oasr 0.5.1__py3-none-any.whl → 0.6.0__py3-none-any.whl

completions/zsh.sh

@@ -0,0 +1,285 @@
+#compdef oasr
+# oasr completion for zsh
+# This file provides tab completion for the oasr command in zsh.
+#
+# Installation:
+#   Run: oasr completion install
+#   Or manually: Add this file to your fpath and run compinit
+
+_oasr_skills() {
+    local skills
+    skills=(${(f)"$(oasr registry list --quiet 2>/dev/null | grep '^  -' | sed 's/^  - //' | awk '{print $1}')"})
+    _describe 'skill' skills
+}
+
+_oasr_agents() {
+    local agents
+    agents=(
+        'codex:OpenAI Codex agent'
+        'copilot:GitHub Copilot agent'
+        'claude:Anthropic Claude agent'
+        'opencode:OpenCode agent'
+    )
+    _describe 'agent' agents
+}
+
+_oasr_profiles() {
+    local profiles
+    profiles=(${(f)"$(oasr config profiles --names 2>/dev/null)"})
+    _describe 'profile' profiles
+}
+
+_oasr_config_keys() {
+    local keys
+    keys=(
+        'agent:Default agent'
+        'profile:Default policy profile'
+        'adapter.default_targets:Default adapter targets'
+        'validation.strict:Strict validation'
+        'validation.reference_max_lines:Reference max lines'
+        'oasr.completions:Enable completions'
+    )
+    _describe 'config key' keys
+}
+
+_oasr_exec() {
+    _arguments \
+        '--agent[Agent to use]:agent:_oasr_agents' \
+        '--profile[Policy profile]:profile:_oasr_profiles' \
+        '--agent-flags[Additional agent flags]:flags:' \
+        '(-y --yes)'{-y,--yes}'[Skip confirmation]' \
+        '--confirm[Force confirmation] \
+        --unsafe[Pass unsafe agent flags]' \
+        '(-p --prompt)'{-p,--prompt}'[Prompt from file]:file:_files' \
+        '1:skill:_oasr_skills'
+}
+
+_oasr_clone() {
+    _arguments \
+        '(-t --target)'{-t,--target}'[Target directory]:directory:_directories' \
+        '*:skill:_oasr_skills'
+}
+
+_oasr_info() {
+    _arguments \
+        '--files[Show file list]' \
+        '1:skill:_oasr_skills'
+}
+
+_oasr_validate() {
+    _arguments \
+        '*:skill:_oasr_skills'
+}
+
+_oasr_config() {
+    local -a subcommands
+    subcommands=(
+        'set:Set a configuration value'
+        'get:Get a configuration value'
+        'list:List all configuration'
+        'agent:Show agent configuration'
+        'validation:Show validation settings'
+        'adapter:Show adapter settings'
+        'oasr:Show core settings'
+        'profiles:Show profiles'
+        'man:Show config reference'
+        'validate:Validate config file'
+        'path:Show config file path'
+    )
+
+    _arguments -C \
+        '1:subcommand:->subcommand' \
+        '*::arg:->args'
+
+    case $state in
+        subcommand)
+            _describe 'config subcommand' subcommands
+            ;;
+        args)
+            case ${words[1]} in
+                set)
+                    if [ ${#words[@]} -eq 2 ]; then
+                        _oasr_config_keys
+                    elif [ ${#words[@]} -eq 3 ]; then
+                        case ${words[2]} in
+                            agent)
+                                _oasr_agents
+                                ;;
+                            profile|oasr.default_profile)
+                                _oasr_profiles
+                                ;;
+                            validation.strict|oasr.completions)
+                                _values 'boolean' true false
+                                ;;
+                            validation.reference_max_lines)
+                                _message 'integer'
+                                ;;
+                            adapter.default_targets)
+                                _message 'comma-separated list'
+                                ;;
+                        esac
+                    fi
+                    ;;
+                get)
+                    _oasr_config_keys
+                    ;;
+            esac
+            ;;
+    esac
+}
+
