specweave 1.0.299 → 1.0.300

package/bin/specweave.js

@@ -270,6 +270,18 @@ program
     await scanSkillCommand(file, options);
   });
 
+// Scan plugins command - Batch security scan of all plugins/*/skills/*/SKILL.md files
+program
+  .command('scan-plugins')
+  .description('Batch-scan all plugin SKILL.md files for security issues (Gen Agent Trust Hub categories)')
+  .option('--json', 'Output results as JSON for CI integration', false)
+  .option('--verbose', 'Show per-skill reports in addition to batch summary', false)
+  .option('--dir <path>', 'Path to plugins directory (default: ./plugins)')
+  .action(async (options) => {
+    const { scanPluginsCommand } = await import('../dist/src/cli/commands/scan-plugins.js');
+    await scanPluginsCommand(options);
+  });
+
 // Judge skill command - Combined Tier 1 + Tier 2 LLM security analysis
 program
   .command('judge-skill <file>')
@@ -1011,6 +1023,18 @@ program
     await refreshMarketplaceCommand(options);
   });
 
+// Refresh plugins command - Copy first-party plugins to ~/.claude/commands/
+program
+  .command('refresh-plugins')
+  .description('Copy SpecWeave plugins to ~/.claude/commands/ (lazy mode by default - core only)')
+  .option('--all', 'Install ALL plugins (not just core)')
+  .option('-f, --force', 'Force reinstall (skip hash check)')
+  .option('-v, --verbose', 'Show skipped plugins')
+  .action(async (options) => {
+    const { refreshPluginsCommand } = await import('../dist/src/cli/commands/refresh-plugins.js');
+    await refreshPluginsCommand(options);
+  });
+
 // Doctor command - Comprehensive health check
 program
   .command('doctor')
@@ -1019,7 +1043,7 @@ program
   .option('--json', 'Output as JSON')
   .option('--quick', 'Skip slow checks (network, hook execution)')
   .option('--skip-external', 'Skip external tool connectivity checks')
-  .option('--fix', 'Run suggested fix command if issues found')
+  .option('--fix', 'Apply inline fixes (remove ghost files, stale cache, update lockfile hashes)')
   .action(async (options) => {
     const { doctor } = await import('../dist/src/cli/commands/doctor.js');
     const report = await doctor(process.cwd(), {

package/dist/src/cli/commands/scan-plugins.d.ts

@@ -0,0 +1,12 @@
+/**
+ * CLI command: specweave scan-plugins [pluginsDir]
+ * Batch-scans all plugins/{name}/skills/{name}/SKILL.md files for security issues.
+ */
+interface ScanPluginsOptions {
+    json?: boolean;
+    verbose?: boolean;
+    dir?: string;
+}
+export declare function scanPluginsCommand(options?: ScanPluginsOptions): Promise<void>;
+export {};
+//# sourceMappingURL=scan-plugins.d.ts.map

package/dist/src/cli/commands/scan-plugins.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-plugins.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/scan-plugins.ts"],"names":[],"mappings":"AAAA;;;GAGG;AASH,UAAU,kBAAkB;IAC1B,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAiCD,wBAAsB,kBAAkB,CAAC,OAAO,GAAE,kBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC,CAkDxF"}

package/dist/src/cli/commands/scan-plugins.js

@@ -0,0 +1,80 @@
+/**
+ * CLI command: specweave scan-plugins [pluginsDir]
+ * Batch-scans all plugins/{name}/skills/{name}/SKILL.md files for security issues.
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+import chalk from 'chalk';
+import { scanSkillMd } from '../../core/skill-security/scanner.js';
+import { printScanReport, printBatchReport, toBatchJson } from '../../core/skill-security/reporter.js';
+/**
+ * Discover all SKILL.md files under pluginsDir (plugins/{name}/skills/{name}/SKILL.md).
+ */
+function discoverSkillFiles(pluginsDir) {
+    const files = [];
+    if (!fs.existsSync(pluginsDir))
+        return files;
+    const plugins = fs.readdirSync(pluginsDir, { withFileTypes: true })
+        .filter(e => e.isDirectory())
+        .map(e => path.join(pluginsDir, e.name));
+    for (const pluginDir of plugins) {
+        const skillsDir = path.join(pluginDir, 'skills');
+        if (!fs.existsSync(skillsDir))
+            continue;
+        const skills = fs.readdirSync(skillsDir, { withFileTypes: true })
+            .filter(e => e.isDirectory())
+            .map(e => path.join(skillsDir, e.name));
+        for (const skillDir of skills) {
+            const skillFile = path.join(skillDir, 'SKILL.md');
+            if (fs.existsSync(skillFile)) {
+                files.push(skillFile);
+            }
+        }
+    }
+    return files.sort();
+}
+export async function scanPluginsCommand(options = {}) {
+    // Determine plugins directory
+    const cwd = process.cwd();
+    const pluginsDir = options.dir ?? path.join(cwd, 'plugins');
+    if (!fs.existsSync(pluginsDir)) {
+        console.error(chalk.red(`Error: plugins directory not found: ${pluginsDir}`));
+        console.error(chalk.dim('Run this command from the specweave project root, or use --dir <path>.'));
+        process.exit(1);
+        return;
+    }
+    const skillFiles = discoverSkillFiles(pluginsDir);
+    if (skillFiles.length === 0) {
+        console.error(chalk.yellow('No SKILL.md files found under: ' + pluginsDir));
+        process.exit(0);
+        return;
+    }
+    console.log(chalk.dim(`\n  Found ${skillFiles.length} SKILL.md files to scan...\n`));
+    const entries = [];
+    for (const file of skillFiles) {
+        const content = fs.readFileSync(file, 'utf-8');
+        const result = scanSkillMd(content);
+        entries.push({ file, result });
+        if (options.verbose && result.findings.length > 0) {
+            printScanReport(file, result);
+        }
+    }
+    if (options.json) {
+        console.log(toBatchJson(entries));
+        const hasFailure = entries.some(e => e.result.exitCode === 2);
+        if (hasFailure)
+            process.exit(2);
+        const hasWarnings = entries.some(e => e.result.exitCode === 1);
+        if (hasWarnings)
+            process.exit(1);
+        return;
+    }
+    printBatchReport(entries);
+    const hasFailure = entries.some(e => e.result.exitCode === 2);
+    if (hasFailure)
+        process.exit(2);
+    const hasWarnings = entries.some(e => e.result.exitCode === 1);
+    if (hasWarnings)
+        process.exit(1);
+}
+//# sourceMappingURL=scan-plugins.js.map

package/dist/src/cli/commands/scan-plugins.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-plugins.js","sourceRoot":"","sources":["../../../../src/cli/commands/scan-plugins.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,WAAW,EAAE,MAAM,sCAAsC,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,uCAAuC,CAAC;AASvG;;GAEG;AACH,SAAS,kBAAkB,CAAC,UAAkB;IAC5C,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAC;IAE7C,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;SAChE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;SAC5B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAE3C,KAAK,MAAM,SAAS,IAAI,OAAO,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACjD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;YAAE,SAAS;QAExC,MAAM,MAAM,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;aAC9D,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;aAC5B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QAE1C,KAAK,MAAM,QAAQ,IAAI,MAAM,EAAE,CAAC;YAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;YAClD,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC7B,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;AACtB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,UAA8B,EAAE;IACvE,8BAA8B;IAC9B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IAE5D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,uCAAuC,UAAU,EAAE,CAAC,CAAC,CAAC;QAC9E,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC,CAAC;QACnG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAElD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,iCAAiC,GAAG,UAAU,CAAC,CAAC,CAAC;QAC5E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,UAAU,CAAC,MAAM,8BAA8B,CAAC,CAAC,CAAC;IAErF,MAAM,OAAO,GAAqB,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QACpC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAE/B,IAAI,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClD,eAAe,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;QAClC,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC;QAC9D,IAAI,UAAU;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC;QAC/D,IAAI,WAAW;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjC,OAAO;IACT,CAAC;IAED,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAE1B,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC;IAC9D,IAAI,UAAU;QAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEhC,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC;IAC/D,IAAI,WAAW;QAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACnC,CAAC"}

