{"id":47693613,"url":"https://github.com/the-metafactory/arc","last_synced_at":"2026-06-28T01:01:45.442Z","repository":{"id":339586073,"uuid":"1162557107","full_name":"the-metafactory/arc","owner":"the-metafactory","description":"Package management for PAI — install, discover, and share skills, tools, agents, and prompts","archived":false,"fork":false,"pushed_at":"2026-06-27T09:24:50.000Z","size":1415,"stargazers_count":7,"open_issues_count":38,"forks_count":3,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-27T10:08:18.645Z","etag":null,"topics":["ai-agents","bun","claude-code","cli","package-manager","pai","personal-ai","skills"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/the-metafactory.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY-ARCHITECTURE.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-20T12:10:20.000Z","updated_at":"2026-06-27T09:24:53.000Z","dependencies_parsed_at":"2026-05-07T22:01:28.373Z","dependency_job_id":null,"html_url":"https://github.com/the-metafactory/arc","commit_stats":null,"previous_names":["mellanon/pai-pkg","the-metafactory/arc"],"tags_count":36,"template":false,"template_full_name":null,"purl":"pkg:github/the-metafactory/arc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/the-metafactory%2Farc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/the-metafactory%2Farc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/the-metafactory%2Farc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/the-metafactory%2Farc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/the-metafactory","download_url":"https://codeload.github.com/the-metafactory/arc/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/the-metafactory%2Farc/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34873663,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-27T02:00:06.362Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","bun","claude-code","cli","package-manager","pai","personal-ai","skills"],"created_at":"2026-04-02T16:08:14.544Z","updated_at":"2026-06-28T01:01:45.435Z","avatar_url":"https://github.com/the-metafactory.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003cstrong\u003e📦 arc\u003c/strong\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://img.shields.io/badge/version-0.30.5-blue\" alt=\"Version: 0.30.5\" /\u003e\n \u003cimg src=\"https://img.shields.io/badge/status-beta-yellow\" alt=\"Status: Beta\" /\u003e\n \u003cimg src=\"https://img.shields.io/badge/tests-1003%20passing-brightgreen\" alt=\"Tests: 1003 passing\" /\u003e\n \u003cimg src=\"https://img.shields.io/badge/runtime-Bun-f472b6\" alt=\"Runtime: Bun\" /\u003e\n \u003cimg src=\"https://img.shields.io/badge/license-MIT-green\" alt=\"License: MIT\" /\u003e\n \u003cimg src=\"https://img.shields.io/badge/platform-macOS%20%7C%20Linux-lightgrey\" alt=\"Platform: macOS | Linux\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003earc\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\u003cstrong\u003eAgentic skill package manager.\u003c/strong\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003eInstall, discover, and share skills, tools, agents, and prompts\u003cbr/\u003ewith capability-based trust and multi-source registries.\u003c/p\u003e\n\n---\n\n## Your Agent Needs More Skills\n\nClaude Code skills are powerful but non-distributable. Each user's skill directory is a local collection with no mechanism for discovery, installation, or sharing between users.\n\n**arc is `apt install` for agentic skills.** It manages the full lifecycle — search a registry, review capabilities, install with one command, audit what's running.\n\n```bash\narc search doc # Find packages across all sources\narc install _DOC # Install with capability review\narc audit # See your total attack surface\n```\n\n### What It Installs\n\narc handles multiple artifact types:\n\n| Type | Installed To | What It Is |\n|------|-------------|------------|\n| **Skill** | `~/.claude/skills/{name}/` | Directory with SKILL.md + workflows |\n| **Tool** | `~/.claude/bin/{name}` + PATH shim | CLI command you can run directly |\n| **Agent** | `~/.claude/agents/{name}.md` | Persona file -- auto-discovered as `subagent_type` |\n| **Prompt** | `~/.claude/commands/{name}.md` | Slash command template |\n| **Library** | `~/.config/metafactory/pkg/repos/` | Multi-artifact repo containing skills, tools, etc. |\n| **Action** | `~/.config/metafactory/actions/{name}/` | Pulse action (action.json + action.ts) |\n| **Rules** | `~/.claude/skills/{name}/` | Configurable rules templates (e.g. CLAUDE.md generators) |\n\n---\n\n## Quick Start\n\n```bash\n# Install arc\ngit clone https://github.com/the-metafactory/arc.git\ncd arc \u0026\u0026 bun install \u0026\u0026 bun link\n\n# Fetch the community registry\narc source update\n\n# Search and install\narc search doc\narc install _DOC\n```\n\nRequires [Bun](https://bun.sh/) (v1.0+) and Git. Optional: [GitHub CLI](https://cli.github.com/) (`gh`) for release notes in `arc info`. See [QUICKSTART.md](QUICKSTART.md) for the full walkthrough.