+_oasr_profile() {
+    _arguments \
+        '1:profile:_oasr_profiles'
+}
+
+_oasr_registry() {
+    local -a subcommands
+    subcommands=(
+        'add:Add skill to registry'
+        'rm:Remove skill from registry'
+        'sync:Sync remote skills'
+        'list:List registry skills'
+        'validate:Validate registry'
+        'prune:Clean up registry'
+    )
+
+    _arguments -C \
+        '1:subcommand:->subcommand' \
+        '*::arg:->args'
+
+    case $state in
+        subcommand)
+            _describe 'registry subcommand' subcommands
+            ;;
+        args)
+            case ${words[1]} in
+                add)
+                    _alternative \
+                        'directories:directory:_directories' \
+                        'urls:url:(http:// https:// git@)'
+                    ;;
+                rm)
+                    _oasr_skills
+                    ;;
+                prune)
+                    _arguments '--dry-run[Show what would be removed]'
+                    ;;
+            esac
+            ;;
+    esac
+}
+
+_oasr_completion() {
+    local -a shells
+    shells=(
+        'bash:Bash completion'
+        'zsh:Zsh completion'
+        'fish:Fish completion'
+        'powershell:PowerShell completion'
+        'install:Auto-detect and install'
+        'uninstall:Remove completions'
+    )
+
+    _arguments \
+        '--force[Force reinstall]' \
+        '--dry-run[Preview without installing]' \
+        '1:shell:->shell'
+
+    case $state in
+        shell)
+            _describe 'shell' shells
+            ;;
+    esac
+}
+
+_oasr_adapter() {
+    local -a subcommands
+    subcommands=(
+        'list:List adapters'
+        'generate:Generate adapter files'
+    )
+
+    _arguments -C \
+        '1:subcommand:->subcommand' \
+        '*::arg:->args'
+
+    case $state in
+        subcommand)
+            _describe 'adapter subcommand' subcommands
+            ;;
+    esac
+}
+
+_oasr() {
+    local -a commands
+    commands=(
+        'registry:Manage skill registry'
+        'diff:Show tracked skill status'
+        'sync:Refresh tracked skills'
+        'config:Manage configuration'
+        'profile:Select execution profile'
+        'clone:Clone skills to directory'
+        'exec:Execute a skill'
+        'use:DEPRECATED - use clone instead'
+        'find:Find skills recursively'
+        'validate:Validate skills'
+        'clean:Clean up corrupted skills'
+        'adapter:Generate IDE-specific files'
+        'update:Update OASR tool'
+        'info:Show skill information'
+        'help:Show help'
+        'completion:Manage shell completions'
+    )
+
+    _arguments -C \
+        '(--help -h)'{--help,-h}'[Show help]' \
+        '--version[Show version]' \
+        '--config[Config file path]:file:_files' \
+        '--json[JSON output]' \
+        '--quiet[Suppress warnings]' \
+        '1:command:->command' \
+        '*::arg:->args'
+
+    case $state in
+        command)
+            _describe 'oasr command' commands
+            ;;
+        args)
+            case ${words[1]} in
+                exec)
+                    _oasr_exec
+                    ;;
+                profile)
+                    _oasr_profile
+                    ;;
+                clone)
+                    _oasr_clone
+                    ;;
+                info)
+                    _oasr_info
+                    ;;
+                validate)
+                    _oasr_validate
+                    ;;
+                config)
+                    _oasr_config
+                    ;;
+                profile)
+                    _oasr_profile
+                    ;;
+                registry)
+                    _oasr_registry
+                    ;;
+                completion)
+                    _oasr_completion
+                    ;;
+                adapter)
+                    _oasr_adapter
+                    ;;
+            esac
+            ;;
+    esac
+}
+
+_oasr "$@"