package/dist/src/core/doctor/checkers/installation-health-checker.js

@@ -192,21 +192,21 @@ export class InstallationHealthChecker {
         if (missing.length > 0) {
             if (fix) {
                 try {
-                    execSync('specweave update', { stdio: 'pipe' });
+                    execSync('specweave refresh-plugins', { stdio: 'pipe' });
                     return {
                         name: 'Lockfile integrity',
                         status: 'warn',
-                        message: `${missing.length} skill(s) were missing, ran specweave update`,
+                        message: `${missing.length} skill(s) were missing, ran refresh-plugins`,
                         details: missing.map(m => `Missing: ${m}`),
-                        fixSuggestion: 'Ran: specweave update',
+                        fixSuggestion: 'Ran: specweave refresh-plugins',
                     };
                 }
                 catch (err) {
                     return {
                         name: 'Lockfile integrity',
                         status: 'fail',
-                        message: `specweave update failed: ${err instanceof Error ? err.message : 'unknown error'}`,
-                        fixSuggestion: 'Run: specweave update',
+                        message: `refresh-plugins failed: ${err instanceof Error ? err.message : 'unknown error'}`,
+                        fixSuggestion: 'Run: specweave refresh-plugins',
                     };
                 }
             }
@@ -215,7 +215,7 @@ export class InstallationHealthChecker {
                 status: 'fail',
                 message: `${missing.length} skill(s) missing from commands dir`,
                 details: missing.map(m => `Missing: ${m}`),
-                fixSuggestion: 'Run: specweave update',
+                fixSuggestion: 'Run: specweave refresh-plugins',
             };
         }
         if (mismatches.length > 0) {

