Error: License check failed — ${err instanceof Error ? err.message : 'unknown'}`);
-        console.error('Your license may have expired or been revoked. Contact your skill provider.');
+        const errMsg = err instanceof Error ? err.message : 'unknown';
+        console.error(`Error: License check failed for "${skillName}" — ${errMsg}`);
+        console.error('');
+        if (errMsg.includes('403') || errMsg.includes('no_license')) {
+            console.error('Your license for this skill has been revoked or expired.');
+            console.error('Contact the skill publisher to request a new license.');
+        }
+        else if (errMsg.includes('401')) {
+            console.error('Your authentication token has expired.');
+            console.error('Fix: npx skillvault --refresh');
+        }
+        else if (errMsg.includes('fetch') || errMsg.includes('ECONNREFUSED')) {
+            console.error('Could not reach the SkillVault server. Check your internet connection.');
+            console.error(`Server: ${API_URL}`);
+        }
+        else {
+            console.error('The server rejected the license check. This could mean:');
+            console.error('  - Your license was revoked');
+            console.error('  - Your token expired (fix: npx skillvault --refresh)');
+            console.error('  - The server is temporarily unavailable');
+        }
         process.exit(1);
     }
     // Decrypt in memory
@@ -690,6 +834,10 @@ async function loadSkill(skillName) {
     catch (err) {
         cek.fill(0);
         console.error(`Error: Decryption failed — ${err instanceof Error ? err.message : 'unknown'}`);
+        console.error('');
+        console.error('The vault file may be corrupted or the CEK may not match.');
+        console.error('Try re-syncing: npx skillvault --sync');
+        console.error('If the problem persists, the skill may need to be republished by the publisher.');
         process.exit(1);
     }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "skillvault",
-  "version": "0.5.3",
+  "version": "0.7.1",
   "description": "SkillVault — secure skill distribution for Claude Code",
   "type": "module",
   "bin": {