config/__init__.py

@@ -14,6 +14,7 @@ import tomli_w
 from config.defaults import DEFAULT_CONFIG
 from config.env import load_env_config, merge_configs
 from config.schema import validate_config
+from profiles.loader import load_profiles
 
 OASR_DIR = Path.home() / ".oasr"
 CONFIG_FILE = OASR_DIR / "config.toml"
@@ -75,6 +76,16 @@ def load_config(config_path: Path | None = None, cli_overrides: dict[str, Any] |
         with open(path, "rb") as f:
             file_config = tomllib.load(f)
 
+    if not isinstance(file_config, dict):
+        file_config = {}
+
+    # Merge profile files with inline profiles (inline wins)
+    inline_profiles = file_config.get("profiles", {})
+    if not isinstance(inline_profiles, dict):
+        inline_profiles = {}
+    merged_profiles = load_profiles(inline_profiles=inline_profiles)
+    file_config["profiles"] = merged_profiles
+
     # Load environment variables
     env_config = load_env_config()
 

config/defaults.py

@@ -2,6 +2,8 @@
 
 from typing import Any
 
+from profiles.builtins import BUILTIN_PROFILES
+
 DEFAULT_CONFIG: dict[str, Any] = {
     "validation": {
         "reference_max_lines": 500,
@@ -15,26 +17,7 @@ DEFAULT_CONFIG: dict[str, Any] = {
     },
     "oasr": {
         "default_profile": "safe",
+        "completions": True,
     },
-    "profiles": {
-        # Built-in safe profile (always available as fallback)
-        "safe": {
-            "fs_read_roots": ["./"],
-            "fs_write_roots": ["./out", "./.oasr"],
-            "deny_paths": [
-                "~/.ssh",
-                "~/.aws",
-                "~/.gnupg",
-                "~/.config",
-                ".env",
-                "~/.bashrc",
-                "~/.zshrc",
-                "~/.profile",
-            ],
-            "allowed_commands": ["rg", "fd", "jq", "cat"],
-            "deny_shell": True,
-            "network": False,
-            "allow_env": False,
-        },
-    },
+    "profiles": {name: values.copy() for name, values in BUILTIN_PROFILES.items()},
 }

config/schema.py

@@ -2,6 +2,8 @@
 
 from typing import Any
 
+from profiles.validation import validate_profiles
+
 VALID_AGENTS = {"codex", "copilot", "claude", "opencode"}
 
 
@@ -80,32 +82,4 @@ def validate_config(config: dict[str, Any]) -> None:
                 raise ValueError("oasr.default_profile must be a string")
 
     if "profiles" in config:
-        if not isinstance(config["profiles"], dict):
-            raise ValueError("profiles must be a table (dictionary)")
-
-        # Validate each profile structure
-        for profile_name, profile_data in config["profiles"].items():
-            if not isinstance(profile_data, dict):
-                raise ValueError(f"Profile '{profile_name}' must be a table (dictionary)")
-
-            # Validate profile fields if present
-            if "fs_read_roots" in profile_data and not isinstance(profile_data["fs_read_roots"], list):
-                raise ValueError(f"Profile '{profile_name}': fs_read_roots must be a list")
-
-            if "fs_write_roots" in profile_data and not isinstance(profile_data["fs_write_roots"], list):
-                raise ValueError(f"Profile '{profile_name}': fs_write_roots must be a list")
-
-            if "deny_paths" in profile_data and not isinstance(profile_data["deny_paths"], list):
-                raise ValueError(f"Profile '{profile_name}': deny_paths must be a list")
-
-            if "allowed_commands" in profile_data and not isinstance(profile_data["allowed_commands"], list):
-                raise ValueError(f"Profile '{profile_name}': allowed_commands must be a list")
-
-            if "deny_shell" in profile_data and not isinstance(profile_data["deny_shell"], bool):
-                raise ValueError(f"Profile '{profile_name}': deny_shell must be a boolean")
-
-            if "network" in profile_data and not isinstance(profile_data["network"], bool):
-                raise ValueError(f"Profile '{profile_name}': network must be a boolean")
-
-            if "allow_env" in profile_data and not isinstance(profile_data["allow_env"], bool):
-                raise ValueError(f"Profile '{profile_name}': allow_env must be a boolean")
+        validate_profiles(config["profiles"])