package/dist/src/core/doctor/checkers/installation-health-checker.js.map

@@ -1 +1 @@
-{"version":3,"file":"installation-health-checker.js","sourceRoot":"","sources":["../../../../../src/core/doctor/checkers/installation-health-checker.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,UAAU,EACV,WAAW,EACX,QAAQ,EACR,YAAY,EACZ,aAAa,EACb,UAAU,EACV,MAAM,GACP,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAO9C,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EACL,sBAAsB,EACtB,iBAAiB,GAClB,MAAM,iCAAiC,CAAC;AAOzC,MAAM,OAAO,yBAAyB;IAKpC,YAAY,IAAgC;QAJ5C,aAAQ,GAAG,qBAAqB,CAAC;QAK/B,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,GAAG,IAAI,EAAE,WAAW,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAC1E,IAAI,CAAC,QAAQ,GAAG,IAAI,EAAE,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAC9E,CAAC;IAED,KAAK,CAAC,KAAK,CACT,WAAmB,EACnB,OAAsB;QAEtB,MAAM,MAAM,GAAkB,EAAE,CAAC;QAEjC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC;QAC3D,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC;QAC5D,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC;QAC5E,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC;QAEhE,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,sBAAsB,CAAC,MAAM,CAAC;YACtC,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,kBAAkB,CAAC,GAAY;QACrC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,IAAI,EAAE,sBAAsB;gBAC5B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,sCAAsC;aAChD,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,8CAA8C;QAC9C,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAEhD,KAAK,MAAM,OAAO,IAAI,OAAO,EAAE,CAAC;gBAC9B,IAAI,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;oBACpC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;gBACzC,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO;gBACL,IAAI,EAAE,sBAAsB;gBAC5B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,yBAAyB;aACnC,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,EAAE,CAAC;YACR,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;gBAC/C,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACzB,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,sBAAsB;gBAC5B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,GAAG,MAAM,CAAC,MAAM,qCAAqC;gBAC9D,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;gBACvC,aAAa,EAAE,WAAW,MAAM,CAAC,MAAM,gBAAgB;aACxD,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,sBAAsB;YAC5B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,GAAG,MAAM,CAAC,MAAM,4BAA4B;YACrD,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;YACvC,aAAa,EAAE,6BAA6B;SAC7C,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,mBAAmB,CAAC,GAAY;QACtC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,IAAI,EAAE,yBAAyB;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,mCAAmC;aAC7C,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,sCAAsC;QACtC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;gBACpC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;gBAC5C,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CACzB,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAC/C,CAAC;oBACF,OAAO,CAAC,IAAI,CAAC,sBAAsB,KAAK,KAAK,QAAQ,QAAQ,CAAC,CAAC;gBACjE,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,CAAC,IAAI,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,IAAI,EAAE,yBAAyB;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,4BAA4B;aACtC,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,EAAE,CAAC;YACR,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;gBAC1C,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACzB,MAAM,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;gBACrD,CAAC;YACH,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,yBAAyB;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,GAAG,QAAQ,CAAC,MAAM,iCAAiC;gBAC5D,OAAO;gBACP,aAAa,EAAE,WAAW,QAAQ,CAAC,MAAM,oBAAoB;aAC9D,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,yBAAyB;YAC/B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,GAAG,QAAQ,CAAC,MAAM,8BAA8B;YACzD,OAAO;YACP,aAAa,EAAE,6BAA6B;SAC7C,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,sBAAsB,CAC5B,WAAmB,EACnB,GAAY;QAEZ,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,sBAAsB;aAChC,CAAC;QACJ,CAAC;QAED,IAAI,QAKH,CAAC;QACF,IAAI,CAAC;YACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,6BAA6B;gBACtC,aAAa,EAAE,gCAAgC;aAChD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,+BAA+B;aACzC,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YAC9C,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,SAAS;YACX,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;gBAChD,IAAI,WAAW,KAAK,KAAK,CAAC,GAAG,EAAE,CAAC;oBAC9B,UAAU,CAAC,IAAI,CACb,GAAG,IAAI,cAAc,KAAK,CAAC,GAAG,SAAS,WAAW,EAAE,CACrD,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,0BAA0B,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC;oBACH,QAAQ,CAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;oBAChD,OAAO;wBACL,IAAI,EAAE,oBAAoB;wBAC1B,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE,GAAG,OAAO,CAAC,MAAM,8CAA8C;wBACxE,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC;wBAC1C,aAAa,EAAE,uBAAuB;qBACvC,CAAC;gBACJ,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO;wBACL,IAAI,EAAE,oBAAoB;wBAC1B,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;wBAC3F,aAAa,EAAE,uBAAuB;qBACvC,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,GAAG,OAAO,CAAC,MAAM,qCAAqC;gBAC/D,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC1C,aAAa,EAAE,uBAAuB;aACvC,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,IAAI,GAAG,EAAE,CAAC;gBACR,4DAA4D;gBAC5D,IAAI,CAAC;oBACH,MAAM,aAAa,GAA2B,EAAE,CAAC;oBACjD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;wBAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;wBAC9C,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;4BACzB,IAAI,CAAC;gCACH,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,GAAG,EAAE,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;4BACvE,CAAC;4BAAC,MAAM,CAAC;gCACP,aAAa,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;4BAC9B,CAAC;wBACH,CAAC;6BAAM,CAAC;4BACN,aAAa,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;wBAC9B,CAAC;oBACH,CAAC;oBACD,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;oBAClG,OAAO;wBACL,IAAI,EAAE,oBAAoB;wBAC1B,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,0CAA0C;wBACvE,aAAa,EAAE,yBAAyB;qBACzC,CAAC;gBACJ,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO;wBACL,IAAI,EAAE,oBAAoB;wBAC1B,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE,8BAA8B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;wBAC7F,OAAO,EAAE,UAAU;wBACnB,aAAa,EAAE,uBAAuB;qBACvC,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,6BAA6B;gBAC1D,OAAO,EAAE,UAAU;gBACnB,aAAa,EAAE,6BAA6B;aAC7C,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,oBAAoB;YAC1B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,iCAAiC;SAC3C,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,uBAAuB,CAAC,GAAY;QAC1C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,IAAI,EAAE,6BAA6B;gBACnC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,sCAAsC;aAChD,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAEhD,KAAK,MAAM,OAAO,IAAI,OAAO,EAAE,CAAC;gBAC9B,kEAAkE;gBAClE,gEAAgE;gBAChE,mEAAmE;gBACnE,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;gBAChD,MAAM,WAAW,GACf,QAAQ,KAAK,WAAW;oBACxB,QAAQ,KAAK,WAAW;oBACxB,QAAQ,KAAK,cAAc,CAAC;gBAE9B,IAAI,CAAC,WAAW,IAAI,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;oBACpD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;gBAC7C,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO;gBACL,IAAI,EAAE,6BAA6B;gBACnC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,8BAA8B;aACxC,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,EAAE,CAAC;YACR,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;gBAC3C,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACzB,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,6BAA6B;gBACnC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,sCAAsC;gBACnE,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC/C,aAAa,EAAE,WAAW,UAAU,CAAC,MAAM,oBAAoB;aAChE,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,6BAA6B;YACnC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,6BAA6B;YAC1D,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC;YAC/C,aAAa,EAAE,6BAA6B;SAC7C,CAAC;IACJ,CAAC;IAED,0EAA0E;IAE1E,+CAA+C;IACvC,QAAQ,CAAC,GAAW;QAC1B,IAAI,CAAC;YACH,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;gBACjC,IAAI,CAAC;oBACH,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC9C,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,yEAAyE;IACjE,WAAW,CAAC,GAAW,EAAE,MAAc;QAC7C,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;gBAClC,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;gBACtD,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBAChC,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;wBACvB,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;oBACvD,CAAC;yBAAM,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;wBAClD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACxB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,0BAA0B;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,8BAA8B;QAChC,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}
+{"version":3,"file":"installation-health-checker.js","sourceRoot":"","sources":["../../../../../src/core/doctor/checkers/installation-health-checker.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,UAAU,EACV,WAAW,EACX,QAAQ,EACR,YAAY,EACZ,aAAa,EACb,UAAU,EACV,MAAM,GACP,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAO9C,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EACL,sBAAsB,EACtB,iBAAiB,GAClB,MAAM,iCAAiC,CAAC;AAOzC,MAAM,OAAO,yBAAyB;IAKpC,YAAY,IAAgC;QAJ5C,aAAQ,GAAG,qBAAqB,CAAC;QAK/B,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QACvB,IAAI,CAAC,WAAW,GAAG,IAAI,EAAE,WAAW,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAC1E,IAAI,CAAC,QAAQ,GAAG,IAAI,EAAE,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAC9E,CAAC;IAED,KAAK,CAAC,KAAK,CACT,WAAmB,EACnB,OAAsB;QAEtB,MAAM,MAAM,GAAkB,EAAE,CAAC;QAEjC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC;QAC3D,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC;QAC5D,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC;QAC5E,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC;QAEhE,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,sBAAsB,CAAC,MAAM,CAAC;YACtC,MAAM;SACP,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,kBAAkB,CAAC,GAAY;QACrC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,IAAI,EAAE,sBAAsB;gBAC5B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,sCAAsC;aAChD,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,8CAA8C;QAC9C,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAEhD,KAAK,MAAM,OAAO,IAAI,OAAO,EAAE,CAAC;gBAC9B,IAAI,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;oBACpC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;gBACzC,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO;gBACL,IAAI,EAAE,sBAAsB;gBAC5B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,yBAAyB;aACnC,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,EAAE,CAAC;YACR,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;gBAC/C,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACzB,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,sBAAsB;gBAC5B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,GAAG,MAAM,CAAC,MAAM,qCAAqC;gBAC9D,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;gBACvC,aAAa,EAAE,WAAW,MAAM,CAAC,MAAM,gBAAgB;aACxD,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,sBAAsB;YAC5B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,GAAG,MAAM,CAAC,MAAM,4BAA4B;YACrD,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;YACvC,aAAa,EAAE,6BAA6B;SAC7C,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,mBAAmB,CAAC,GAAY;QACtC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,IAAI,EAAE,yBAAyB;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,mCAAmC;aAC7C,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,sCAAsC;QACtC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;gBACpC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;gBAC5C,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CACzB,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAC/C,CAAC;oBACF,OAAO,CAAC,IAAI,CAAC,sBAAsB,KAAK,KAAK,QAAQ,QAAQ,CAAC,CAAC;gBACjE,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,CAAC,IAAI,CAAC,sBAAsB,KAAK,EAAE,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,IAAI,EAAE,yBAAyB;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,4BAA4B;aACtC,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,EAAE,CAAC;YACR,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;gBAC1C,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACzB,MAAM,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;gBACrD,CAAC;YACH,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,yBAAyB;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,GAAG,QAAQ,CAAC,MAAM,iCAAiC;gBAC5D,OAAO;gBACP,aAAa,EAAE,WAAW,QAAQ,CAAC,MAAM,oBAAoB;aAC9D,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,yBAAyB;YAC/B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,GAAG,QAAQ,CAAC,MAAM,8BAA8B;YACzD,OAAO;YACP,aAAa,EAAE,6BAA6B;SAC7C,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,sBAAsB,CAC5B,WAAmB,EACnB,GAAY;QAEZ,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,sBAAsB;aAChC,CAAC;QACJ,CAAC;QAED,IAAI,QAKH,CAAC;QACF,IAAI,CAAC;YACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,6BAA6B;gBACtC,aAAa,EAAE,gCAAgC;aAChD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,+BAA+B;aACzC,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YAC9C,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,SAAS;YACX,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;gBAChD,IAAI,WAAW,KAAK,KAAK,CAAC,GAAG,EAAE,CAAC;oBAC9B,UAAU,CAAC,IAAI,CACb,GAAG,IAAI,cAAc,KAAK,CAAC,GAAG,SAAS,WAAW,EAAE,CACrD,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,UAAU,CAAC,IAAI,CAAC,GAAG,IAAI,0BAA0B,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC;oBACH,QAAQ,CAAC,2BAA2B,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;oBACzD,OAAO;wBACL,IAAI,EAAE,oBAAoB;wBAC1B,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE,GAAG,OAAO,CAAC,MAAM,6CAA6C;wBACvE,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC;wBAC1C,aAAa,EAAE,gCAAgC;qBAChD,CAAC;gBACJ,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO;wBACL,IAAI,EAAE,oBAAoB;wBAC1B,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE,2BAA2B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;wBAC1F,aAAa,EAAE,gCAAgC;qBAChD,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,GAAG,OAAO,CAAC,MAAM,qCAAqC;gBAC/D,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC1C,aAAa,EAAE,gCAAgC;aAChD,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,IAAI,GAAG,EAAE,CAAC;gBACR,4DAA4D;gBAC5D,IAAI,CAAC;oBACH,MAAM,aAAa,GAA2B,EAAE,CAAC;oBACjD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;wBAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;wBAC9C,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;4BACzB,IAAI,CAAC;gCACH,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,GAAG,EAAE,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;4BACvE,CAAC;4BAAC,MAAM,CAAC;gCACP,aAAa,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;4BAC9B,CAAC;wBACH,CAAC;6BAAM,CAAC;4BACN,aAAa,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;wBAC9B,CAAC;oBACH,CAAC;oBACD,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;oBAClG,OAAO;wBACL,IAAI,EAAE,oBAAoB;wBAC1B,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,0CAA0C;wBACvE,aAAa,EAAE,yBAAyB;qBACzC,CAAC;gBACJ,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO;wBACL,IAAI,EAAE,oBAAoB;wBAC1B,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE,8BAA8B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;wBAC7F,OAAO,EAAE,UAAU;wBACnB,aAAa,EAAE,uBAAuB;qBACvC,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,6BAA6B;gBAC1D,OAAO,EAAE,UAAU;gBACnB,aAAa,EAAE,6BAA6B;aAC7C,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,oBAAoB;YAC1B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,iCAAiC;SAC3C,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,uBAAuB,CAAC,GAAY;QAC1C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,IAAI,EAAE,6BAA6B;gBACnC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,sCAAsC;aAChD,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YAEhD,KAAK,MAAM,OAAO,IAAI,OAAO,EAAE,CAAC;gBAC9B,kEAAkE;gBAClE,gEAAgE;gBAChE,mEAAmE;gBACnE,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;gBAChD,MAAM,WAAW,GACf,QAAQ,KAAK,WAAW;oBACxB,QAAQ,KAAK,WAAW;oBACxB,QAAQ,KAAK,cAAc,CAAC;gBAE9B,IAAI,CAAC,WAAW,IAAI,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;oBACpD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;gBAC7C,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO;gBACL,IAAI,EAAE,6BAA6B;gBACnC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,8BAA8B;aACxC,CAAC;QACJ,CAAC;QAED,IAAI,GAAG,EAAE,CAAC;YACR,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;gBAC3C,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACzB,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,6BAA6B;gBACnC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,sCAAsC;gBACnE,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC/C,aAAa,EAAE,WAAW,UAAU,CAAC,MAAM,oBAAoB;aAChE,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,6BAA6B;YACnC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,6BAA6B;YAC1D,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC;YAC/C,aAAa,EAAE,6BAA6B;SAC7C,CAAC;IACJ,CAAC;IAED,0EAA0E;IAE1E,+CAA+C;IACvC,QAAQ,CAAC,GAAW;QAC1B,IAAI,CAAC;YACH,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;gBACjC,IAAI,CAAC;oBACH,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC9C,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,yEAAyE;IACjE,WAAW,CAAC,GAAW,EAAE,MAAc;QAC7C,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;gBAClC,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;gBACtD,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBAChC,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;wBACvB,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;oBACvD,CAAC;yBAAM,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;wBAClD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACxB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,0BAA0B;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,8BAA8B;QAChC,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}

