AgentGem — Gem Build Pipeline

config → introspect (redact at capture) → ConfigInventory → buildGem → archive (manifest + lock)

Redaction trust boundary — secrets stripped at capture; only redacted shapes flow right → Config sources • ~/.claude (skills,   MCP, CLAUDE.md) • enabled plugins • ~/.agents · ~/.codex • ~/.hermes • project dirs introspect() reads + redactMcpConfig() at the moment of capture value + key-name rules ConfigInventory skills · mcpServers instructions · hooks + SecretRef[] (no values) buildGem() select by name re-redact (defense) → Gem + requiredSecrets writeGemArchive() layout by type gem.json + gem.lock sha256 digest archiveFs directory tree archiveTar .tar.gz scaffoldChecks() behavioral + skillspector Redaction Data / sources Compose / checks Archive output

Redaction rules

  • • Key-name regex: api_key, token, secret, bearer, sk-, ghp_, xox…
  • • Value heuristic: high-entropy tokens (32+ chars)
  • • env / headers maps treated as secret by default
  • • Each strip recorded as SecretRef{name, location}

buildGem selection

  • • { all: true } or named skills/mcp/hooks/instructions
  • • Throws on unknown artifact names
  • • Re-redacts artifacts missing secretRefs
  • • Aggregates SecretRequirement[] (names only)

Archive output

  • • skills/ mcp/ hooks/ instructions/ checks/
  • • gem.json (manifest) + gem.lock (hashes + digest)
  • • Deterministic: sorted paths, fixed mtime
  • • Serialize to a directory or a .tar.gz buffer

AgentGem • Gem build pipeline • src/gem/{introspect,redact,buildGem,archive}.ts