{oasr-0.5.1.dist-info → oasr-0.6.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: oasr
-Version: 0.5.1
+Version: 0.6.0
 Summary: CLI for managing agent skills across IDE integrations
 Project-URL: Homepage, https://github.com/jgodau/asr
 Project-URL: Repository, https://github.com/jgodau/asr
@@ -210,6 +210,7 @@ Classifier: Topic :: Software Development :: Build Tools
 Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
 Requires-Python: >=3.10
 Requires-Dist: pyyaml>=6.0
+Requires-Dist: questionary>=2.0.1
 Requires-Dist: tomli-w>=1.0.0
 Requires-Dist: tomli>=2.0.0; python_version < '3.11'
 Provides-Extra: dev
@@ -219,7 +220,7 @@ Description-Content-Type: text/markdown
 
 # OASR
 
-**Open Agent Skill Registry** — Manage reusable AI agent skills across IDEs without drift.
+**Open Agent Skill Registry** — Register, sync, and reuse AI agent skills across IDEs with a single source of truth.
 
 ---
 
@@ -229,16 +230,22 @@ You've built useful skills for your AI coding assistant. They work great in Curs
 
 Each tool expects skills in different locations with different formats:
 
-- Cursor: `.cursor/skills/`
-- Windsurf: `.windsurf/skills/`
+- Cursor: `.cursor/commands/`
+- Windsurf: `.windsurf/workflows/`
 - Claude: `.claude/commands/`
-- Copilot: `.github/.md`
+- Copilot: `.github/prompts/`
 
 So you copy your skills everywhere. Then you improve one. Now the copies are stale. You forget which version is current. Some break silently. This is **skill drift**.
 
 ## The Solution
 
-ASR keeps your skills in one place and generates thin adapters for each IDE.
+ASR keeps your skills in a registry, syncs local and remote sources, and generates thin adapters for each IDE.
+It also lets you execute skills safely with policy profiles.
+
+Key capabilities:
+- Register skills once (local folders or GitHub/GitLab URLs)
+- Sync and track drift across sources
+- Generate IDE adapters and run skills via `oasr exec`
 
 ```text
 ┌─────────────────────────────────────────────────────────┐
@@ -267,12 +274,15 @@ No copying. No drift. One source of truth.
 
 ```bash
 # Register local skills
-oasr add ~/skills/git-commit
-oasr add ~/skills/code-review
+oasr registry add ~/skills/git-commit
+oasr registry add ~/skills/code-review
+
+# List registered skills
+oasr registry list
 
 # Register remote skills from GitHub/GitLab
-oasr add https://github.com/user/skills-repo/tree/main/my-skill
-oasr add https://gitlab.com/org/project/tree/main/cool-skill
+oasr registry add https://github.com/user/skills-repo/tree/main/my-skill
+oasr registry add https://gitlab.com/org/project/tree/main/cool-skill
 
 # Generate adapters for a project
 oasr adapter --output-dir ~/projects/my-app
@@ -294,16 +304,16 @@ ASR supports registering skills directly from GitHub and GitLab repositories:
 
 ```bash
 # Add a skill from GitHub
-oasr add https://github.com/user/repo/tree/main/skills/my-skill
+oasr registry add https://github.com/user/repo/tree/main/skills/my-skill
 
 # Add a skill from GitLab
-oasr add https://gitlab.com/org/project/tree/dev/cool-skill
+oasr registry add https://gitlab.com/org/project/tree/dev/cool-skill
 
 # Sync remote skills (check for updates)
-oasr sync
+oasr registry sync
 
 # Use remote skills
-oasr use my-skill -d ./output
+oasr clone my-skill -d ./output
 ```
 
