zora-agent 0.9.4 → 0.9.6

package/dist/security/policy-serializer.js

@@ -0,0 +1,100 @@
+/**
+ * Policy serialization and summary utilities.
+ *
+ * Extracted from PolicyEngine to separate concerns:
+ * - Human-readable policy summaries (for system prompt injection)
+ * - TOML file serialization (for runtime policy persistence)
+ */
+import fs from 'node:fs';
+import { createLogger } from '../utils/logger.js';
+const log = createLogger('policy-serializer');
+/**
+ * Returns a short text summary of the current policy for system prompt injection.
+ * Intentionally terse to minimize context usage.
+ */
+export function getPolicySummary(policy) {
+    const fsPolicy = policy.filesystem;
+    const sh = policy.shell;
+    const lines = [];
+    if (fsPolicy.allowed_paths.length === 0) {
+        lines.push('Filesystem: LOCKED (no paths allowed)');
+    }
+    else {
+        lines.push(`Filesystem: ${fsPolicy.allowed_paths.join(', ')}`);
+    }
+    if (fsPolicy.denied_paths.length > 0) {
+        lines.push(`Denied: ${fsPolicy.denied_paths.join(', ')}`);
+    }
+    if (sh.mode === 'deny_all') {
+        lines.push('Shell: DISABLED (no commands allowed)');
+    }
+    else if (sh.mode === 'allowlist') {
+        lines.push(`Shell: ${sh.allowed_commands.join(', ')}`);
+    }
+    else {
+        lines.push('Shell: denylist mode');
+    }
+    if (policy.budget) {
+        const b = policy.budget;
+        lines.push(`Budget: ${b.max_actions_per_session || 'unlimited'} actions/session, ${b.token_budget || 'unlimited'} tokens`);
+    }
+    if (policy.dry_run?.enabled) {
+        lines.push('Dry Run: ENABLED (write operations will be previewed only)');
+    }
+    return lines.join('\n');
+}
+/**
+ * Writes the policy state to a TOML file.
+ * Builds TOML manually for simplicity (avoids needing smol-toml at runtime).
+ */
+export function writePolicyFile(policy, filePath) {
+    try {
+        // Build TOML manually for simplicity (avoids needing smol-toml at runtime here)
+        const lines = [
+            '# Zora Security Policy — auto-generated (runtime expansion applied)',
+            '',
+            '[filesystem]',
+            `allowed_paths = ${JSON.stringify(policy.filesystem.allowed_paths)}`,
+            `denied_paths = ${JSON.stringify(policy.filesystem.denied_paths)}`,
+            `resolve_symlinks = ${policy.filesystem.resolve_symlinks}`,
+            `follow_symlinks = ${policy.filesystem.follow_symlinks}`,
+            '',
+            '[shell]',
+            `mode = "${policy.shell.mode}"`,
+            `allowed_commands = ${JSON.stringify(policy.shell.allowed_commands)}`,
+            `denied_commands = ${JSON.stringify(policy.shell.denied_commands)}`,
+            `split_chained_commands = ${policy.shell.split_chained_commands}`,
+            `max_execution_time = "${policy.shell.max_execution_time}"`,
+            '',
+            '[actions]',
+            `reversible = ${JSON.stringify(policy.actions.reversible)}`,
+            `irreversible = ${JSON.stringify(policy.actions.irreversible)}`,
+            `always_flag = ${JSON.stringify(policy.actions.always_flag)}`,
+            '',
+            '[network]',
+            `allowed_domains = ${JSON.stringify(policy.network.allowed_domains)}`,
+            `denied_domains = ${JSON.stringify(policy.network.denied_domains)}`,
+            `max_request_size = "${policy.network.max_request_size}"`,
+            '',
+        ];
+        // Serialize budget section if present
+        if (policy.budget) {
+            const b = policy.budget;
+            lines.push('[budget]', `max_actions_per_session = ${b.max_actions_per_session}`, `token_budget = ${b.token_budget}`, `on_exceed = "${b.on_exceed}"`, '', '[budget.max_actions_per_type]');
+            for (const [type, limit] of Object.entries(b.max_actions_per_type)) {
+                lines.push(`${type} = ${limit}`);
+            }
+            lines.push('');
+        }
+        // Serialize dry_run section if present
+        if (policy.dry_run) {
+            const dr = policy.dry_run;
+            lines.push('[dry_run]', `enabled = ${dr.enabled}`, `tools = ${JSON.stringify(dr.tools)}`, `audit_dry_runs = ${dr.audit_dry_runs}`, '');
+        }
+        fs.writeFileSync(filePath, lines.join('\n'), 'utf-8');
+    }
+    catch (err) {
+        log.error({ err: err instanceof Error ? err.message : String(err) }, 'Failed to persist policy expansion');
+    }
+}
+//# sourceMappingURL=policy-serializer.js.map

