oasr 0.5.2__py3-none-any.whl → 0.6.0__py3-none-any.whl

{oasr-0.5.2.dist-info → oasr-0.6.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: oasr
-Version: 0.5.2
+Version: 0.6.0
 Summary: CLI for managing agent skills across IDE integrations
 Project-URL: Homepage, https://github.com/jgodau/asr
 Project-URL: Repository, https://github.com/jgodau/asr
@@ -210,6 +210,7 @@ Classifier: Topic :: Software Development :: Build Tools
 Classifier: Topic :: Software Development :: Libraries :: Application Frameworks
 Requires-Python: >=3.10
 Requires-Dist: pyyaml>=6.0
+Requires-Dist: questionary>=2.0.1
 Requires-Dist: tomli-w>=1.0.0
 Requires-Dist: tomli>=2.0.0; python_version < '3.11'
 Provides-Extra: dev
@@ -219,7 +220,7 @@ Description-Content-Type: text/markdown
 
 # OASR
 
-**Open Agent Skill Registry** — Manage reusable AI agent skills across IDEs without drift.
+**Open Agent Skill Registry** — Register, sync, and reuse AI agent skills across IDEs with a single source of truth.
 
 ---
 
@@ -229,16 +230,22 @@ You've built useful skills for your AI coding assistant. They work great in Curs
 
 Each tool expects skills in different locations with different formats:
 
-- Cursor: `.cursor/skills/`
-- Windsurf: `.windsurf/skills/`
+- Cursor: `.cursor/commands/`
+- Windsurf: `.windsurf/workflows/`
 - Claude: `.claude/commands/`
-- Copilot: `.github/.md`
+- Copilot: `.github/prompts/`
 
 So you copy your skills everywhere. Then you improve one. Now the copies are stale. You forget which version is current. Some break silently. This is **skill drift**.
 
 ## The Solution
 
-ASR keeps your skills in one place and generates thin adapters for each IDE.
+ASR keeps your skills in a registry, syncs local and remote sources, and generates thin adapters for each IDE.
+It also lets you execute skills safely with policy profiles.
+
+Key capabilities:
+- Register skills once (local folders or GitHub/GitLab URLs)
+- Sync and track drift across sources
+- Generate IDE adapters and run skills via `oasr exec`
 
 ```text
 ┌─────────────────────────────────────────────────────────┐
@@ -267,12 +274,15 @@ No copying. No drift. One source of truth.
 
 ```bash
 # Register local skills
-oasr add ~/skills/git-commit
-oasr add ~/skills/code-review
+oasr registry add ~/skills/git-commit
+oasr registry add ~/skills/code-review
+
+# List registered skills
+oasr registry list
 
 # Register remote skills from GitHub/GitLab
-oasr add https://github.com/user/skills-repo/tree/main/my-skill
-oasr add https://gitlab.com/org/project/tree/main/cool-skill
+oasr registry add https://github.com/user/skills-repo/tree/main/my-skill
+oasr registry add https://gitlab.com/org/project/tree/main/cool-skill
 
 # Generate adapters for a project
 oasr adapter --output-dir ~/projects/my-app
@@ -294,16 +304,16 @@ ASR supports registering skills directly from GitHub and GitLab repositories:
 
 ```bash
 # Add a skill from GitHub
-oasr add https://github.com/user/repo/tree/main/skills/my-skill
+oasr registry add https://github.com/user/repo/tree/main/skills/my-skill
 
 # Add a skill from GitLab
-oasr add https://gitlab.com/org/project/tree/dev/cool-skill
+oasr registry add https://gitlab.com/org/project/tree/dev/cool-skill
 
 # Sync remote skills (check for updates)
-oasr sync
+oasr registry sync
 
 # Use remote skills
-oasr use my-skill -d ./output
+oasr clone my-skill -d ./output
 ```
 
 **Authentication** (optional, for private repos and higher rate limits):
@@ -313,7 +323,7 @@ export GITHUB_TOKEN=ghp_your_token_here
 export GITLAB_TOKEN=glpat_your_token_here
 ```
 
-Remote skills are fetched on-demand during `adapter` and `use` operations. The registry stores the URL, and `sync` checks if the remote source has changed.