 **Authentication** (optional, for private repos and higher rate limits):
@@ -313,7 +323,27 @@ export GITHUB_TOKEN=ghp_your_token_here
 export GITLAB_TOKEN=glpat_your_token_here
 ```
 
-Remote skills are fetched on-demand during `adapter` and `use` operations. The registry stores the URL, and `sync` checks if the remote source has changed.
+Remote skills are fetched on-demand during `adapter` and `clone` operations. The registry stores the URL, and `oasr registry sync` checks if the remote source has changed.
+
+---
+
+## Shell Completions
+
+OASR supports intelligent tab completion for Bash, Zsh, Fish, and PowerShell:
+
+```bash
+# Install for your current shell
+oasr completion install
+
+# Now try it:
+oasr <TAB>          # Complete commands
+oasr info <TAB>     # Complete skill names
+oasr exec --<TAB>   # Complete flags
+```
+
+Completions are **dynamic** — skill names, agents, and profiles are fetched live from your registry.
+
+See [`oasr completion --help`](docs/commands/COMPLETION.md) for details.
 
 ---
 
@@ -325,7 +355,7 @@ Remote skills are fetched on-demand during `adapter` and `use` operations. The r
 
 ---
 
-## Supported `asr adapter` IDEs
+## Supported `oasr adapter` IDEs
 
 | IDE            | Adapter    | Output                        |
 |----------------|------------|-------------------------------|
@@ -347,11 +377,11 @@ See [LICENSE](LICENSE).
 
 | Command | Screenshot |
 |---------|-----------|
-| **oasr list** | ![list](docs/.images/list.png) |
-| **oasr add** (local) | ![add](docs/.images/add.png) |
-| **oasr add** (remote) | ![add-remote](docs/.images/add-remote.png) |
-| **oasr sync** | ![sync](docs/.images/sync.png) |
-| **oasr status** | ![status](docs/.images/status.png) |
+| **oasr registry list** | ![list](docs/.images/list.png) |
+| **oasr registry add** (local) | ![add](docs/.images/add.png) |
+| **oasr registry add** (remote) | ![add-remote](docs/.images/add-remote.png) |
+| **oasr registry sync** | ![sync](docs/.images/sync.png) |
+| **oasr registry -v** | ![status](docs/.images/status.png) |
 | **oasr find** | ![find](docs/.images/find.png) |
 | **oasr adapter** | ![adapter](docs/.images/adapter.png) |
 

{oasr-0.5.1.dist-info → oasr-0.6.0.dist-info}/RECORD

@@ -1,7 +1,7 @@
 __init__.py,sha256=cYuwXNht5J2GDPEbHz57rmXRyWzaUgAaCXz8okR0rKE,84
 __main__.py,sha256=Due_Us-4KNlLZhf8MkmoP1hWS5qMWmpZvz2ZaCqPHT4,120
 adapter.py,sha256=WEpYkKDTb7We0zU9i6Z-r5ydtUdghNhxTZ5Eq58h4fU,10027