package/dist/src/core/skill-security/index.d.ts

@@ -0,0 +1,9 @@
+export { SKILL_SECURITY_RULES } from './rules.js';
+export type { SkillSecurityRule } from './rules.js';
+export { extractCodeBlocks, extractBashBlocks } from './parser.js';
+export type { CodeBlock } from './parser.js';
+export { scanSkillMd } from './scanner.js';
+export type { SkillFinding, SkillScanResult } from './scanner.js';
+export { printScanReport, printBatchReport, toBatchJson } from './reporter.js';
+export type { BatchScanEntry } from './reporter.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/core/skill-security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/core/skill-security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAClD,YAAY,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACnE,YAAY,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC/E,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC"}

package/dist/src/core/skill-security/index.js

@@ -0,0 +1,5 @@
+export { SKILL_SECURITY_RULES } from './rules.js';
+export { extractCodeBlocks, extractBashBlocks } from './parser.js';
+export { scanSkillMd } from './scanner.js';
+export { printScanReport, printBatchReport, toBatchJson } from './reporter.js';
+//# sourceMappingURL=index.js.map

package/dist/src/core/skill-security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/core/skill-security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAElD,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEnE,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC"}

package/dist/src/core/skill-security/parser.d.ts

@@ -0,0 +1,27 @@
+/**
+ * SKILL.md parser — extracts fenced code blocks with line numbers.
+ */
+export interface CodeBlock {
+    /** Language specifier (e.g., "bash", "sh", "shell") */
+    lang: string;
+    /** Code block content (without fence lines) */
+    content: string;
+    /** 1-based line number of the opening fence (``` lang) */
+    startLine: number;
+}
+/**
+ * Extracts all fenced code blocks from markdown content.
+ *
+ * Given:
+ *   ```bash
+ *   curl $URL
+ *   ```
+ *
+ * Returns: [{ lang: "bash", content: "curl $URL\n", startLine: 1 }]
+ */
+export declare function extractCodeBlocks(markdown: string): CodeBlock[];
+/**
+ * Returns only bash/shell code blocks (lang is "bash", "sh", "shell", or empty).
+ */
+export declare function extractBashBlocks(markdown: string): CodeBlock[];
+//# sourceMappingURL=parser.d.ts.map

package/dist/src/core/skill-security/parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../../../src/core/skill-security/parser.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,SAAS;IACxB,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,+CAA+C;IAC/C,OAAO,EAAE,MAAM,CAAC;IAChB,0DAA0D;IAC1D,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAAE,CAsC/D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAAE,CAI/D"}

package/dist/src/core/skill-security/parser.js

@@ -0,0 +1,55 @@
+/**
+ * SKILL.md parser — extracts fenced code blocks with line numbers.
+ */
+/**
+ * Extracts all fenced code blocks from markdown content.
+ *
+ * Given:
+ *   ```bash
+ *   curl $URL
+ *   ```
+ *
+ * Returns: [{ lang: "bash", content: "curl $URL\n", startLine: 1 }]
+ */
+export function extractCodeBlocks(markdown) {
+    const lines = markdown.split('\n');
+    const blocks = [];
+    let inBlock = false;
+    let currentLang = '';
+    let currentLines = [];
+    let blockStartLine = 0;
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const fenceMatch = line.match(/^```(\w*)\s*$/);
+        if (!inBlock && fenceMatch) {
+            inBlock = true;
+            currentLang = fenceMatch[1] || '';
+            currentLines = [];
+            blockStartLine = i + 1; // 1-based
+            continue;
+        }
+        if (inBlock) {
+            if (/^```\s*$/.test(line)) {
+                blocks.push({
+                    lang: currentLang,
+                    content: currentLines.join('\n'),
+                    startLine: blockStartLine,
+                });
+                inBlock = false;
+                currentLang = '';
+                currentLines = [];
+            }
+            else {
+                currentLines.push(line);
+            }
+        }
+    }
+    return blocks;
+}
+/**
+ * Returns only bash/shell code blocks (lang is "bash", "sh", "shell", or empty).
+ */
+export function extractBashBlocks(markdown) {
+    return extractCodeBlocks(markdown).filter(b => ['bash', 'sh', 'shell', ''].includes(b.lang.toLowerCase()));
+}
+//# sourceMappingURL=parser.js.map

package/dist/src/core/skill-security/parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../../../src/core/skill-security/parser.ts"],"names":[],"mappings":"AAAA;;GAEG;AAWH;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,MAAM,GAAgB,EAAE,CAAC;IAE/B,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,YAAY,GAAa,EAAE,CAAC;IAChC,IAAI,cAAc,GAAG,CAAC,CAAC;IAEvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAI,CAAC,OAAO,IAAI,UAAU,EAAE,CAAC;YAC3B,OAAO,GAAG,IAAI,CAAC;YACf,WAAW,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClC,YAAY,GAAG,EAAE,CAAC;YAClB,cAAc,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;YAClC,SAAS;QACX,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;oBAChC,SAAS,EAAE,cAAc;iBAC1B,CAAC,CAAC;gBACH,OAAO,GAAG,KAAK,CAAC;gBAChB,WAAW,GAAG,EAAE,CAAC;gBACjB,YAAY,GAAG,EAAE,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,OAAO,iBAAiB,CAAC,QAAQ,CAAC,CAAC,MAAM,CACvC,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAChE,CAAC;AACJ,CAAC"}

package/dist/src/core/skill-security/reporter.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Report formatter for SKILL.md security scan results.
+ */
+import type { SkillScanResult } from './scanner.js';
+export interface BatchScanEntry {
+    file: string;
+    result: SkillScanResult;
+}
+/**
+ * Print a human-readable scan report for a single file.
+ */
+export declare function printScanReport(file: string, result: SkillScanResult): void;
+/**
+ * Print a batch scan summary table.
+ */
+export declare function printBatchReport(entries: BatchScanEntry[]): void;
+/**
+ * Serialize batch results to JSON for CI integration.
+ */
+export declare function toBatchJson(entries: BatchScanEntry[]): string;
+//# sourceMappingURL=reporter.d.ts.map

package/dist/src/core/skill-security/reporter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reporter.d.ts","sourceRoot":"","sources":["../../../../src/core/skill-security/reporter.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAgB,eAAe,EAAE,MAAM,cAAc,CAAC;AAUlE,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,eAAe,CAAC;CACzB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,GAAG,IAAI,CAqC3E;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,cAAc,EAAE,GAAG,IAAI,CA2ChE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,cAAc,EAAE,GAAG,MAAM,CAY7D"}