package/dist/security/policy-serializer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-serializer.js","sourceRoot":"","sources":["../../src/security/policy-serializer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,GAAG,GAAG,YAAY,CAAC,mBAAmB,CAAC,CAAC;AAE9C;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAkB;IACjD,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC;IACnC,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC;IACxB,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;IACtD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,eAAe,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,IAAI,QAAQ,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,WAAW,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,EAAE,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;IACtD,CAAC;SAAM,IAAI,EAAE,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QACnC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,uBAAuB,IAAI,WAAW,qBAAqB,CAAC,CAAC,YAAY,IAAI,WAAW,SAAS,CAAC,CAAC;IAC7H,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;IAC3E,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,MAAkB,EAAE,QAAgB;IAClE,IAAI,CAAC;QACH,gFAAgF;QAChF,MAAM,KAAK,GAAa;YACtB,qEAAqE;YACrE,EAAE;YACF,cAAc;YACd,mBAAmB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE;YACpE,kBAAkB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE;YAClE,sBAAsB,MAAM,CAAC,UAAU,CAAC,gBAAgB,EAAE;YAC1D,qBAAqB,MAAM,CAAC,UAAU,CAAC,eAAe,EAAE;YACxD,EAAE;YACF,SAAS;YACT,WAAW,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG;YAC/B,sBAAsB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE;YACrE,qBAAqB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE;YACnE,4BAA4B,MAAM,CAAC,KAAK,CAAC,sBAAsB,EAAE;YACjE,yBAAyB,MAAM,CAAC,KAAK,CAAC,kBAAkB,GAAG;YAC3D,EAAE;YACF,WAAW;YACX,gBAAgB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YAC3D,kBAAkB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE;YAC/D,iBAAiB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;YAC7D,EAAE;YACF,WAAW;YACX,qBAAqB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE;YACrE,oBAAoB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;YACnE,uBAAuB,MAAM,CAAC,OAAO,CAAC,gBAAgB,GAAG;YACzD,EAAE;SACH,CAAC;QAEF,sCAAsC;QACtC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;YACxB,KAAK,CAAC,IAAI,CACR,UAAU,EACV,6BAA6B,CAAC,CAAC,uBAAuB,EAAE,EACxD,kBAAkB,CAAC,CAAC,YAAY,EAAE,EAClC,gBAAgB,CAAC,CAAC,SAAS,GAAG,EAC9B,EAAE,EACF,+BAA+B,CAChC,CAAC;YACF,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBACnE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,MAAM,KAAK,EAAE,CAAC,CAAC;YACnC,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;QAED,uCAAuC;QACvC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC;YAC1B,KAAK,CAAC,IAAI,CACR,WAAW,EACX,aAAa,EAAE,CAAC,OAAO,EAAE,EACzB,WAAW,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EACrC,oBAAoB,EAAE,CAAC,cAAc,EAAE,EACvC,EAAE,CACH,CAAC;QACJ,CAAC;QAED,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;IACxD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,oCAAoC,CAAC,CAAC;IAC7G,CAAC;AACH,CAAC"}