-cli.py,sha256=xghN20mgfEeh3vR_Vaiv0i2f1MBN6gk8J0uU3kXRK8g,2672
+cli.py,sha256=gJLlOplekDkoFKceG3D5tXZ8m0Jm8tnOu0x9n1y2MW0,2883
 discovery.py,sha256=WWF8SN2LH88mOUBJLavM7rvXcxi6uDQGpqRK20GysxA,3298
 manifest.py,sha256=feNCjkFWfhoVubevKjLtKoIEuzT1YGQn6wWgs9XM8_o,12229
 registry.py,sha256=zGutwVP39xaYqc3KDEXMWCV1tORYpqc5JISO8OaWP1Q,4470
@@ -16,45 +16,59 @@ adapters/copilot.py,sha256=090aS0N7SApSK5kcmm2xErjyUmEsOMrj0n36B0M3fAM,7274
 adapters/cursor.py,sha256=BoS3Xo_hZyV4zrZKpNjDAaeGmJPTn_j_GI5QXuW5AOo,2244
 adapters/windsurf.py,sha256=VZidyuFxiHQWl64w0-OgUsfdWeGXV7bf7_XYkiGchyw,2369
 agents/__init__.py,sha256=Dwdwzb01DM2ZJ5pZBsbLPUYRM4Emai7p3oeayiYcj1w,546
-agents/base.py,sha256=ALFkXkKs0IBoZKrEjFoNL_GRa7Wt_DC783UMo-6NOFA,2872
-agents/claude.py,sha256=csZ1efZ6GFyaLNHDszKF6hCzJQBiebnx1gmGktpw7DI,676
-agents/codex.py,sha256=t7VVVyln_OjbLP1RQzL-x7PJ1C6grVbDCKddI84kre4,674
-agents/copilot.py,sha256=kfBk59WXOGd2ZIBBI74kT1WCNH3jFyrOg_HhIkAGG64,697
-agents/opencode.py,sha256=fbBAqJhUg0uk6wrhC3SwaE5X27Qej96p9QgVAPpty8w,702
+agents/base.py,sha256=NBBhpJ4KMBLpi8UjGWaKNx9RNJkSxpobDq2LzIa0EYw,3213
+agents/claude.py,sha256=J3LIha5npufT0dD5ZK2eWvM7BZjb615QYHGu-C-pFXI,857
+agents/codex.py,sha256=tYZQEJCLPTxm8zlpwxADyZEbz9EAWmZPrJM3CPRX6lI,853
+agents/copilot.py,sha256=5gieLBlXcpHu6Ci5JZo2QwJoSKeD-Xprb7nCtU3ODXU,878
+agents/opencode.py,sha256=wTUF2_1jaitQkxjs7oRgvpRmdtyOlLBdvLdJRAMdjAw,881
 agents/registry.py,sha256=i6YUAdNUXq1LNqLDNqSg2RlHxqF5Ig5Z40ryteXoLu4,1434
 commands/__init__.py,sha256=g_ZxSKLVZwCVAPpn-Ga_gj53BS2473SOg72ivGph--U,147
 commands/adapter.py,sha256=_68v3t-dRU0mszzL4udKs1bKennyg7RfBTaK2fDGTsE,3215
 commands/add.py,sha256=NJLQ-8-3zy7o6S9VLfL_wauP-Vz0oNGwN3nvtiwxNYM,15255
 commands/clean.py,sha256=RQBAfe6iCLsjMqUyVR55JdYX9MBqgrUuIrA8rFKs1J0,1102
 commands/clone.py,sha256=4APH34-yHjiXQIQwBnKOSEQ_sxV24_GKypcOJMfncvs,5912
-commands/config.py,sha256=4kzDEjVpwrmMPK_DPYePdQe2lGh_b8waYORZDHCDYZw,6976
+commands/completion.py,sha256=Y2KshaJ64vI1fcTR5z2KTJT7u9PPK_w8qMf5HK_q9ns,8570
+commands/config.py,sha256=zUh65j4N1R5ikRst18eKCvGFQWnhm7fphu314J9lLpo,15211
 commands/diff.py,sha256=37JMjvfAEfvK7-4X5iFbD-IGkS8ae4YSY7ZDIZF5B9E,5766
-commands/exec.py,sha256=zFmxxclpHQF39sqDpR5436XQiEYo334BGcQ5a8gbR9I,8711
+commands/exec.py,sha256=rO18v7HOcJ9FQ71OHcR4Pplj_YTDD9Z6GxfoWGpK0f0,9518