package/dist/src/core/skill-security/reporter.js

@@ -0,0 +1,121 @@
+/**
+ * Report formatter for SKILL.md security scan results.
+ */
+import chalk from 'chalk';
+const SEVERITY_COLORS = {
+    critical: chalk.bgRed.white.bold,
+    high: chalk.red.bold,
+    medium: chalk.yellow,
+    low: chalk.blue,
+    info: chalk.dim,
+};
+/**
+ * Print a human-readable scan report for a single file.
+ */
+export function printScanReport(file, result) {
+    console.log('');
+    console.log(chalk.bold(`  Scanning: ${file}`));
+    console.log(chalk.dim('  ' + '─'.repeat(50)));
+    if (result.findings.length === 0) {
+        console.log(chalk.green.bold('\n  PASSED — No findings\n'));
+        return;
+    }
+    // Group by severity
+    const bySeverity = groupBySeverity(result.findings);
+    const order = ['critical', 'high', 'medium', 'low', 'info'];
+    for (const sev of order) {
+        const findings = bySeverity[sev];
+        if (!findings?.length)
+            continue;
+        const colorFn = SEVERITY_COLORS[sev] || chalk.white;
+        console.log(`\n  ${colorFn(` ${sev.toUpperCase()} `)} (${findings.length})`);
+        for (const f of findings) {
+            console.log(`    ${chalk.dim('•')} [${chalk.cyan(f.ruleId)}] ${f.message}`);
+            console.log(`      ${chalk.dim(`line ${f.line}:`)} ${chalk.italic(f.matchedText.slice(0, 80))}`);
+            console.log(`      ${chalk.dim('fix:')} ${f.suggestedFix}`);
+        }
+    }
+    console.log('');
+    console.log(chalk.dim('  ' + '─'.repeat(50)));
+    const counts = getSeverityCounts(result.findings);
+    if (result.passed) {
+        const total = result.findings.length;
+        console.log(chalk.yellow.bold('  CONCERNS') + chalk.dim(` — ${total} finding(s) (no critical/high)`));
+    }
+    else {
+        console.log(chalk.red.bold('  FAILED') + ` — ${counts.critical} critical, ${counts.high} high finding(s)`);
+    }
+    console.log('');
+}
+/**
+ * Print a batch scan summary table.
+ */
+export function printBatchReport(entries) {
+    console.log('');
+    console.log(chalk.bold('  Plugin Security Scan — Batch Report'));
+    console.log(chalk.dim('  ' + '═'.repeat(70)));
+    let totalFindings = 0;
+    let failCount = 0;
+    let warnCount = 0;
+    let passCount = 0;
+    for (const { file, result } of entries) {
+        const counts = getSeverityCounts(result.findings);
+        totalFindings += result.findings.length;
+        const shortName = file.replace(/^.*plugins\//, '').replace(/\/SKILL\.md$/, '');
+        const status = result.exitCode === 0
+            ? chalk.green('PASS')
+            : result.exitCode === 1
+                ? chalk.yellow('WARN')
+                : chalk.red('FAIL');
+        const breakdown = result.findings.length === 0
+            ? chalk.dim('no findings')
+            : [
+                counts.critical > 0 ? chalk.red(`${counts.critical}C`) : '',
+                counts.high > 0 ? chalk.red(`${counts.high}H`) : '',
+                counts.medium > 0 ? chalk.yellow(`${counts.medium}M`) : '',
+                counts.low > 0 ? chalk.blue(`${counts.low}L`) : '',
+            ].filter(Boolean).join(' ');
+        console.log(`  ${status}  ${chalk.bold(shortName.padEnd(45))} ${breakdown}`);
+        if (result.exitCode === 2)
+            failCount++;
+        else if (result.exitCode === 1)
+            warnCount++;
+        else
+            passCount++;
+    }
+    console.log(chalk.dim('  ' + '─'.repeat(70)));
+    console.log(`  ${chalk.green(`${passCount} pass`)}  ${chalk.yellow(`${warnCount} warn`)}  ${chalk.red(`${failCount} fail`)}` +
+        chalk.dim(`  (${totalFindings} total findings across ${entries.length} skills)`));
+    console.log('');
+}
+/**
+ * Serialize batch results to JSON for CI integration.
+ */
+export function toBatchJson(entries) {
+    return JSON.stringify(entries.map(({ file, result }) => ({
+        file,
+        exitCode: result.exitCode,
+        passed: result.passed,
+        findings: result.findings,
+        counts: getSeverityCounts(result.findings),
+    })), null, 2);
+}
+function groupBySeverity(findings) {
+    const map = {};
+    for (const f of findings) {
+        if (!map[f.severity])
+            map[f.severity] = [];
+        map[f.severity].push(f);
+    }
+    return map;
+}
+function getSeverityCounts(findings) {
+    return {
+        critical: findings.filter(f => f.severity === 'critical').length,
+        high: findings.filter(f => f.severity === 'high').length,
+        medium: findings.filter(f => f.severity === 'medium').length,
+        low: findings.filter(f => f.severity === 'low').length,
+        info: findings.filter(f => f.severity === 'info').length,
+    };
+}
+//# sourceMappingURL=reporter.js.map

package/dist/src/core/skill-security/reporter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reporter.js","sourceRoot":"","sources":["../../../../src/core/skill-security/reporter.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B,MAAM,eAAe,GAA0C;IAC7D,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI;IAChC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI;IACpB,MAAM,EAAE,KAAK,CAAC,MAAM;IACpB,GAAG,EAAE,KAAK,CAAC,IAAI;IACf,IAAI,EAAE,KAAK,CAAC,GAAG;CAChB,CAAC;AAOF;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY,EAAE,MAAuB;IACnE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAE9C,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC;QAC5D,OAAO;IACT,CAAC;IAED,oBAAoB;IACpB,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpD,MAAM,KAAK,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAE5D,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,CAAC,QAAQ,EAAE,MAAM;YAAE,SAAS;QAChC,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,OAAO,OAAO,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,KAAK,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;QAC7E,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5E,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;YACjG,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAE9C,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAClD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,KAAK,gCAAgC,CAAC,CAAC,CAAC;IACxG,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,MAAM,MAAM,CAAC,QAAQ,cAAc,MAAM,CAAC,IAAI,kBAAkB,CAAC,CAAC;IAC7G,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAyB;IACxD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAE9C,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,KAAK,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;QACvC,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClD,aAAa,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAExC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QAC/E,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,KAAK,CAAC;YAClC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC;YACrB,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,CAAC;gBACrB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;gBACtB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAExB,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;YAC5C,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC;YAC1B,CAAC,CAAC;gBACA,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC3D,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;gBACnD,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;gBAC1D,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;aACnD,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE9B,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,KAAK,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,SAAS,EAAE,CAAC,CAAC;QAE7E,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC;YAAE,SAAS,EAAE,CAAC;aAClC,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC;YAAE,SAAS,EAAE,CAAC;;YACvC,SAAS,EAAE,CAAC;IACnB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CACT,KAAK,KAAK,CAAC,KAAK,CAAC,GAAG,SAAS,OAAO,CAAC,KAAK,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,OAAO,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,GAAG,SAAS,OAAO,CAAC,EAAE;QAChH,KAAK,CAAC,GAAG,CAAC,MAAM,aAAa,0BAA0B,OAAO,CAAC,MAAM,UAAU,CAAC,CACjF,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,OAAyB;IACnD,OAAO,IAAI,CAAC,SAAS,CACnB,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;QACjC,IAAI;QACJ,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,MAAM,EAAE,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC;KAC3C,CAAC,CAAC,EACH,IAAI,EACJ,CAAC,CACF,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,QAAwB;IAC/C,MAAM,GAAG,GAAmC,EAAE,CAAC;IAC/C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;YAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;QAC3C,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAwB;IACjD,OAAO;QACL,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;QAChE,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;QACxD,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;QAC5D,GAAG,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;QACtD,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;KACzD,CAAC;AACJ,CAAC"}

package/dist/src/core/skill-security/rules.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Structured detection rules for SKILL.md self-scan.
+ * Maps to Gen Agent Trust Hub audit categories.
+ */
+export interface SkillSecurityRule {
+    /** Unique rule identifier (Gen Agent Trust Hub category) */
+    id: string;
+    /** Finding category label */
+    category: string;
+    /** Severity level */
+    severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
+    /** Regex pattern to match against content */
+    pattern: RegExp;
+    /** Human-readable description of the finding */
+    message: string;
+    /** Actionable fix suggestion */
+    suggestedFix: string;
+    /** If true, only scan inside bash/shell code blocks */
+    codeBlockOnly?: boolean;
+}
+/**
+ * All detection rules, ordered by severity (medium → low)
+ */
+export declare const SKILL_SECURITY_RULES: SkillSecurityRule[];
+//# sourceMappingURL=rules.d.ts.map

package/dist/src/core/skill-security/rules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.d.ts","sourceRoot":"","sources":["../../../../src/core/skill-security/rules.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,iBAAiB;IAChC,4DAA4D;IAC5D,EAAE,EAAE,MAAM,CAAC;IACX,6BAA6B;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC1D,6CAA6C;IAC7C,OAAO,EAAE,MAAM,CAAC;IAChB,gDAAgD;IAChD,OAAO,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,uDAAuD;IACvD,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAiID;;GAEG;AACH,eAAO,MAAM,oBAAoB,EAAE,iBAAiB,EAKnD,CAAC"}