package/dist/security/shell-validator.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Shell command parsing and validation utilities.
+ *
+ * Pure functions extracted from PolicyEngine for shell tokenization,
+ * command splitting, base command extraction, and read-only detection.
+ *
+ * These are stateless string parsers with no class dependencies.
+ */
+/**
+ * Tokenize a shell command string into individual arguments.
+ *
+ * Handles POSIX shell quoting rules:
+ * - Double quotes: interprets \\", \\\\, \\$, \\` as escape sequences.
+ * - Single quotes: all characters are literal (no escape sequences).
+ * - Backslash outside quotes: next character is taken literally.
+ * - Whitespace outside quotes: terminates the current token.
+ *
+ * Returns unquoted token values (quotes and escapes are resolved).
+ * Used by validateCommand to extract the base command name, and by
+ * _checkCommandPaths to find path-like arguments.
+ */
+export declare function shellTokenize(input: string): string[];
+/**
+ * Splits command chains on operators (&&, ||, ;, |) while respecting:
+ * - Quoted strings (single and double) -- operators inside quotes are literal.
+ * - Escape sequences -- backslash-escaped characters are not treated as operators.
+ * - Command substitution -- $(...) and backtick blocks are treated as opaque.
+ *   Nested $() is tracked via parenDepth to avoid premature splitting.
+ *
+ * Each returned string is a standalone command to validate independently.
+ */
+export declare function splitChainedCommands(command: string): string[];
+/**
+ * Extracts the base binary name from a command string, respecting quotes
+ * and escape sequences.
+ */
+export declare function extractBaseCommand(command: string): string;
+/**
+ * Determine if a bash command is read-only.
+ */
+export declare function isReadOnlyCommand(command: string): boolean;
+//# sourceMappingURL=shell-validator.d.ts.map

package/dist/security/shell-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shell-validator.d.ts","sourceRoot":"","sources":["../../src/security/shell-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAYH;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAsErD;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAgG9D;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAe1D;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAY1D"}