 commands/find.py,sha256=zgqwUnaG5aLX6gJIU2ZeQzxsFh2s7oDNNtmV-e-62Jg,1663
 commands/help.py,sha256=5yhIpgGs1xPs2f39lg-ELE7D0tV_uUTjxQsgkWusIwo,1449
 commands/info.py,sha256=zywaUQsrvcPXcX8W49P7Jqnr90pX8nBPqnH1XcIs0Uk,4396
 commands/list.py,sha256=P3E_PItNoqAStNTcLCY7dV-Db2_Yb7TRCYXgP4G19rQ,3185
+commands/profile.py,sha256=bjfdXJ6HeM8NRSsEn4t4kbHxSK0o6M3fHc7Cr9RH90U,2732
 commands/registry.py,sha256=nerDoR0Uvd_2WlDMQZshJunMW31HsENklAy19A00x4U,16065
 commands/rm.py,sha256=bOPXgifAbgx7kp4ZuNanJbv4wP1l1sIsI8vD6Rlgi8g,4160
 commands/status.py,sha256=8si3iEVu0AUE2qojSCVoU0BLwpLm4UiFyY-Ln7Uo36k,3944
 commands/sync.py,sha256=ZQoB5hBqrzvM6LUQVlKqHQVJib4dB5qe5M-pVG2vtGM,4946
-commands/update.py,sha256=bOWjdTNyeYg-hvXv5GfUzEtsTA7gU9JLM592GI9Oq68,11939
+commands/update.py,sha256=gWBBETMxi1ZQ3BV049eAkA_AuCEvvjA9FRzIOBpwdb4,15062
 commands/use.py,sha256=ggB28g2BDg3Lv3nF40wnDAJ7p0mo6C1pc1KgahvQYXM,1452
 commands/validate.py,sha256=Y8TLHxW4Z98onmzu-h-kDIET-48lVaIdQXOvuyBemLw,2361
-config/__init__.py,sha256=glSjT1_y4aOfhZ8odrUWCGF1hBbY_huTjVp6suepHDY,3647
-config/defaults.py,sha256=JfCltQYoE7EqBYlxsNrSITLmwifTvRrJe5lqL0Ys7Cs,986
+completions/__init__.py,sha256=cLGMHifEf91ElOIMSVffVWcifjGZ7oStb0Ot4ivLmmE,41
+completions/bash.sh,sha256=2gk60fm17lPfBddpOvO0c8o0anGmqzbVrtic9pabjnQ,6647
+completions/fish.fish,sha256=N2xXseX2djUNRGDs9TaUNU6YltmNT0PSEK0rYJJSuXc,10160
+completions/powershell.ps1,sha256=m-EsgUpyvg1-wO6Afo2QnmHkzdmBfetDUMgaHn4vlO4,7614
+completions/zsh.sh,sha256=XZRLOEi2_grWACeGiDeucsnyFlKwx_SuU7RMBOPe7Ng,7624
+config/__init__.py,sha256=KcrfpKlWkDqVYooupSqMcfYstUDMpVgdSeOJv38nGS0,4063
+config/defaults.py,sha256=1M5rxaOV-51vKAX_CaUZ8-AFL0vnklqYQeo7BpbOsJ8,525
 config/env.py,sha256=WgnQXjhfvV7m1oxZCK9WdIX_rqLy_-BOSuPjbpjdI1c,7163
-config/schema.py,sha256=VlvmiYWjU2hExBJfME90Oyqp-H4OHcUs_hvvp54K9jA,4498
+config/schema.py,sha256=kQ1EeepRHjjf4dy9y_qRw7DKEEjeTtyvzd2MZLSIAYY,2816
 policy/__init__.py,sha256=0sPJaruOyc9ioNyIcrTW72RgpaE64FgibS0h5mQELb8,1353
-policy/defaults.py,sha256=9GMQM2l2OKTmhXlKwyTfcICR5vD9qEvyvqaR5KrN7ZI,620
+policy/defaults.py,sha256=7DHRzeW79pEPx7x0_8dTmaFz9cpCosmto_yzb-cpMDs,233
 policy/enforcement.py,sha256=djsosjjfdyr0SjnHF2kz4u3glvMNgd1CJztN6yZE-fM,2749
-policy/profile.py,sha256=WDKaUagsWnBPGz5a_OOcxTsdZ66WjaIaR0R7ITVqy8g,6790
+policy/profile.py,sha256=j9C4Ut5Hwa6DotbbFR1ggmDPVmEC4dNMW7D4oxz2kxM,6839