+Remote skills are fetched on-demand during `adapter` and `clone` operations. The registry stores the URL, and `oasr registry sync` checks if the remote source has changed.
 
 ---
 
@@ -345,7 +355,7 @@ See [`oasr completion --help`](docs/commands/COMPLETION.md) for details.
 
 ---
 
-## Supported `asr adapter` IDEs
+## Supported `oasr adapter` IDEs
 
 | IDE            | Adapter    | Output                        |
 |----------------|------------|-------------------------------|
@@ -367,11 +377,11 @@ See [LICENSE](LICENSE).
 
 | Command | Screenshot |
 |---------|-----------|
-| **oasr list** | ![list](docs/.images/list.png) |
-| **oasr add** (local) | ![add](docs/.images/add.png) |
-| **oasr add** (remote) | ![add-remote](docs/.images/add-remote.png) |
-| **oasr sync** | ![sync](docs/.images/sync.png) |
-| **oasr status** | ![status](docs/.images/status.png) |
+| **oasr registry list** | ![list](docs/.images/list.png) |
+| **oasr registry add** (local) | ![add](docs/.images/add.png) |
+| **oasr registry add** (remote) | ![add-remote](docs/.images/add-remote.png) |
+| **oasr registry sync** | ![sync](docs/.images/sync.png) |
+| **oasr registry -v** | ![status](docs/.images/status.png) |
 | **oasr find** | ![find](docs/.images/find.png) |
 | **oasr adapter** | ![adapter](docs/.images/adapter.png) |
 

{oasr-0.5.2.dist-info → oasr-0.6.0.dist-info}/RECORD

@@ -1,7 +1,7 @@
 __init__.py,sha256=cYuwXNht5J2GDPEbHz57rmXRyWzaUgAaCXz8okR0rKE,84
 __main__.py,sha256=Due_Us-4KNlLZhf8MkmoP1hWS5qMWmpZvz2ZaCqPHT4,120
 adapter.py,sha256=WEpYkKDTb7We0zU9i6Z-r5ydtUdghNhxTZ5Eq58h4fU,10027
-cli.py,sha256=LQg93XqUurMvcga2gV6sebv2RXGqfwDNvCN_UOLeTUc,2820
+cli.py,sha256=gJLlOplekDkoFKceG3D5tXZ8m0Jm8tnOu0x9n1y2MW0,2883
 discovery.py,sha256=WWF8SN2LH88mOUBJLavM7rvXcxi6uDQGpqRK20GysxA,3298
 manifest.py,sha256=feNCjkFWfhoVubevKjLtKoIEuzT1YGQn6wWgs9XM8_o,12229
 registry.py,sha256=zGutwVP39xaYqc3KDEXMWCV1tORYpqc5JISO8OaWP1Q,4470
@@ -16,11 +16,11 @@ adapters/copilot.py,sha256=090aS0N7SApSK5kcmm2xErjyUmEsOMrj0n36B0M3fAM,7274
 adapters/cursor.py,sha256=BoS3Xo_hZyV4zrZKpNjDAaeGmJPTn_j_GI5QXuW5AOo,2244
 adapters/windsurf.py,sha256=VZidyuFxiHQWl64w0-OgUsfdWeGXV7bf7_XYkiGchyw,2369
 agents/__init__.py,sha256=Dwdwzb01DM2ZJ5pZBsbLPUYRM4Emai7p3oeayiYcj1w,546
-agents/base.py,sha256=ALFkXkKs0IBoZKrEjFoNL_GRa7Wt_DC783UMo-6NOFA,2872