\n\n---\n\n## Commands\n\n### Package Management\n\n```bash\narc install \u003cname-or-url\u003e # Install from registry or git URL\narc install \u003cname\u003e --bin-dir \u003cpath\u003e # Override where command shims are installed\narc list # List installed packages\narc info \u003cname\u003e # Show details, capabilities, and release notes\narc audit # Audit capability surface (summary + cross-tier warnings)\narc audit --verbose # Full pairwise capability combination list\narc disable \u003cname\u003e # Disable (preserves repo)\narc enable \u003cname\u003e # Re-enable a disabled package\narc remove \u003cname\u003e # Completely uninstall\narc verify \u003cname\u003e # Verify manifest integrity\n```\n\n### Upgrades\n\n```bash\narc upgrade --check # Check for available upgrades (compares against registry)\narc upgrade # Upgrade all packages\narc upgrade \u003cname\u003e # Upgrade a specific package\narc self-update # Update arc itself (git pull + bun install)\narc upgrade-core \u003cversion\u003e # Upgrade core (symlink management)\n```\n\n### Discovery\n\n```bash\narc search \u003ckeyword\u003e # Search all configured sources\n```\n\n### Source Management\n\n```bash\narc source list # Show configured registry sources\narc source add \u003cn\u003e \u003curl\u003e # Add a source (--tier official|community|custom)\narc source update # Refresh indexes from all sources (like apt update)\narc source remove \u003cname\u003e # Remove a source\n```\n\n### Local Configuration\n\n```bash\narc config get bin-dir # Show where command shims are installed\narc config set bin-dir ~/.local/bin\narc doctor path # Check whether the shim directory is on PATH\n```\n\n### Catalog\n\nThe catalog is a local `catalog.yaml` tracking available artifacts (built-in skills, agents). It complements the registry — the registry is for community-published packages, the catalog is for known artifacts you may want to install.\n\n```bash\narc catalog list # List catalog with install status\narc catalog search \u003ckeyword\u003e # Search catalog by name or description\narc catalog add \u003cname\u003e # Add entry (--from-registry to pull from sources)\narc catalog remove \u003cname\u003e # Remove entry from catalog\narc catalog use \u003cname\u003e # Install from catalog (resolves deps)\narc catalog sync # Re-pull all installed catalog entries\narc catalog push \u003cname\u003e # Push local changes back to source\narc catalog push-catalog # Commit and push catalog.yaml to git remote\n```\n\n### Scaffolding\n\n```bash\narc init my-skill # Scaffold a new skill repo\narc init my-tool --type tool # Scaffold a tool\narc init my-agent --type agent\narc init my-prompt --type prompt\n```\n\nEach scaffold includes `arc-manifest.yaml`, `package.json`, `README.md`, `.gitignore`, and type-specific files (SKILL.md + workflows, agent persona, prompt template, or tool entry point).\n\n### Bundle and Publish\n\n```bash\narc bundle [path] # Create a .tar.gz from a package directory\narc bundle --output out.tar.gz # Custom output path\narc publish [path] # Bundle, upload, and register on metafactory\narc publish --dry-run # Validate without uploading\narc publish --tarball f.tar.gz # Publish from existing tarball\narc publish --scope \u003cns\u003e # Override publish namespace\narc publish --source \u003cname\u003e # Target specific metafactory source\n```\n\n### Authentication\n\n```bash\narc login # Authenticate with metafactory (device code flow)\narc login --source \u003cname\u003e # Authenticate with a specific source\narc logout # Remove authentication token\n```\n\n### Review (sponsor/steward)\n\nTriage the submission queue for packages where you are the assigned sponsor — or, as a steward, any submission. Requires `trusted+` tier server-side. DD-9 blocks reviewing your own submissions.