package/dist/security/shell-validator.js

@@ -0,0 +1,231 @@
+/**
+ * Shell command parsing and validation utilities.
+ *
+ * Pure functions extracted from PolicyEngine for shell tokenization,
+ * command splitting, base command extraction, and read-only detection.
+ *
+ * These are stateless string parsers with no class dependencies.
+ */
+import path from 'node:path';
+/**
+ * Set of commands considered read-only (safe to execute even in dry-run).
+ */
+const READ_ONLY_COMMANDS = new Set([
+    'ls', 'cat', 'head', 'tail', 'grep', 'rg', 'find', 'which', 'pwd',
+    'wc', 'diff', 'file', 'stat', 'echo', 'env', 'printenv', 'date', 'whoami',
+]);
+/**
+ * Tokenize a shell command string into individual arguments.
+ *
+ * Handles POSIX shell quoting rules:
+ * - Double quotes: interprets \\", \\\\, \\$, \\` as escape sequences.
+ * - Single quotes: all characters are literal (no escape sequences).
+ * - Backslash outside quotes: next character is taken literally.
+ * - Whitespace outside quotes: terminates the current token.
+ *
+ * Returns unquoted token values (quotes and escapes are resolved).
+ * Used by validateCommand to extract the base command name, and by
+ * _checkCommandPaths to find path-like arguments.
+ */
+export function shellTokenize(input) {
+    const tokens = [];
+    let current = '';
+    let inToken = false;
+    let i = 0;
+    const finishToken = () => {
+        if (inToken) {
+            tokens.push(current);
+            current = '';
+            inToken = false;
+        }
+    };
+    while (i < input.length) {
+        const ch = input[i];
+        // Whitespace outside quotes ends the current token
+        if (/\s/.test(ch)) {
+            finishToken();
+            i++;
+            continue;
+        }
+        inToken = true;
+        if (ch === '\\' && i + 1 < input.length) {
+            // Backslash escape outside quotes: take next char literally
+            current += input[i + 1];
+            i += 2;
+            continue;
+        }
+        if (ch === '"') {
+            // Double-quoted string: handle \", \\, \$, \`
+            i++; // skip opening "
+            while (i < input.length && input[i] !== '"') {
+                if (input[i] === '\\' && i + 1 < input.length) {
+                    const next = input[i + 1];
+                    if (next === '"' || next === '\\' || next === '$' || next === '`') {
+                        current += next;
+                        i += 2;
+                        continue;
+                    }
+                }
+                current += input[i];
+                i++;
+            }
+            i++; // skip closing "
+            continue;
+        }
+        if (ch === "'") {
+            // Single-quoted string: everything is literal, no escape sequences
+            i++; // skip opening '
+            while (i < input.length && input[i] !== "'") {
+                current += input[i];
+                i++;
+            }
+            i++; // skip closing '
+            continue;
+        }
+        // Regular character
+        current += ch;
+        i++;
+    }
+    finishToken();
+    return tokens;
+}
+/**
+ * Splits command chains on operators (&&, ||, ;, |) while respecting:
+ * - Quoted strings (single and double) -- operators inside quotes are literal.
+ * - Escape sequences -- backslash-escaped characters are not treated as operators.
+ * - Command substitution -- $(...) and backtick blocks are treated as opaque.
+ *   Nested $() is tracked via parenDepth to avoid premature splitting.
+ *
+ * Each returned string is a standalone command to validate independently.
+ */
+export function splitChainedCommands(command) {
+    const commands = [];
+    let current = '';
+    let inQuote = null;
+    let parenDepth = 0; // Track $(...) nesting
+    let backtickDepth = 0;
+    for (let i = 0; i < command.length; i++) {
+        const char = command[i];
+        const nextChar = command[i + 1];
+        // Handle escape sequences
+        if (char === '\\' && !inQuote && i + 1 < command.length) {
+            current += char + (nextChar ?? '');
+            i++;
+            continue;
+        }
+        if (char === '\\' && inQuote === '"' && i + 1 < command.length) {
+            const next = nextChar ?? '';
+            if (next === '"' || next === '\\' || next === '$' || next === '`') {
+                current += char + next;
+                i++;
+                continue;
+            }
+        }
+        // Track quote state
+        if (char === '"' && inQuote !== "'") {
+            inQuote = inQuote === '"' ? null : '"';
+            current += char;
+            continue;
+        }
+        if (char === "'" && inQuote !== '"') {
+            inQuote = inQuote === "'" ? null : "'";
+            current += char;
+            continue;
+        }
+        // Track command substitution: $( ... )
+        if (!inQuote && char === '$' && nextChar === '(') {
+            // Enter command substitution and consume both "$("
+            parenDepth++;
+            current += '$(';
+            i++;
+            continue;
+        }
+        if (!inQuote && parenDepth > 0 && char === '(') {
+            // Nested parentheses inside $(...) - increment depth
+            parenDepth++;
+            current += char;
+            continue;
+        }
+        if (!inQuote && char === ')' && parenDepth > 0) {
+            parenDepth--;
+            current += char;
+            continue;
+        }
+        // Track backtick command substitution
+        if (!inQuote && char === '`') {
+            backtickDepth = backtickDepth > 0 ? 0 : 1;
+            current += char;
+            continue;
+        }
+        // Only split on operators when not inside quotes or substitutions
+        if (!inQuote && parenDepth === 0 && backtickDepth === 0) {
+            if (char === ';') {
+                if (current.trim())
+                    commands.push(current.trim());
+                current = '';
+                continue;
+            }
+            if (char === '&' && nextChar === '&') {
+                if (current.trim())
+                    commands.push(current.trim());
+                current = '';
+                i++; // Skip second &
+                continue;
+            }
+            if (char === '|' && nextChar === '|') {
+                if (current.trim())
+                    commands.push(current.trim());
+                current = '';
+                i++; // Skip second |
+                continue;
+            }
+            if (char === '|') {
+                if (current.trim())
+                    commands.push(current.trim());
+                current = '';
+                continue;
+            }
+        }
+        current += char;
+    }
+    if (current.trim())
+        commands.push(current.trim());
+    return commands;
+}
+/**
+ * Extracts the base binary name from a command string, respecting quotes
+ * and escape sequences.
+ */
+export function extractBaseCommand(command) {
+    const tokens = shellTokenize(command.trim());
+    if (tokens.length === 0)
+        return '';
+    // Skip common variable assignments (e.g., "FOO=bar cmd")
+    let cmdToken = tokens[0];
+    let idx = 0;
+    while (idx < tokens.length && /^[A-Za-z_][A-Za-z0-9_]*=/.test(tokens[idx])) {
+        idx++;
+    }
+    if (idx < tokens.length) {
+        cmdToken = tokens[idx];
+    }
+    return path.basename(cmdToken);
+}
+/**
+ * Determine if a bash command is read-only.
+ */
+export function isReadOnlyCommand(command) {
+    const base = extractBaseCommand(command);
+    if (READ_ONLY_COMMANDS.has(base))
+        return true;
+    // git status, git log, git diff are read-only
+    if (base === 'git') {
+        const parts = command.trim().split(/\s+/);
+        const subCommand = parts[1] ?? '';
+        if (['status', 'log', 'diff', 'show', 'branch', 'remote', 'tag'].includes(subCommand)) {
+            return true;
+        }
+    }
+    return false;
+}
+//# sourceMappingURL=shell-validator.js.map