package/dist/src/core/skill-security/rules.js

@@ -0,0 +1,137 @@
+/**
+ * Structured detection rules for SKILL.md self-scan.
+ * Maps to Gen Agent Trust Hub audit categories.
+ */
+/**
+ * CREDENTIALS_UNSAFE (MEDIUM)
+ * Skills that instruct agents to collect or write secrets.
+ */
+const CREDENTIALS_UNSAFE_RULES = [
+    {
+        id: 'CREDENTIALS_UNSAFE',
+        category: 'credentials-unsafe',
+        severity: 'medium',
+        pattern: /cat\s+>>?\s*\.env|echo\s+\w+=.*>>?\s*\.env|>>?\s*\.env\b/,
+        message: 'CREDENTIALS_UNSAFE: Bash snippet writes to .env file',
+        suggestedFix: 'Skills should only CHECK for credential presence (e.g., grep -q KEY .env), never write or append secrets.',
+        codeBlockOnly: true,
+    },
+    {
+        id: 'CREDENTIALS_UNSAFE',
+        category: 'credentials-unsafe',
+        severity: 'medium',
+        pattern: /echo\s+[A-Z_][A-Z0-9_]*=/,
+        message: 'CREDENTIALS_UNSAFE: Bash snippet echoes a secret variable assignment',
+        suggestedFix: 'Avoid echoing credential assignments. Use grep -q to check if a key already exists.',
+        codeBlockOnly: true,
+    },
+    {
+        id: 'CREDENTIALS_UNSAFE',
+        category: 'credentials-unsafe',
+        severity: 'medium',
+        pattern: /(?:please\s+)?(?:provide|enter|share|give|ask\s+for|supply|add)\s+(?:your\s+)?(?:api\s+)?(?:token|secret|key|password|credential|auth)/i,
+        message: 'CREDENTIALS_UNSAFE: Skill instructs agent to prompt user for secrets',
+        suggestedFix: 'Check for credential presence via environment variables or config files; never ask the user to type secrets.',
+        codeBlockOnly: false,
+    },
+];
+/**
+ * DATA_EXFILTRATION (MEDIUM)
+ * Skills that read secrets and transmit to user-controlled destinations.
+ */
+const DATA_EXFILTRATION_RULES = [
+    {
+        id: 'DATA_EXFILTRATION',
+        category: 'data-exfiltration',
+        severity: 'medium',
+        pattern: /\bcurl\b[^\n]*\$\{?[A-Za-z_]\w*\}?/,
+        message: 'DATA_EXFILTRATION: curl uses a variable URL without domain validation',
+        suggestedFix: 'Validate domain strictly (allowlist of known-safe hostnames), enforce HTTPS-only, and prevent SSRF (block localhost/private IPs).',
+        codeBlockOnly: true,
+    },
+    {
+        id: 'DATA_EXFILTRATION',
+        category: 'data-exfiltration',
+        severity: 'medium',
+        pattern: /\bfetch\s*\(\s*\$\{?[A-Za-z_]\w*\}?/,
+        message: 'DATA_EXFILTRATION: fetch() uses a variable URL without domain validation',
+        suggestedFix: 'Validate the URL against an allowlist of known-safe domains before making the request.',
+        codeBlockOnly: true,
+    },
+    {
+        id: 'DATA_EXFILTRATION',
+        category: 'data-exfiltration',
+        severity: 'medium',
+        pattern: /https?:\/\/\*\.|domain\s*validation\s*allows\s*wildcards/i,
+        message: 'DATA_EXFILTRATION: Domain validation allows wildcards (potential SSRF)',
+        suggestedFix: 'Use strict hostname allowlists. Wildcards in domain validation enable SSRF attacks.',
+        codeBlockOnly: false,
+    },
+];
+/**
+ * COMMAND_EXECUTION (LOW)
+ * Bash snippets with unquoted variable interpolation or dynamic shell execution.
+ */
+const COMMAND_EXECUTION_RULES = [
+    {
+        id: 'COMMAND_EXECUTION',
+        category: 'command-execution',
+        severity: 'low',
+        pattern: /\b(?:eval|source)\s+\$[A-Za-z_]/,
+        message: 'COMMAND_EXECUTION: eval/source with variable argument enables arbitrary code execution',
+        suggestedFix: 'Avoid eval/source with variable arguments. Use explicit paths or validated input.',
+        codeBlockOnly: true,
+    },
+    {
+        id: 'COMMAND_EXECUTION',
+        category: 'command-execution',
+        severity: 'low',
+        pattern: /\bsh\s+-c\s+["']?\$[A-Za-z_]/,
+        message: 'COMMAND_EXECUTION: sh -c with unquoted variable input enables shell injection',
+        suggestedFix: 'Pass sh -c arguments as array elements, not interpolated strings. Validate all dynamic input before execution.',
+        codeBlockOnly: true,
+    },
+    {
+        id: 'COMMAND_EXECUTION',
+        category: 'command-execution',
+        severity: 'low',
+        pattern: /\b\w[\w-]+\s+\$[A-Z_][A-Z0-9_]*\b(?!\s*=)/,
+        message: 'COMMAND_EXECUTION: Command uses unquoted variable argument (risk of word splitting/globbing)',
+        suggestedFix: 'Double-quote all variable references: use "$VARIABLE" instead of $VARIABLE in command arguments.',
+        codeBlockOnly: true,
+    },
+];
+/**
+ * PROMPT_INJECTION (LOW)
+ * User input interpolated without boundary markers or sanitization.
+ */
+const PROMPT_INJECTION_RULES = [
+    {
+        id: 'PROMPT_INJECTION',
+        category: 'prompt-injection',
+        severity: 'low',
+        pattern: /\$\{?(?:USER_INPUT|USER_QUERY|INPUT|QUERY|REQUEST|USER_DATA|UNTRUSTED|RAW_INPUT)\}?/i,
+        message: 'PROMPT_INJECTION: User-supplied input variable interpolated without sanitization',
+        suggestedFix: 'Validate input against an allowlist regex before use. Add boundary markers (e.g., "--- USER INPUT ---") to separate trusted from untrusted content.',
+        codeBlockOnly: false,
+    },
+    {
+        id: 'PROMPT_INJECTION',
+        category: 'prompt-injection',
+        severity: 'low',
+        pattern: /\{\{[^}]+\}\}.*without\s+(?:sanitiz|validat|escap)/i,
+        message: 'PROMPT_INJECTION: Template interpolation without sanitization noted',
+        suggestedFix: 'Add explicit sanitization or validation before interpolating dynamic content.',
+        codeBlockOnly: false,
+    },
+];
+/**
+ * All detection rules, ordered by severity (medium → low)
+ */
+export const SKILL_SECURITY_RULES = [
+    ...CREDENTIALS_UNSAFE_RULES,
+    ...DATA_EXFILTRATION_RULES,
+    ...COMMAND_EXECUTION_RULES,
+    ...PROMPT_INJECTION_RULES,
+];
+//# sourceMappingURL=rules.js.map