\n\n```bash\narc review list # Pending submissions assigned to you\narc review list --per-page 50 --json # Scripting-friendly, capped at 100\narc review show \u003cid\u003e # Full detail incl. validation_result\narc review approve \u003cid\u003e # Approve and advance to 'approved'\narc review reject \u003cid\u003e -r \"reason\" # Reject (reason shown to publisher)\narc review request-changes \u003cid\u003e -m \"...\" # Request changes (comment to publisher)\n```\n\nEvery `review` subcommand accepts `-s, --source \u003cname\u003e` to pick a metafactory source and (on `list`, `show`, and all action commands) `--json` for machine output. The first approval on a package promotes it from `draft` → `active`, making it visible on browse and the package page.\n\n---\n\n## How It Works\n\n```\n sources.yaml Registry Sources arc Your Machine\n ──────────── ──────────────── ─────── ────────────\n │ │ │ │\n │ community hub │ │ │\n │ personal (custom) │ │ │\n │─────────────────────────►│ │ │\n │ │ │ │\n │ │ source update │ │\n │ │ (fetch REGISTRY.yaml) │ │\n │ │◄────────────────────────│ │\n │ │ │ │\n │ │ cached indexes │ │\n │ │────────────────────────►│ search \"doc\" │\n │ │ │ (queries cached files) │\n │ │ │ │\n │ │ │ install _DOC │\n │ │ │ → git clone │\n │ │ │─────────────────────────►\n │ │ │ │\n │ │ │ read arc-manifest.yaml │\n │ │ │ display capabilities │\n │ │ │ user confirms │\n │ │ │ │\n │ │ │ symlink → skills/ │\n │ │ │ record in packages.db │\n │ │ │─────────────────────────►\n │ │ │ │\n```\n\n**The flow:**\n1. `arc source update` fetches REGISTRY.yaml from each source in `sources.yaml` and caches locally\n2. `arc search` queries the cached indexes across all enabled sources\n3. `arc install` resolves the package from the registry, clones the source repo via git\n4. Reads `arc-manifest.yaml` — the capability declaration\n5. Displays capabilities and risk level for user approval\n6. Creates symlinks to the appropriate Claude directory\n7. For tools: runs `bun install` and creates CLI shim on PATH\n8. Records metadata in SQLite (`packages.db`)\n\nNo npm. No Docker. Just git clone, symlinks, and a manifest.\n\n---\n\n## Multi-Source Registry\n\narc supports multiple registry sources, like apt's sources.list:\n\n```yaml\n# ~/.config/metafactory/sources.yaml (auto-created on first run)\nsources:\n - name: community\n url: https://raw.githubusercontent.com/mellanon/pai-collab/main/skills/REGISTRY.yaml\n tier: community\n enabled: true\n```\n\nAdd additional sources:\n\n```bash\narc source add my-team https://raw.githubusercontent.com/my-org/registry/main/REGISTRY.yaml --tier community\narc source update # Fetch indexes from all sources\n```\n\nSearch aggregates results across all enabled sources, showing the source name and trust tier for each match.\n\n---\n\n## Trust Model\n\nTrust flows from the **source**, not the package:\n\n| Tier | Install Behavior | Example Source |\n|------|-----------------|----------------|\n| **official** | Auto-approves, minimal display | Upstream maintained packages |\n| **community** | Shows capabilities, requires confirmation | Community registries |\n| **custom** | Risk warning, full capability review | Direct git URL installs |\n\n### Capability Declarations\n\nEvery package declares what it accesses in `arc-manifest.yaml`:\n\n```yaml\ncapabilities:\n filesystem:\n read: [\"~/.claude/MEMORY/\"]\n write: [\"~/.claude/MEMORY/WORK/\"]\n network:\n - domain: \"*.atlassian.net\"\n reason: \"Jira REST API\"\n bash:\n allowed: true\n restricted_to: [\"bun src/jira.ts *\"]\n secrets: [\"JIRA_URL\", \"JIRA_API_TOKEN\"]\n```\n\n### Audit\n\n`arc audit` shows your total attack surface and detects dangerous capability compositions across installed packages:\n\n- **Summary mode** (default): grouped composition stats + cross-tier warnings only\n- **Verbose mode** (`--verbose`): full pairwise list of all capability combination warnings\n\nCross-tier warnings surface when a community package's capabilities combine dangerously with your personal packages — the actually interesting signals. Same-tier combinations (your own skills) are summarized as expected.