package/dist/security/shell-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shell-validator.js","sourceRoot":"","sources":["../../src/security/shell-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B;;GAEG;AACH,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK;IACjE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ;CAC1E,CAAC,CAAC;AAEH;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,MAAM,WAAW,GAAG,GAAG,EAAE;QACvB,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrB,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,GAAG,KAAK,CAAC;QAClB,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QACxB,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QAErB,mDAAmD;QACnD,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YAClB,WAAW,EAAE,CAAC;YACd,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,OAAO,GAAG,IAAI,CAAC;QAEf,IAAI,EAAE,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;YACxC,4DAA4D;YAC5D,OAAO,IAAI,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACxB,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,8CAA8C;YAC9C,CAAC,EAAE,CAAC,CAAC,iBAAiB;YACtB,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAC5C,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;oBAC9C,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC;oBAC3B,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;wBAClE,OAAO,IAAI,IAAI,CAAC;wBAChB,CAAC,IAAI,CAAC,CAAC;wBACP,SAAS;oBACX,CAAC;gBACH,CAAC;gBACD,OAAO,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;gBACpB,CAAC,EAAE,CAAC;YACN,CAAC;YACD,CAAC,EAAE,CAAC,CAAC,iBAAiB;YACtB,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,mEAAmE;YACnE,CAAC,EAAE,CAAC,CAAC,iBAAiB;YACtB,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAC5C,OAAO,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;gBACpB,CAAC,EAAE,CAAC;YACN,CAAC;YACD,CAAC,EAAE,CAAC,CAAC,iBAAiB;YACtB,SAAS;QACX,CAAC;QAED,oBAAoB;QACpB,OAAO,IAAI,EAAE,CAAC;QACd,CAAC,EAAE,CAAC;IACN,CAAC;IAED,WAAW,EAAE,CAAC;IACd,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAe;IAClD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,OAAO,GAAkB,IAAI,CAAC;IAClC,IAAI,UAAU,GAAG,CAAC,CAAC,CAAC,uBAAuB;IAC3C,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAEhC,0BAA0B;QAC1B,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;YACxD,OAAO,IAAI,IAAI,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;YACnC,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;YAC/D,MAAM,IAAI,GAAG,QAAQ,IAAI,EAAE,CAAC;YAC5B,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAClE,OAAO,IAAI,IAAI,GAAG,IAAI,CAAC;gBACvB,CAAC,EAAE,CAAC;gBACJ,SAAS;YACX,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,IAAI,KAAK,GAAG,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YACpC,OAAO,GAAG,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;YACvC,OAAO,IAAI,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QACD,IAAI,IAAI,KAAK,GAAG,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YACpC,OAAO,GAAG,OAAO,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;YACvC,OAAO,IAAI,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QAED,uCAAuC;QACvC,IAAI,CAAC,OAAO,IAAI,IAAI,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,EAAE,CAAC;YACjD,mDAAmD;YACnD,UAAU,EAAE,CAAC;YACb,OAAO,IAAI,IAAI,CAAC;YAChB,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,IAAI,CAAC,OAAO,IAAI,UAAU,GAAG,CAAC,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAC/C,qDAAqD;YACrD,UAAU,EAAE,CAAC;YACb,OAAO,IAAI,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QACD,IAAI,CAAC,OAAO,IAAI,IAAI,KAAK,GAAG,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;YAC/C,UAAU,EAAE,CAAC;YACb,OAAO,IAAI,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC,OAAO,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YAC7B,aAAa,GAAG,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,OAAO,IAAI,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QAED,kEAAkE;QAClE,IAAI,CAAC,OAAO,IAAI,UAAU,KAAK,CAAC,IAAI,aAAa,KAAK,CAAC,EAAE,CAAC;YACxD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjB,IAAI,OAAO,CAAC,IAAI,EAAE;oBAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;gBAClD,OAAO,GAAG,EAAE,CAAC;gBACb,SAAS;YACX,CAAC;YACD,IAAI,IAAI,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,EAAE,CAAC;gBACrC,IAAI,OAAO,CAAC,IAAI,EAAE;oBAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;gBAClD,OAAO,GAAG,EAAE,CAAC;gBACb,CAAC,EAAE,CAAC,CAAC,gBAAgB;gBACrB,SAAS;YACX,CAAC;YACD,IAAI,IAAI,KAAK,GAAG,IAAI,QAAQ,KAAK,GAAG,EAAE,CAAC;gBACrC,IAAI,OAAO,CAAC,IAAI,EAAE;oBAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;gBAClD,OAAO,GAAG,EAAE,CAAC;gBACb,CAAC,EAAE,CAAC,CAAC,gBAAgB;gBACrB,SAAS;YACX,CAAC;YACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjB,IAAI,OAAO,CAAC,IAAI,EAAE;oBAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;gBAClD,OAAO,GAAG,EAAE,CAAC;gBACb,SAAS;YACX,CAAC;QACH,CAAC;QAED,OAAO,IAAI,IAAI,CAAC;IAClB,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE;QAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAClD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEnC,yDAAyD;IACzD,IAAI,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAE,CAAC;IAC1B,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,OAAO,GAAG,GAAG,MAAM,CAAC,MAAM,IAAI,0BAA0B,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAE,CAAC,EAAE,CAAC;QAC5E,GAAG,EAAE,CAAC;IACR,CAAC;IACD,IAAI,GAAG,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC;QACxB,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAE,CAAC;IAC1B,CAAC;IAED,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,IAAI,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACzC,IAAI,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,8CAA8C;IAC9C,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QACnB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACtF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/skills/index.d.ts