package/dist/src/core/skill-security/rules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.js","sourceRoot":"","sources":["../../../../src/core/skill-security/rules.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAmBH;;;GAGG;AACH,MAAM,wBAAwB,GAAwB;IACpD;QACE,EAAE,EAAE,oBAAoB;QACxB,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,0DAA0D;QACnE,OAAO,EAAE,sDAAsD;QAC/D,YAAY,EAAE,2GAA2G;QACzH,aAAa,EAAE,IAAI;KACpB;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,0BAA0B;QACnC,OAAO,EAAE,sEAAsE;QAC/E,YAAY,EAAE,qFAAqF;QACnG,aAAa,EAAE,IAAI;KACpB;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,yIAAyI;QAClJ,OAAO,EAAE,sEAAsE;QAC/E,YAAY,EAAE,8GAA8G;QAC5H,aAAa,EAAE,KAAK;KACrB;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,uBAAuB,GAAwB;IACnD;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,mBAAmB;QAC7B,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,oCAAoC;QAC7C,OAAO,EAAE,uEAAuE;QAChF,YAAY,EAAE,mIAAmI;QACjJ,aAAa,EAAE,IAAI;KACpB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,mBAAmB;QAC7B,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,qCAAqC;QAC9C,OAAO,EAAE,0EAA0E;QACnF,YAAY,EAAE,wFAAwF;QACtG,aAAa,EAAE,IAAI;KACpB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,mBAAmB;QAC7B,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,2DAA2D;QACpE,OAAO,EAAE,wEAAwE;QACjF,YAAY,EAAE,qFAAqF;QACnG,aAAa,EAAE,KAAK;KACrB;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,uBAAuB,GAAwB;IACnD;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,mBAAmB;QAC7B,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,iCAAiC;QAC1C,OAAO,EAAE,wFAAwF;QACjG,YAAY,EAAE,mFAAmF;QACjG,aAAa,EAAE,IAAI;KACpB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,mBAAmB;QAC7B,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,8BAA8B;QACvC,OAAO,EAAE,+EAA+E;QACxF,YAAY,EAAE,gHAAgH;QAC9H,aAAa,EAAE,IAAI;KACpB;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,mBAAmB;QAC7B,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,2CAA2C;QACpD,OAAO,EAAE,8FAA8F;QACvG,YAAY,EAAE,kGAAkG;QAChH,aAAa,EAAE,IAAI;KACpB;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,sBAAsB,GAAwB;IAClD;QACE,EAAE,EAAE,kBAAkB;QACtB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,sFAAsF;QAC/F,OAAO,EAAE,kFAAkF;QAC3F,YAAY,EAAE,qJAAqJ;QACnK,aAAa,EAAE,KAAK;KACrB;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,QAAQ,EAAE,kBAAkB;QAC5B,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,qDAAqD;QAC9D,OAAO,EAAE,qEAAqE;QAC9E,YAAY,EAAE,+EAA+E;QAC7F,aAAa,EAAE,KAAK;KACrB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAwB;IACvD,GAAG,wBAAwB;IAC3B,GAAG,uBAAuB;IAC1B,GAAG,uBAAuB;IAC1B,GAAG,sBAAsB;CAC1B,CAAC"}

package/dist/src/core/skill-security/scanner.d.ts

@@ -0,0 +1,41 @@
+/**
+ * SKILL.md self-scan scanner.
+ * Applies detection rules against SKILL.md content and bash code blocks.
+ */
+import { SkillSecurityRule } from './rules.js';
+export interface SkillFinding {
+    /** Rule identifier (e.g., "CREDENTIALS_UNSAFE") */
+    ruleId: string;
+    /** Finding category */
+    category: string;
+    /** Severity level */
+    severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
+    /** Human-readable finding description */
+    message: string;
+    /** Suggested fix */
+    suggestedFix: string;
+    /** 1-based line number in the original file */
+    line: number;
+    /** The matched text snippet */
+    matchedText: string;
+}
+export interface SkillScanResult {
+    /**
+     * Exit code:
+     *   0 = pass (no findings)
+     *   1 = concerns (medium or low only)
+     *   2 = fail (critical or high)
+     */
+    exitCode: 0 | 1 | 2;
+    /** Whether the scan passed (no critical/high findings) */
+    passed: boolean;
+    /** All findings */
+    findings: SkillFinding[];
+}
+/**
+ * Scan SKILL.md content using structured detection rules.
+ * Rules marked `codeBlockOnly: true` only apply inside bash code blocks.
+ * Other rules apply to the full markdown content.
+ */
+export declare function scanSkillMd(content: string, rules?: SkillSecurityRule[]): SkillScanResult;
+//# sourceMappingURL=scanner.d.ts.map

package/dist/src/core/skill-security/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../../../src/core/skill-security/scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAwB,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAGrE,MAAM,WAAW,YAAY;IAC3B,mDAAmD;IACnD,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC1D,yCAAyC;IACzC,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,+CAA+C;IAC/C,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B;;;;;OAKG;IACH,QAAQ,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACpB,0DAA0D;IAC1D,MAAM,EAAE,OAAO,CAAC;IAChB,mBAAmB;IACnB,QAAQ,EAAE,YAAY,EAAE,CAAC;CAC1B;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,GAAE,iBAAiB,EAAyB,GAAG,eAAe,CAwE/G"}

package/dist/src/core/skill-security/scanner.js

@@ -0,0 +1,78 @@
+/**
+ * SKILL.md self-scan scanner.
+ * Applies detection rules against SKILL.md content and bash code blocks.
+ */
+import { SKILL_SECURITY_RULES } from './rules.js';
+import { extractBashBlocks } from './parser.js';
+/**
+ * Scan SKILL.md content using structured detection rules.
+ * Rules marked `codeBlockOnly: true` only apply inside bash code blocks.
+ * Other rules apply to the full markdown content.
+ */
+export function scanSkillMd(content, rules = SKILL_SECURITY_RULES) {
+    const findings = [];
+    const allLines = content.split('\n');
+    // Build a set of line ranges for bash code blocks (1-based)
+    const bashBlocks = extractBashBlocks(content);
+    const bashBlockLines = new Set();
+    for (const block of bashBlocks) {
+        const blockLineCount = block.content.split('\n').length;
+        for (let offset = 0; offset < blockLineCount; offset++) {
+            bashBlockLines.add(block.startLine + 1 + offset); // +1 because startLine is the fence
+        }
+    }
+    // Separate rules by scope
+    const codeOnlyRules = rules.filter(r => r.codeBlockOnly);
+    const fullContentRules = rules.filter(r => !r.codeBlockOnly);
+    // Apply full-content rules to every line
+    for (let i = 0; i < allLines.length; i++) {
+        const line = allLines[i];
+        const lineNum = i + 1;
+        for (const rule of fullContentRules) {
+            if (rule.pattern.test(line)) {
+                const match = line.match(rule.pattern);
+                findings.push({
+                    ruleId: rule.id,
+                    category: rule.category,
+                    severity: rule.severity,
+                    message: rule.message,
+                    suggestedFix: rule.suggestedFix,
+                    line: lineNum,
+                    matchedText: match?.[0] ?? line.trim().slice(0, 60),
+                });
+            }
+        }
+    }
+    // Apply code-block-only rules to lines inside bash blocks
+    for (let i = 0; i < allLines.length; i++) {
+        const lineNum = i + 1;
+        if (!bashBlockLines.has(lineNum))
+            continue;
+        const line = allLines[i];
+        for (const rule of codeOnlyRules) {
+            if (rule.pattern.test(line)) {
+                const match = line.match(rule.pattern);
+                findings.push({
+                    ruleId: rule.id,
+                    category: rule.category,
+                    severity: rule.severity,
+                    message: rule.message,
+                    suggestedFix: rule.suggestedFix,
+                    line: lineNum,
+                    matchedText: match?.[0] ?? line.trim().slice(0, 60),
+                });
+            }
+        }
+    }
+    // Sort findings by line number
+    findings.sort((a, b) => a.line - b.line);
+    const hasCriticalOrHigh = findings.some(f => f.severity === 'critical' || f.severity === 'high');
+    const hasAny = findings.length > 0;
+    const exitCode = hasCriticalOrHigh ? 2 : hasAny ? 1 : 0;
+    return {
+        exitCode,
+        passed: !hasCriticalOrHigh,
+        findings,
+    };
+}
+//# sourceMappingURL=scanner.js.map

package/dist/src/core/skill-security/scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../../../src/core/skill-security/scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,oBAAoB,EAAqB,MAAM,YAAY,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAiChD;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe,EAAE,QAA6B,oBAAoB;IAC5F,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,4DAA4D;IAC5D,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QACxD,KAAK,IAAI,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,cAAc,EAAE,MAAM,EAAE,EAAE,CAAC;YACvD,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,oCAAoC;QACxF,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;IACzD,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC;IAE7D,yCAAyC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;QACtB,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACvC,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,YAAY,EAAE,IAAI,CAAC,YAAY;oBAC/B,IAAI,EAAE,OAAO;oBACb,WAAW,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;iBACpD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,0DAA0D;IAC1D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC;YAAE,SAAS;QAC3C,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACzB,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACvC,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,YAAY,EAAE,IAAI,CAAC,YAAY;oBAC/B,IAAI,EAAE,OAAO;oBACb,WAAW,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;iBACpD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IAEzC,MAAM,iBAAiB,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IACjG,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAEnC,MAAM,QAAQ,GAAc,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnE,OAAO;QACL,QAAQ;QACR,MAAM,EAAE,CAAC,iBAAiB;QAC1B,QAAQ;KACT,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "specweave",
-  "version": "1.0.299",
+  "version": "1.0.300",
   "description": "Spec-driven development framework for AI coding agents. Works with Claude Code, Codex, Antigravity, Cursor, Copilot & more. 100+ skills, 49 CLI commands, verified skill certification, autonomous execution, and living documentation.",
   "type": "module",
   "main": "dist/index.js",

package/plugins/specweave/hooks/user-prompt-submit.sh

@@ -1158,6 +1158,16 @@ if [[ "${SPECWEAVE_DISABLE_AUTO_LOAD:-0}" != "1" ]] && [[ "${SPECWEAVE_DISABLE_H
     # Quick skip: already using /sw: commands (user is in workflow)
     if ! echo "$PROMPT" | grep -qE "^[[:space:]]*/sw:"; then
 