-agents/claude.py,sha256=csZ1efZ6GFyaLNHDszKF6hCzJQBiebnx1gmGktpw7DI,676
-agents/codex.py,sha256=t7VVVyln_OjbLP1RQzL-x7PJ1C6grVbDCKddI84kre4,674
-agents/copilot.py,sha256=kfBk59WXOGd2ZIBBI74kT1WCNH3jFyrOg_HhIkAGG64,697
-agents/opencode.py,sha256=fbBAqJhUg0uk6wrhC3SwaE5X27Qej96p9QgVAPpty8w,702
+agents/base.py,sha256=NBBhpJ4KMBLpi8UjGWaKNx9RNJkSxpobDq2LzIa0EYw,3213
+agents/claude.py,sha256=J3LIha5npufT0dD5ZK2eWvM7BZjb615QYHGu-C-pFXI,857
+agents/codex.py,sha256=tYZQEJCLPTxm8zlpwxADyZEbz9EAWmZPrJM3CPRX6lI,853
+agents/copilot.py,sha256=5gieLBlXcpHu6Ci5JZo2QwJoSKeD-Xprb7nCtU3ODXU,878
+agents/opencode.py,sha256=wTUF2_1jaitQkxjs7oRgvpRmdtyOlLBdvLdJRAMdjAw,881
 agents/registry.py,sha256=i6YUAdNUXq1LNqLDNqSg2RlHxqF5Ig5Z40ryteXoLu4,1434
 commands/__init__.py,sha256=g_ZxSKLVZwCVAPpn-Ga_gj53BS2473SOg72ivGph--U,147
 commands/adapter.py,sha256=_68v3t-dRU0mszzL4udKs1bKennyg7RfBTaK2fDGTsE,3215
@@ -28,39 +28,47 @@ commands/add.py,sha256=NJLQ-8-3zy7o6S9VLfL_wauP-Vz0oNGwN3nvtiwxNYM,15255
 commands/clean.py,sha256=RQBAfe6iCLsjMqUyVR55JdYX9MBqgrUuIrA8rFKs1J0,1102
 commands/clone.py,sha256=4APH34-yHjiXQIQwBnKOSEQ_sxV24_GKypcOJMfncvs,5912
 commands/completion.py,sha256=Y2KshaJ64vI1fcTR5z2KTJT7u9PPK_w8qMf5HK_q9ns,8570
-commands/config.py,sha256=4kzDEjVpwrmMPK_DPYePdQe2lGh_b8waYORZDHCDYZw,6976
+commands/config.py,sha256=zUh65j4N1R5ikRst18eKCvGFQWnhm7fphu314J9lLpo,15211
 commands/diff.py,sha256=37JMjvfAEfvK7-4X5iFbD-IGkS8ae4YSY7ZDIZF5B9E,5766
-commands/exec.py,sha256=zFmxxclpHQF39sqDpR5436XQiEYo334BGcQ5a8gbR9I,8711
+commands/exec.py,sha256=rO18v7HOcJ9FQ71OHcR4Pplj_YTDD9Z6GxfoWGpK0f0,9518
 commands/find.py,sha256=zgqwUnaG5aLX6gJIU2ZeQzxsFh2s7oDNNtmV-e-62Jg,1663
 commands/help.py,sha256=5yhIpgGs1xPs2f39lg-ELE7D0tV_uUTjxQsgkWusIwo,1449
 commands/info.py,sha256=zywaUQsrvcPXcX8W49P7Jqnr90pX8nBPqnH1XcIs0Uk,4396
 commands/list.py,sha256=P3E_PItNoqAStNTcLCY7dV-Db2_Yb7TRCYXgP4G19rQ,3185
+commands/profile.py,sha256=bjfdXJ6HeM8NRSsEn4t4kbHxSK0o6M3fHc7Cr9RH90U,2732
 commands/registry.py,sha256=nerDoR0Uvd_2WlDMQZshJunMW31HsENklAy19A00x4U,16065
 commands/rm.py,sha256=bOPXgifAbgx7kp4ZuNanJbv4wP1l1sIsI8vD6Rlgi8g,4160
 commands/status.py,sha256=8si3iEVu0AUE2qojSCVoU0BLwpLm4UiFyY-Ln7Uo36k,3944
 commands/sync.py,sha256=ZQoB5hBqrzvM6LUQVlKqHQVJib4dB5qe5M-pVG2vtGM,4946
-commands/update.py,sha256=bOWjdTNyeYg-hvXv5GfUzEtsTA7gU9JLM592GI9Oq68,11939