\n\n---\n\n## Package Format\n\nA package is a git repo with `arc-manifest.yaml` at root:\n\n```\narc-skill-example/\n├── arc-manifest.yaml # Capability declaration (required)\n├── skill/ # Skill directory (skills)\n│ ├── SKILL.md\n│ └── workflows/\n├── agent/ # Agent directory (agents)\n│ └── AgentName.md\n├── prompt/ # Prompt directory (prompts)\n│ └── prompt-name.md\n├── src/ # Source code (tools, skills with CLI)\n│ └── tool.ts\n├── package.json # Bun dependencies (optional)\n└── README.md\n```\n\n### arc-manifest.yaml\n\n```yaml\nname: _DOC\nversion: 1.0.0\ntype: skill # skill | tool | agent | prompt\ntier: community\n\nauthor:\n name: mellanon\n github: mellanon\n\nprovides:\n skill:\n - trigger: \"doc\"\n cli:\n - command: \"bun src/doc.ts\"\n name: \"doc\"\n\ndepends_on:\n tools:\n - name: bun\n version: \"\u003e=1.0.0\"\n\ncapabilities:\n filesystem:\n read: []\n write: [\"**/*.html\"]\n network: []\n bash:\n allowed: false\n secrets: []\n```\n\n---\n\n## Running Tests\n\n```bash\nbun test # All 457 tests\nbun test:unit # Unit tests only\nbun test:commands # Command tests\nbun test:e2e # End-to-end lifecycle tests\n```\n\nTests run in isolated temp directories — never touch real `~/.claude/` or `~/.config/`.\n\n---\n\n## Versioning\n\nPackages use [semver](https://semver.org/). The canonical version lives in `arc-manifest.yaml`:\n\n```yaml\nversion: 1.2.0\n```\n\n**Convention:** bump the version, tag the commit, create a GitHub Release:\n\n```bash\n# After updating arc-manifest.yaml version to 1.2.0\ngit tag v1.2.0\ngit push origin v1.2.0\ngh release create v1.2.0 --title \"v1.2.0\" --notes \"## What Changed\n- Added new workflow for X\n- Fixed Y bug in Z\"\n```\n\nTags must match the manifest version (tag `v1.2.0` ↔ manifest `version: 1.2.0`).\n\nGitHub Releases are the changelog — no separate CHANGELOG.md needed. `arc info` fetches and displays release notes directly via the `gh` CLI.\n\nRegistry entries include a `version` field to advertise the latest available version. `arc upgrade --check` compares installed versions against registry versions. Pinned installs (`arc install MySkill@1.2.0`) are planned for a future release.\n\n---\n\n## Publishing\n\narc supports publishing packages to the metafactory registry. This is the counterpart to `arc install @scope/name` -- you bundle your package locally and publish it to the registry where others can install it.\n\n### Quick Publish\n\n```bash\n# 1. Authenticate (one-time)\narc login\n\n# 2. Set your namespace in arc-manifest.yaml\n# namespace: my-namespace\n\n# 3. Publish\narc publish\n```\n\n### How Publishing Works\n\n```\narc publish\n 1. Read arc-manifest.yaml\n 2. Validate: name, version (semver), type, capabilities\n 3. Create .tar.gz (excludes .git, node_modules, .env, test/, etc.)\n 4. Upload tarball to R2 storage (content-addressed by SHA-256)\n 5. Verify SHA-256: client hash must match server hash\n 6. Auto-create package entry on first publish\n 7. Register version (immutable -- cannot overwrite)\n```\n\n### Scope Resolution\n\nThe publish namespace is resolved in priority order:\n\n1. `--scope` flag: `arc publish --scope my-namespace`\n2. `namespace` field in `arc-manifest.yaml`\n3. Account default from `/auth/me` API\n\n### Bundle Exclusions\n\nBy default, these patterns are excluded from the tarball:\n\n- **VCS / OS:** `.git`, `.DS_Store`, `Thumbs.db`\n- **Secrets:** `.env`, `.env.*`\n- **Databases / logs:** `*.db`, `*.sqlite`, `*.log`\n- **JS / TS build + cache:** `node_modules`, `dist`, `build`, `out`, `coverage`, `.nyc_output`, `.next`, `.turbo`, `.parcel-cache`, `.pnpm-store`\n- **Bun:** `.*.bun-build` (compiled-binary cache)\n- **Rust:** `target`\n- **Python:** `.venv`, `__pycache__`, `*.pyc`\n- **Prior bundle artefacts:** `*.tar.gz`, `*.tgz`\n- **arc / Cloudflare / Claude local state:** `.specify`, `.wrangler`, `.claude`\n- **Tests:** `test`, `tests` (override via `bundle.include` if your package ships tests)\n\nExtend or override in `arc-manifest.yaml`:\n\n```yaml\nbundle:\n exclude:\n - \"*.tmp\"\n - \"fixtures/large\"\n include:\n - \"test\" # Cancels the default \"test\" exclusion\n```\n\n#### `bundle.include` is not an allowlist\n\n`bundle.include` only **cancels** a matching default exclusion — an entry must appear verbatim in the default list above to have any effect. It does not filter the tarball down to a subset of files. Use `bundle.exclude` for that, or bundle a subdirectory directly (`arc bundle packages/my-pkg`). arc will warn when an `include` entry does not match any default.