+      # BYPASS: Native Claude Code slash commands (e.g., /context, /help, /doctor)
+      # Prevents 15s detect-intent timeout -> LLM_DETECTION_FAILED -> keyword fallback
+      # that falsely matches "test" as substring inside "/context". Pattern matches
+      # /word or /word-word prompts that do not mention specweave.
+      if echo "$PROMPT" | grep -qE "^[[:space:]]*/[a-z][a-z0-9-]*([[:space:]]|$)" &&
+         ! echo "$PROMPT" | grep -qiE "specweave"; then
+        echo '{"decision":"approve"}'
+        exit 0
+      fi
+
       # Check if specweave CLI is available
       if command -v specweave >/dev/null 2>&1; then
         # Setup logging (use project root, never create dirs at $HOME)

package/plugins/specweave/skills/increment/SKILL.md

@@ -20,9 +20,15 @@ hooks:
 
 # Plan Product Increment
 
-## CRITICAL: Plan Mode Required
+## CRITICAL: Plan Mode Required (BLOCKING)
 
-**Before executing this skill, you MUST be in plan mode.** If you are not currently in plan mode, call `EnterPlanMode` first. Increment planning is ALWAYS a planning activity — never skip straight to implementation.
+**You MUST be in plan mode before proceeding.** If not, call `EnterPlanMode` now and wait for confirmation before continuing to Step 0A.
+
+1. Call `EnterPlanMode` immediately
+2. Wait for plan mode confirmation
+3. Then proceed to Step 0A
+
+Increment planning produces specs, plans, and task breakdowns that require user review. Do not skip plan mode or defer it — the user must approve the plan before any implementation begins.
 
 ## Project Overrides
 

package/plugins/specweave/skills/team-lead/SKILL.md

@@ -27,7 +27,9 @@ description: Orchestrate multi-agent parallel development with domain-specialize
 | Action | Tool | Parameters |
 |--------|------|------------|
 | Create team | `TeamCreate` | `team_name`, `description` |
-| Spawn agent | `Task` | `team_name`, `name`, `subagent_type`, `prompt` |
+| Spawn agent | `Task` | `team_name`, `name`, `subagent_type`, `prompt`, `mode` |
+| Spawn agent (plan mode) | `Task` | `mode: "plan"` — agent must submit plan for team lead review |
+| Approve/reject plan | `SendMessage` | `type: "plan_approval_response"`, `request_id`, `recipient`, `approve`, `content` |
 | Send message | `SendMessage` | `type`, `recipient`, `content`, `summary` |
 | Shutdown agent | `SendMessage` | `type: "shutdown_request"`, `recipient` |
 
@@ -191,6 +193,58 @@ Analyze domains
 
 ---
 
+## 3b. Plan Review Workflow
+
+The team lead acts as **architectural reviewer** for all sub-agent plans. Do NOT auto-accept plans.
+
+### Why Review
+
+Without review, agents may duplicate work across domains, misinterpret scope, make conflicting architectural decisions, or produce plans misaligned with the spec.
+
+### Protocol
+
+**Spawn all agents with `mode: "plan"`.** This forces agents to call `ExitPlanMode` before implementing, which sends a `plan_approval_request` to the team lead.
+
+When you receive a plan approval request:
+
+1. **Read the plan** — check the agent's spec.md, plan.md, and tasks.md
+2. **Evaluate**:
+   - Does it align with the feature spec and ACs?
+   - Is the architecture consistent with existing codebase patterns?
+   - Does the agent stay within its file ownership boundaries?
+   - Are there conflicts with other agents' plans?
+   - Is scope correct — not too broad, not too narrow?
+3. **Approve or reject**:
+
+```
+// Approve
+SendMessage({
+  type: "plan_approval_response",
+  request_id: "<from plan_approval_request>",
+  recipient: "database-agent",
+  approve: true
+});
+
+// Reject with feedback
+SendMessage({
+  type: "plan_approval_response",
+  request_id: "<from plan_approval_request>",
+  recipient: "database-agent",
+  approve: false,
+  content: "Revise: 1) Add index on user_id for sessions. 2) Missing migration for AC-US1-03."
+});
+```
+
+### Non-Blocking Review
+
+Plan review MUST NOT block other agents. Review plans as they arrive — agents waiting for approval are idle, but other agents continue working normally.
+
+### Multi-Increment Consideration
+
+For very large features, the team lead MAY split work into multiple increments per domain for better tracking and independent closure. Decide this during initial analysis (Step 1), before spawning agents.
+
+---
+
 ## 4. Agent Spawn Prompt Templates
 
 Each agent receives a detailed prompt that includes its skill invocations, file ownership, and workflow instructions.
@@ -528,11 +582,14 @@ TeamCreate({
 
 ### Step 2: Spawn Upstream Agents (Phase 1)
 
+All agents are spawned with `mode: "plan"` so the team lead reviews their plans before implementation (see Section 3b).
+
 ```typescript
 Task({
   team_name: "feature-checkout",
   name: "database-agent",
   subagent_type: "general-purpose",
+  mode: "plan",
   prompt: `[DATABASE AGENT PROMPT - see template in Section 4c]`,
 });
 
@@ -540,6 +597,7 @@ Task({
   team_name: "feature-checkout",
   name: "shared-types-agent",
   subagent_type: "general-purpose",
+  mode: "plan",
   prompt: `[SHARED/TYPES AGENT PROMPT]`,
 });
 ```
@@ -555,6 +613,7 @@ Task({
   team_name: "feature-checkout",
   name: "backend-agent",
   subagent_type: "general-purpose",
+  mode: "plan",
   prompt: `[BACKEND AGENT PROMPT - see template in Section 4b]`,
 });
 
@@ -562,6 +621,7 @@ Task({
   team_name: "feature-checkout",
   name: "frontend-agent",
   subagent_type: "general-purpose",
+  mode: "plan",
   prompt: `[FRONTEND AGENT PROMPT - see template in Section 4a]`,
 });
 
@@ -569,6 +629,7 @@ Task({
   team_name: "feature-checkout",
   name: "testing-agent",
   subagent_type: "general-purpose",
+  mode: "plan",
   prompt: `[TESTING AGENT PROMPT - see template in Section 4d]`,
 });
 ```
@@ -625,12 +686,15 @@ Orchestrator Final Check:
 ```
 /sw:team-lead "Build checkout flow"
   │
-  ├── Step 1: Analyze feature -> identify domains
+  ├── Step 1: Analyze feature -> identify domains -> decide increment split
   ├── Step 2: Create team via TeamCreate
   ├── Step 3: Create per-domain increments
-  ├── Step 4: Contract-first spawning
-  │     ├── Phase 1: Spawn shared + database -> wait for CONTRACT_READY
-  │     └── Phase 2: Spawn backend + frontend + testing (parallel)
+  ├── Step 4: Contract-first spawning (all agents with mode: "plan")
+  │     ├── Phase 1: Spawn shared + database
+  │     │     └── Review & approve each agent's plan (Section 3b)
+  │     │     └── Wait for CONTRACT_READY after approval
+  │     └── Phase 2: Spawn backend + frontend + testing
+  │           └── Review & approve each agent's plan
   ├── Step 5: Monitor progress via SendMessage
   ├── Step 6: Quality gates (each agent runs /sw:grill)
   └── Step 7: Merge and close (/sw:team-merge)