@@ -2,4 +2,5 @@
  * Skills barrel exports.
  */
 export * from './skill-loader.js';
+export * from './subagent-loader.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/skills/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/skills/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/skills/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,mBAAmB,CAAC;AAClC,cAAc,sBAAsB,CAAC"}

package/dist/skills/index.js

@@ -2,4 +2,5 @@
  * Skills barrel exports.
  */
 export * from './skill-loader.js';
+export * from './subagent-loader.js';
 //# sourceMappingURL=index.js.map

package/dist/skills/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/skills/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/skills/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,cAAc,mBAAmB,CAAC;AAClC,cAAc,sBAAsB,CAAC"}

package/dist/skills/skill-loader.d.ts

@@ -1,15 +1,23 @@
 /**
- * SkillLoader — Scans ~/.claude/skills/ for available skills.
+ * SkillLoader — Scans skill directories for available skills.
  *
- * Zora v0.6: Skills are .claude/skills/<name>/SKILL.md markdown files.
+ * Zora v0.6: Skills are .zora/skills/<name>/SKILL.md markdown files.
  * The SDK loads and invokes them automatically via settingSources.
  * This loader provides CLI introspection (list, info).
+ *
+ * TYPE-09: Three-layer precedence — project > global > built-in.
+ * First-match-wins deduplication ensures project skills override global,
+ * and global overrides built-in.
  */
+export type SkillLayer = 'project' | 'global' | 'builtin';
 export interface SkillInfo {
     name: string;
     description: string;
     path: string;
 }
+export interface LayeredSkillInfo extends SkillInfo {
+    layer: SkillLayer;
+}
 /**
  * Extracts a description from SKILL.md YAML frontmatter.
  */
@@ -22,4 +30,32 @@ export declare function parseSkillFrontmatter(content: string): {
  * @returns Sorted array of SkillInfo
  */
 export declare function loadSkills(skillsDir: string): Promise<SkillInfo[]>;
+/**
+ * Returns the default skill layer directories in precedence order.
+ * 1. Project — `.zora/skills/` relative to cwd
+ * 2. Global — `~/.zora/skills/`
+ * 3. Built-in — `skills/` inside the package root
+ *
+ * @param cwd Override for the current working directory (useful for testing)
+ */
+export declare function getSkillLayers(cwd?: string): Array<{
+    dir: string;
+    layer: SkillLayer;
+}>;
+/**
+ * Loads skills from all three precedence layers (project > global > built-in).
+ * First-match-wins: if a skill name appears in a higher-precedence layer,
+ * the lower-precedence version is excluded.
+ *
+ * @param options.cwd Override for project directory (defaults to process.cwd())
+ * @param options.layers Override the layer directories (useful for testing)
+ * @returns Sorted array of LayeredSkillInfo with layer annotation
+ */
+export declare function loadSkillsLayered(options?: {
+    cwd?: string;
+    layers?: Array<{
+        dir: string;
+        layer: SkillLayer;
+    }>;
+}): Promise<LayeredSkillInfo[]>;
 //# sourceMappingURL=skill-loader.d.ts.map