+commands/update.py,sha256=gWBBETMxi1ZQ3BV049eAkA_AuCEvvjA9FRzIOBpwdb4,15062
 commands/use.py,sha256=ggB28g2BDg3Lv3nF40wnDAJ7p0mo6C1pc1KgahvQYXM,1452
 commands/validate.py,sha256=Y8TLHxW4Z98onmzu-h-kDIET-48lVaIdQXOvuyBemLw,2361
 completions/__init__.py,sha256=cLGMHifEf91ElOIMSVffVWcifjGZ7oStb0Ot4ivLmmE,41
-completions/bash.sh,sha256=gqwuOqUDayPQ5_fHUtttJ_AK-Jef-vgSkUATbbtJBic,6169
-completions/fish.fish,sha256=LXUPp3Ad8aJ7j9m_xlX9Ej9H-3xLUhhMSzsB02oH8Vw,8042
-completions/powershell.ps1,sha256=dRtY-w8Hd3EmmJTtoDdkYzFN6tYiUtCeuu0pufUFsps,4210
-completions/zsh.sh,sha256=Pt-jfSHy8Q5kRtn314ejmP3_VCQGzcHAmK_buOKE4JI,6751
-config/__init__.py,sha256=glSjT1_y4aOfhZ8odrUWCGF1hBbY_huTjVp6suepHDY,3647
-config/defaults.py,sha256=JfCltQYoE7EqBYlxsNrSITLmwifTvRrJe5lqL0Ys7Cs,986
+completions/bash.sh,sha256=2gk60fm17lPfBddpOvO0c8o0anGmqzbVrtic9pabjnQ,6647
+completions/fish.fish,sha256=N2xXseX2djUNRGDs9TaUNU6YltmNT0PSEK0rYJJSuXc,10160
+completions/powershell.ps1,sha256=m-EsgUpyvg1-wO6Afo2QnmHkzdmBfetDUMgaHn4vlO4,7614
+completions/zsh.sh,sha256=XZRLOEi2_grWACeGiDeucsnyFlKwx_SuU7RMBOPe7Ng,7624
+config/__init__.py,sha256=KcrfpKlWkDqVYooupSqMcfYstUDMpVgdSeOJv38nGS0,4063
+config/defaults.py,sha256=1M5rxaOV-51vKAX_CaUZ8-AFL0vnklqYQeo7BpbOsJ8,525
 config/env.py,sha256=WgnQXjhfvV7m1oxZCK9WdIX_rqLy_-BOSuPjbpjdI1c,7163
-config/schema.py,sha256=VlvmiYWjU2hExBJfME90Oyqp-H4OHcUs_hvvp54K9jA,4498
+config/schema.py,sha256=kQ1EeepRHjjf4dy9y_qRw7DKEEjeTtyvzd2MZLSIAYY,2816
 policy/__init__.py,sha256=0sPJaruOyc9ioNyIcrTW72RgpaE64FgibS0h5mQELb8,1353
-policy/defaults.py,sha256=9GMQM2l2OKTmhXlKwyTfcICR5vD9qEvyvqaR5KrN7ZI,620
+policy/defaults.py,sha256=7DHRzeW79pEPx7x0_8dTmaFz9cpCosmto_yzb-cpMDs,233
 policy/enforcement.py,sha256=djsosjjfdyr0SjnHF2kz4u3glvMNgd1CJztN6yZE-fM,2749
-policy/profile.py,sha256=WDKaUagsWnBPGz5a_OOcxTsdZ66WjaIaR0R7ITVqy8g,6790
+policy/profile.py,sha256=j9C4Ut5Hwa6DotbbFR1ggmDPVmEC4dNMW7D4oxz2kxM,6839
+profiles/__init__.py,sha256=IqlTPlQdKibdLFMbYIk_tpn_B7dmMSnPhN_OJwPzgAo,760
+profiles/builtins.py,sha256=cu3lvUIUZw-OxEYJgGQeDJvQMPuwTnJqxYTOvnf5oiM,1430
+profiles/loader.py,sha256=n6FJm1r_PhAtuCVlIom2I3yqxnTQUryU8b7ggYyUJjI,2487
+profiles/paths.py,sha256=l0TbuVOOLrJBXOR-BAnxxA__2wZ9rHDTNHANTK1xafo,536
+profiles/registry.py,sha256=hkLUXaN-57iAxQtTwnDkHzLrzl3HTJPF44JcBfg_rjg,659
+profiles/summary.py,sha256=jLbmROC4TqyUJgswsn73rJqPkYq0YmAoKKoWxx5XBRg,853