+profiles/__init__.py,sha256=IqlTPlQdKibdLFMbYIk_tpn_B7dmMSnPhN_OJwPzgAo,760
+profiles/builtins.py,sha256=cu3lvUIUZw-OxEYJgGQeDJvQMPuwTnJqxYTOvnf5oiM,1430
+profiles/loader.py,sha256=n6FJm1r_PhAtuCVlIom2I3yqxnTQUryU8b7ggYyUJjI,2487
+profiles/paths.py,sha256=l0TbuVOOLrJBXOR-BAnxxA__2wZ9rHDTNHANTK1xafo,536
+profiles/registry.py,sha256=hkLUXaN-57iAxQtTwnDkHzLrzl3HTJPF44JcBfg_rjg,659
+profiles/summary.py,sha256=jLbmROC4TqyUJgswsn73rJqPkYq0YmAoKKoWxx5XBRg,853
+profiles/validation.py,sha256=J9pZBs9l-PpNmYoRdn43UhA07FSDM8EdGpZMpsTikvY,1920
 skillcopy/__init__.py,sha256=YUglUkDzKfnCt4ar_DU33ksI9fGyn2UYbV7qn2c_BcU,2322
 skillcopy/local.py,sha256=QH6484dCenjg8pfNOyTRbQQBklEWhkkTnfQok5ssf_4,1049
 skillcopy/remote.py,sha256=83jRA2VfjtSDGO-YM1x3WGJjKvWzK1RmSTL7SdUOz8s,3155
-oasr-0.5.1.dist-info/METADATA,sha256=fAfdWjbFnZGfRpQ7gJx1IgpKLbaXgpFZz6ddjdzumxc,17924
-oasr-0.5.1.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-oasr-0.5.1.dist-info/entry_points.txt,sha256=VnMuOi6XYMbzAD2bP0X5uV1sQXjOqoDWJ33Lsxwq8u8,52
-oasr-0.5.1.dist-info/licenses/LICENSE,sha256=nQ1j9Ldb8FlJ-z7y2WuXPIlyfnYC7YPasjGdOBgcfP4,10561
-oasr-0.5.1.dist-info/licenses/NOTICE,sha256=EsfkCN0ZRDS0oj3ADvMKeKrAXaPlC8YfpSjvjGVv9jE,207
-oasr-0.5.1.dist-info/RECORD,,
+oasr-0.6.0.dist-info/METADATA,sha256=ueWMiIfDSfj_PC73af_g5NRMgGcVaxiEYU_YM9k-3Fo,18919
+oasr-0.6.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+oasr-0.6.0.dist-info/entry_points.txt,sha256=VnMuOi6XYMbzAD2bP0X5uV1sQXjOqoDWJ33Lsxwq8u8,52
+oasr-0.6.0.dist-info/licenses/LICENSE,sha256=nQ1j9Ldb8FlJ-z7y2WuXPIlyfnYC7YPasjGdOBgcfP4,10561
+oasr-0.6.0.dist-info/licenses/NOTICE,sha256=EsfkCN0ZRDS0oj3ADvMKeKrAXaPlC8YfpSjvjGVv9jE,207
+oasr-0.6.0.dist-info/RECORD,,

policy/defaults.py

@@ -6,22 +6,6 @@ Conservative defaults that fail closed. Used when:
 - Config parsing errors occur
 """
 
-# Safe default profile - conservative and restrictive
-SAFE = {
-    "fs_read_roots": ["./"],
-    "fs_write_roots": ["./out", "./.oasr"],
-    "deny_paths": [
-        "~/.ssh",
-        "~/.aws",
-        "~/.gnupg",
-        "~/.config",
-        ".env",
-        "~/.bashrc",
-        "~/.zshrc",
-        "~/.profile",
-    ],
-    "allowed_commands": ["rg", "fd", "jq", "cat"],
-    "deny_shell": True,
-    "network": False,
-    "allow_env": False,
-}
+from profiles.builtins import SAFE
+
+__all__ = ["SAFE"]