package/dist/skills/skill-loader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"skill-loader.d.ts","sourceRoot":"","sources":["../../src/skills/skill-loader.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAOH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;CACd;AAID;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,WAAW,EAAE,MAAM,CAAA;CAAE,CAe9E;AAID;;;;GAIG;AACH,wBAAsB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CA6BxE"}
+{"version":3,"file":"skill-loader.d.ts","sourceRoot":"","sources":["../../src/skills/skill-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAQH,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,CAAC;AAE1D,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,gBAAiB,SAAQ,SAAS;IACjD,KAAK,EAAE,UAAU,CAAC;CACnB;AAID;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,WAAW,EAAE,MAAM,CAAA;CAAE,CAe9E;AAID;;;;GAIG;AACH,wBAAsB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,CA6BxE;AAID;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,UAAU,CAAA;CAAE,CAAC,CAUtF;AAqCD;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,CAAC,EAAE;IAChD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,UAAU,CAAA;KAAE,CAAC,CAAC;CACpD,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAgB9B"}

package/dist/skills/skill-loader.js

@@ -1,12 +1,17 @@
 /**
- * SkillLoader — Scans ~/.claude/skills/ for available skills.
+ * SkillLoader — Scans skill directories for available skills.
  *
- * Zora v0.6: Skills are .claude/skills/<name>/SKILL.md markdown files.
+ * Zora v0.6: Skills are .zora/skills/<name>/SKILL.md markdown files.
  * The SDK loads and invokes them automatically via settingSources.
  * This loader provides CLI introspection (list, info).
+ *
+ * TYPE-09: Three-layer precedence — project > global > built-in.
+ * First-match-wins deduplication ensures project skills override global,
+ * and global overrides built-in.
  */
 import fs from 'node:fs/promises';
 import path from 'node:path';
+import os from 'node:os';
 // ─── Frontmatter Parser ─────────────────────────────────────────────
 /**
  * Extracts a description from SKILL.md YAML frontmatter.
@@ -61,4 +66,80 @@ export async function loadSkills(skillsDir) {
     }
     return skills.sort((a, b) => a.name.localeCompare(b.name));
 }
+// ─── Three-Layer Skill Precedence (TYPE-09) ─────────────────────────
+/**
+ * Returns the default skill layer directories in precedence order.
+ * 1. Project — `.zora/skills/` relative to cwd
+ * 2. Global — `~/.zora/skills/`
+ * 3. Built-in — `skills/` inside the package root
+ *
+ * @param cwd Override for the current working directory (useful for testing)
+ */
+export function getSkillLayers(cwd) {
+    const projectDir = path.join(cwd ?? process.cwd(), '.zora', 'skills');
+    const globalDir = path.join(os.homedir(), '.zora', 'skills');
+    const builtinDir = path.resolve(path.join(path.dirname(import.meta.url.replace('file://', '')), '..', 'skills'));
+    return [
+        { dir: projectDir, layer: 'project' },
+        { dir: globalDir, layer: 'global' },
+        { dir: builtinDir, layer: 'builtin' },
+    ];
+}
+/**
+ * Scans a single skills directory and returns LayeredSkillInfo entries.
+ */
+async function scanSkillLayer(skillsDir, layer) {
+    const skills = [];
+    let dirs;
+    try {
+        dirs = await fs.readdir(skillsDir);
+    }
+    catch {
+        return skills; // Directory doesn't exist
+    }
+    for (const dir of dirs) {
+        const skillPath = path.join(skillsDir, dir, 'SKILL.md');
+        try {
+            const stat = await fs.stat(path.join(skillsDir, dir));
+            if (!stat.isDirectory())
+                continue;
+            const content = await fs.readFile(skillPath, 'utf-8');
+            const { description } = parseSkillFrontmatter(content);
+            skills.push({
+                name: dir,
+                description: description || `Skill: ${dir}`,
+                path: skillPath,
+                layer,
+            });
+        }
+        catch {
+            // Skip directories without SKILL.md
+        }
+    }
+    return skills;
+}
+/**
+ * Loads skills from all three precedence layers (project > global > built-in).
+ * First-match-wins: if a skill name appears in a higher-precedence layer,
+ * the lower-precedence version is excluded.
+ *
+ * @param options.cwd Override for project directory (defaults to process.cwd())
+ * @param options.layers Override the layer directories (useful for testing)
+ * @returns Sorted array of LayeredSkillInfo with layer annotation
+ */
+export async function loadSkillsLayered(options) {
+    const layers = options?.layers ?? getSkillLayers(options?.cwd);
+    const seen = new Set();
+    const result = [];
+    for (const { dir, layer } of layers) {
+        const skills = await scanSkillLayer(dir, layer);
+        for (const skill of skills) {
+            if (!seen.has(skill.name)) {
+                seen.add(skill.name);
+                result.push(skill);
+            }
+        }
+    }
+    return result.sort((a, b) => a.name.localeCompare(b.name));
+}
 //# sourceMappingURL=skill-loader.js.map