+profiles/validation.py,sha256=J9pZBs9l-PpNmYoRdn43UhA07FSDM8EdGpZMpsTikvY,1920
 skillcopy/__init__.py,sha256=YUglUkDzKfnCt4ar_DU33ksI9fGyn2UYbV7qn2c_BcU,2322
 skillcopy/local.py,sha256=QH6484dCenjg8pfNOyTRbQQBklEWhkkTnfQok5ssf_4,1049
 skillcopy/remote.py,sha256=83jRA2VfjtSDGO-YM1x3WGJjKvWzK1RmSTL7SdUOz8s,3155
-oasr-0.5.2.dist-info/METADATA,sha256=SQ26Gtaa3LH-7f5CSHfM1yLUzNmizhYEuWO9lqTqSVM,18413
-oasr-0.5.2.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-oasr-0.5.2.dist-info/entry_points.txt,sha256=VnMuOi6XYMbzAD2bP0X5uV1sQXjOqoDWJ33Lsxwq8u8,52
-oasr-0.5.2.dist-info/licenses/LICENSE,sha256=nQ1j9Ldb8FlJ-z7y2WuXPIlyfnYC7YPasjGdOBgcfP4,10561
-oasr-0.5.2.dist-info/licenses/NOTICE,sha256=EsfkCN0ZRDS0oj3ADvMKeKrAXaPlC8YfpSjvjGVv9jE,207
-oasr-0.5.2.dist-info/RECORD,,
+oasr-0.6.0.dist-info/METADATA,sha256=ueWMiIfDSfj_PC73af_g5NRMgGcVaxiEYU_YM9k-3Fo,18919
+oasr-0.6.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+oasr-0.6.0.dist-info/entry_points.txt,sha256=VnMuOi6XYMbzAD2bP0X5uV1sQXjOqoDWJ33Lsxwq8u8,52
+oasr-0.6.0.dist-info/licenses/LICENSE,sha256=nQ1j9Ldb8FlJ-z7y2WuXPIlyfnYC7YPasjGdOBgcfP4,10561
+oasr-0.6.0.dist-info/licenses/NOTICE,sha256=EsfkCN0ZRDS0oj3ADvMKeKrAXaPlC8YfpSjvjGVv9jE,207
+oasr-0.6.0.dist-info/RECORD,,

policy/defaults.py

@@ -6,22 +6,6 @@ Conservative defaults that fail closed. Used when:
 - Config parsing errors occur
 """
 
-# Safe default profile - conservative and restrictive
-SAFE = {
-    "fs_read_roots": ["./"],
-    "fs_write_roots": ["./out", "./.oasr"],
-    "deny_paths": [
-        "~/.ssh",
-        "~/.aws",
-        "~/.gnupg",
-        "~/.config",
-        ".env",
-        "~/.bashrc",
-        "~/.zshrc",
-        "~/.profile",
-    ],
-    "allowed_commands": ["rg", "fd", "jq", "cat"],
-    "deny_shell": True,
-    "network": False,
-    "allow_env": False,
-}
+from profiles.builtins import SAFE
+
+__all__ = ["SAFE"]

policy/profile.py

@@ -11,7 +11,7 @@ from dataclasses import dataclass, field
 from pathlib import Path
 from typing import Any
 
-from policy.defaults import SAFE
+from profiles import BUILTIN_PROFILES, merge_profile_data
 
 
 @dataclass
@@ -107,17 +107,15 @@ def load(config: dict[str, Any], profile_name: str, cwd: Path | None = None) ->
 def _load_impl(config: dict[str, Any], profile_name: str) -> Profile:
     """Internal implementation of load()."""
     # Start with safe defaults
-    profile_data = SAFE.copy()
+    profile_data = BUILTIN_PROFILES["safe"].copy()
 
     # Try to load user-defined profile
     try:
         profiles = config.get("profiles", {})
         if profile_name in profiles:
-            user_profile = profiles[profile_name]
-            # Merge user overrides
-            for key in SAFE.keys():
-                if key in user_profile:
-                    profile_data[key] = user_profile[key]
+            profile_data = merge_profile_data(profile_data, profiles[profile_name])
+        elif profile_name in BUILTIN_PROFILES:
+            profile_data = merge_profile_data(profile_data, BUILTIN_PROFILES[profile_name])
         elif profile_name != "safe":
             # Warn if non-safe profile doesn't exist, but continue with safe defaults
             print(

profiles/__init__.py

@@ -0,0 +1,23 @@
+"""Profile loading utilities for OASR."""
+
+from profiles.builtins import BUILTIN_PROFILE_ORDER, BUILTIN_PROFILES
+from profiles.loader import load_profiles, merge_profile_data
+from profiles.paths import ensure_profile_dir, get_profile_dir
+from profiles.registry import get_profiles, list_profiles
+from profiles.summary import format_profile_summary, sorted_profile_names
+from profiles.validation import validate_profile_data, validate_profiles
+
+__all__ = [
+    "BUILTIN_PROFILES",
+    "BUILTIN_PROFILE_ORDER",
+    "load_profiles",
+    "get_profile_dir",
+    "ensure_profile_dir",
+    "format_profile_summary",
+    "get_profiles",
+    "list_profiles",
+    "merge_profile_data",
+    "sorted_profile_names",
+    "validate_profile_data",
+    "validate_profiles",
+]

profiles/builtins.py

@@ -0,0 +1,63 @@
+"""Built-in execution policy profiles."""
+
+from __future__ import annotations
+
+from typing import Any
+
+SAFE = {
+    "fs_read_roots": ["./"],
+    "fs_write_roots": ["./out", "./.oasr"],
+    "deny_paths": [
+        "~/.ssh",
+        "~/.aws",
+        "~/.gnupg",
+        "~/.config",
+        ".env",
+        "~/.bashrc",
+        "~/.zshrc",
+        "~/.profile",
+    ],
+    "allowed_commands": ["rg", "fd", "jq", "cat"],
+    "deny_shell": True,
+    "network": False,
+    "allow_env": False,
+}
+
+STRICT = {
+    "fs_read_roots": ["./"],
+    "fs_write_roots": ["./.oasr"],
+    "deny_paths": SAFE["deny_paths"],
+    "allowed_commands": ["rg", "cat"],
+    "deny_shell": True,
+    "network": False,
+    "allow_env": False,
+}
+
+DEV = {
+    "fs_read_roots": ["./", "~/projects"],
+    "fs_write_roots": ["./", "./out", "./.oasr", "~/projects"],
+    "deny_paths": SAFE["deny_paths"],
+    "allowed_commands": ["bash", "python", "node", "git", "curl", "rg", "fd", "jq", "cat", "npm", "pip"],
+    "deny_shell": False,
+    "network": True,
+    "allow_env": True,
+}
+
+UNSAFE = {
+    "fs_read_roots": ["/"],
+    "fs_write_roots": ["/"],
+    "deny_paths": [],
+    "allowed_commands": ["*"],
+    "deny_shell": False,
+    "network": True,
+    "allow_env": True,
+}
+
+BUILTIN_PROFILES: dict[str, dict[str, Any]] = {
+    "safe": SAFE,
+    "strict": STRICT,
+    "dev": DEV,
+    "unsafe": UNSAFE,
+}
+
+BUILTIN_PROFILE_ORDER = ("safe", "strict", "dev", "unsafe")

profiles/loader.py

@@ -0,0 +1,74 @@
+"""Profile loading and merging utilities."""