package/dist/skills/skill-loader.js.map

@@ -1 +1 @@
-{"version":3,"file":"skill-loader.js","sourceRoot":"","sources":["../../src/skills/skill-loader.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAU7B,uEAAuE;AAEvE;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAe;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACrD,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACjB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3C,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;gBAC1B,OAAO,EAAE,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YAC1D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;AAC7B,CAAC;AAED,uEAAuE;AAEvE;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,SAAiB;IAChD,MAAM,MAAM,GAAgB,EAAE,CAAC;IAE/B,IAAI,IAAc,CAAC;IACnB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,CAAC,0BAA0B;IAC3C,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;QACxD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC;YACtD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE;gBAAE,SAAS;YAElC,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACtD,MAAM,EAAE,WAAW,EAAE,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;YACvD,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,GAAG;gBACT,WAAW,EAAE,WAAW,IAAI,UAAU,GAAG,EAAE;gBAC3C,IAAI,EAAE,SAAS;aAChB,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AAC7D,CAAC"}
+{"version":3,"file":"skill-loader.js","sourceRoot":"","sources":["../../src/skills/skill-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAgBzB,uEAAuE;AAEvE;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAe;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACrD,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACjB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3C,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;gBAC1B,OAAO,EAAE,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YAC1D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;AAC7B,CAAC;AAED,uEAAuE;AAEvE;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,SAAiB;IAChD,MAAM,MAAM,GAAgB,EAAE,CAAC;IAE/B,IAAI,IAAc,CAAC;IACnB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,CAAC,0BAA0B;IAC3C,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;QACxD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC;YACtD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE;gBAAE,SAAS;YAElC,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACtD,MAAM,EAAE,WAAW,EAAE,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;YACvD,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,GAAG;gBACT,WAAW,EAAE,WAAW,IAAI,UAAU,GAAG,EAAE;gBAC3C,IAAI,EAAE,SAAS;aAChB,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,uEAAuE;AAEvE;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACtE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEjH,OAAO;QACL,EAAE,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,SAAuB,EAAE;QACnD,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,QAAsB,EAAE;QACjD,EAAE,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,SAAuB,EAAE;KACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,SAAiB,EAAE,KAAiB;IAChE,MAAM,MAAM,GAAuB,EAAE,CAAC;IAEtC,IAAI,IAAc,CAAC;IACnB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,CAAC,0BAA0B;IAC3C,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;QACxD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC;YACtD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE;gBAAE,SAAS;YAElC,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACtD,MAAM,EAAE,WAAW,EAAE,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;YACvD,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,GAAG;gBACT,WAAW,EAAE,WAAW,IAAI,UAAU,GAAG,EAAE;gBAC3C,IAAI,EAAE,SAAS;gBACf,KAAK;aACN,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,OAGvC;IACC,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,cAAc,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAuB,EAAE,CAAC;IAEtC,KAAK,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,MAAM,EAAE,CAAC;QACpC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAChD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AAC7D,CAAC"}