+
+from __future__ import annotations
+
+import sys
+from pathlib import Path
+from typing import Any
+
+if sys.version_info >= (3, 11):
+    import tomllib
+else:
+    import tomli as tomllib
+
+from profiles.builtins import BUILTIN_PROFILES
+from profiles.paths import get_profile_dir
+
+
+def list_profile_files(profile_dir: Path | None = None) -> list[Path]:
+    """Return profile files from ~/.oasr/profile."""
+    directory = profile_dir or get_profile_dir()
+    if not directory.exists():
+        return []
+    return sorted(p for p in directory.glob("*.toml") if p.is_file())
+
+
+def load_profile_file(path: Path) -> dict[str, Any]:
+    """Load a profile TOML file containing only profile keys."""
+    with open(path, "rb") as f:
+        data = tomllib.load(f)
+    if not isinstance(data, dict):
+        raise ValueError("Profile file must contain a table of profile settings")
+    return data
+
+
+def load_profile_files(profile_dir: Path | None = None) -> dict[str, dict[str, Any]]:
+    """Load profile files into a name->profile map."""
+    profiles: dict[str, dict[str, Any]] = {}
+    for path in list_profile_files(profile_dir):
+        name = path.stem
+        try:
+            profiles[name] = load_profile_file(path)
+        except Exception as exc:
+            print(f"⚠ Warning: Failed to load profile '{name}': {exc}", file=sys.stderr)
+    return profiles
+
+
+def merge_profiles(
+    builtin: dict[str, dict[str, Any]],
+    file_profiles: dict[str, dict[str, Any]],
+    inline_profiles: dict[str, dict[str, Any]],
+) -> dict[str, dict[str, Any]]:
+    """Merge profiles with precedence: inline > file > builtin."""
+    merged: dict[str, dict[str, Any]] = {}
+    for source in (builtin, file_profiles, inline_profiles):
+        for name, profile in source.items():
+            merged[name] = profile.copy()
+    return merged
+
+
+def merge_profile_data(base: dict[str, Any], overrides: dict[str, Any]) -> dict[str, Any]:
+    """Merge profile values with override precedence."""
+    merged = base.copy()
+    merged.update(overrides)
+    return merged
+
+
+def load_profiles(
+    inline_profiles: dict[str, dict[str, Any]] | None = None,
+    profile_dir: Path | None = None,
+) -> dict[str, dict[str, Any]]:
+    """Load merged profiles from builtin + profile files + inline config."""
+    inline_profiles = inline_profiles or {}
+    file_profiles = load_profile_files(profile_dir)
+    return merge_profiles(BUILTIN_PROFILES, file_profiles, inline_profiles)

profiles/paths.py

@@ -0,0 +1,22 @@
+"""Profile directory paths and helpers."""
+
+from __future__ import annotations
+
+from pathlib import Path
+
+
+def get_profile_dir() -> Path:
+    """Return ~/.oasr/profile directory (dynamic)."""
+    try:
+        from config import OASR_DIR
+
+        return OASR_DIR / "profile"
+    except Exception:
+        return Path.home() / ".oasr" / "profile"
+
+
+def ensure_profile_dir() -> Path:
+    """Ensure ~/.oasr/profile directory exists."""
+    directory = get_profile_dir()
+    directory.mkdir(parents=True, exist_ok=True)
+    return directory

profiles/registry.py

@@ -0,0 +1,19 @@
+"""Profile registry operations."""
+
+from __future__ import annotations
+
+from typing import Any
+
+from profiles.loader import load_profiles
+from profiles.summary import sorted_profile_names
+
+
+def list_profiles(inline_profiles: dict[str, dict[str, Any]] | None = None) -> list[str]:
+    """Return ordered profile names with all sources merged."""
+    profiles = load_profiles(inline_profiles=inline_profiles or {})
+    return sorted_profile_names(profiles)
+
+
+def get_profiles(inline_profiles: dict[str, dict[str, Any]] | None = None) -> dict[str, dict[str, Any]]:
+    """Return merged profiles."""
+    return load_profiles(inline_profiles=inline_profiles or {})

profiles/summary.py

@@ -0,0 +1,23 @@
+"""Profile listing and summary helpers."""
+
+from __future__ import annotations
+
+from typing import Any
+
+from profiles.builtins import BUILTIN_PROFILE_ORDER
+
+
+def sorted_profile_names(profiles: dict[str, Any]) -> list[str]:
+    """Return profile names sorted with built-ins first."""
+    names = sorted(profiles.keys())
+    ordered = [name for name in BUILTIN_PROFILE_ORDER if name in profiles]
+    remaining = [name for name in names if name not in ordered]
+    return ordered + remaining
+
+
+def format_profile_summary(name: str, profile: dict[str, Any]) -> str:
+    """Format a single-line profile summary."""
+    network = "on" if profile.get("network") else "off"
+    env = "on" if profile.get("allow_env") else "off"
+    shell = "on" if not profile.get("deny_shell", True) else "off"
+    return f"{name:12} network={network} env={env} shell={shell}"

profiles/validation.py

@@ -0,0 +1,34 @@
+"""Profile validation helpers."""
+
+from __future__ import annotations
+
+from typing import Any
+
+
+def validate_profile_data(profile_name: str, profile_data: dict[str, Any]) -> None:
+    """Validate a single profile data structure."""
+    if "fs_read_roots" in profile_data and not isinstance(profile_data["fs_read_roots"], list):
+        raise ValueError(f"Profile '{profile_name}': fs_read_roots must be a list")
+    if "fs_write_roots" in profile_data and not isinstance(profile_data["fs_write_roots"], list):
+        raise ValueError(f"Profile '{profile_name}': fs_write_roots must be a list")
+    if "deny_paths" in profile_data and not isinstance(profile_data["deny_paths"], list):
+        raise ValueError(f"Profile '{profile_name}': deny_paths must be a list")
+    if "allowed_commands" in profile_data and not isinstance(profile_data["allowed_commands"], list):
+        raise ValueError(f"Profile '{profile_name}': allowed_commands must be a list")
+    if "deny_shell" in profile_data and not isinstance(profile_data["deny_shell"], bool):
+        raise ValueError(f"Profile '{profile_name}': deny_shell must be a boolean")
+    if "network" in profile_data and not isinstance(profile_data["network"], bool):
+        raise ValueError(f"Profile '{profile_name}': network must be a boolean")
+    if "allow_env" in profile_data and not isinstance(profile_data["allow_env"], bool):
+        raise ValueError(f"Profile '{profile_name}': allow_env must be a boolean")
+
+
+def validate_profiles(profiles: dict[str, Any]) -> None:
+    """Validate profile map structure."""
+    if not isinstance(profiles, dict):
+        raise ValueError("profiles must be a table (dictionary)")
+
+    for profile_name, profile_data in profiles.items():
+        if not isinstance(profile_data, dict):
+            raise ValueError(f"Profile '{profile_name}' must be a table (dictionary)")
+        validate_profile_data(profile_name, profile_data)