\n\n### Bundling a Monorepo\n\nIf your repo is a monorepo with multiple publishable packages, there are two supported patterns:\n\n**1. Bundle one package at a time**\n\nEach package directory has its own `arc-manifest.yaml`. Run `arc bundle` against the subdirectory:\n\n```bash\narc bundle packages/my-skill\narc publish packages/my-skill\n```\n\n**2. Library root**\n\nDeclare the repo root as a `library` with an `artifacts:` list. Each artifact is a subdirectory that contains its own `arc-manifest.yaml`.\n\n```yaml\n# /arc-manifest.yaml (repo root)\nname: my-library\nversion: 1.0.0\ntype: library\nartifacts:\n - path: packages/skill-a\n description: Skill A\n - path: packages/tool-b\n description: Tool B\n```\n\nWith the library pattern, `arc install` installs every artifact, and `arc bundle packages/skill-a` bundles only that subtree — ignoring the rest of the monorepo (including `node_modules`, build caches, sibling packages, etc.).\n\n### Dry Run\n\nPreview what would be published without uploading:\n\n```bash\narc publish --dry-run\n# [DRY RUN] Would publish @my-namespace/my-skill v1.0.0\n# SHA-256: abc123...\n# Source: metafactory\n```\n\n### Pre-built Tarballs\n\nSkip the bundle step and publish an existing tarball:\n\n```bash\narc bundle --output my-skill-1.0.0.tar.gz\n# ... inspect tarball contents ...\narc publish --tarball my-skill-1.0.0.tar.gz\n```\n\n### Size Limits\n\n- Tarballs exceeding **50MB** are rejected before upload\n- Tarballs exceeding **10MB** produce a warning\n\n### Version Immutability\n\nPublished versions cannot be overwritten. To publish changes, bump the version in `arc-manifest.yaml` first:\n\n```bash\n# After editing arc-manifest.yaml to version: 1.1.0\narc publish\n```\n\nRe-running `arc publish` with the same version returns a clear error: *\"Version 1.0.0 already exists. Published versions are immutable.\"*\n\n### Requirements\n\n- Authenticated with `arc login`\n- Valid `arc-manifest.yaml` with `name` (lowercase alphanumeric), `version` (semver), and `type`\n- A `README.md` is recommended but not required\n- All capabilities must be honestly declared\n\n---\n\n## Reviewing Submissions\n\nEvery published version goes through human review before becoming visible (metafactory DD-6 — no automated approval at any tier). If you are listed as a package's sponsor, or you hold the `steward` tier, `arc review` lets you triage the queue from the terminal while the dedicated reviewer UI is still under construction.\n\n### Quick Review\n\n```bash\narc review list # Submissions awaiting your action\narc review show \u003csubmission-id\u003e # Full detail (validation output, capability diff, reviewer comment)\n```\n\n### Actions\n\n```bash\narc review approve \u003cid\u003e # Advance submission to 'approved'\narc review reject \u003cid\u003e -r \"reason\" # Reject; reason is shown to the publisher\narc review request-changes \u003cid\u003e -m \"...\" # Send the submission back with a comment\n```\n\n### How Reviewing Works\n\n1. Publisher runs `arc publish`, version lands in state `pending_review` with an assigned sponsor.\n2. Sponsor (or any steward) pulls the queue with `arc review list`, inspects with `arc review show`, and chooses one of the three actions.\n3. On `approve`, the package transitions from `draft` to `active` on its first approval, becoming visible on browse and its package page. Subsequent approvals just promote new versions.\n4. `reject` / `request-changes` store your text on the submission so the publisher sees why and what to change.\n\n### Server-Side Guarantees\n\n- `trusted+` tier required for every `review` subcommand (enforced server-side).\n- `list` only returns submissions where `sponsor_id = you` — you never see other sponsors' queues.\n- DD-9: you cannot approve, reject, or request changes on your own submissions. The server returns 403 with a clear message.\n- `reject` and `request-changes` require non-empty text; both the client (arc) and the server enforce this.\n\n### Scripting\n\n`arc review list`, `show`, and all action commands accept `--json` for machine output. Example:\n\n```bash\narc review list --json | jq '.submissions[] | {id, status, submitted_by}'\n```\n\n### Requirements\n\n- Authenticated with `arc login`\n- Assigned as sponsor for the package, or tier `steward`\n- Tier `trusted` or higher (server enforces)\n\n---\n\n## Acknowledgments\n\n- **[SkillSeal](https://github.com/mcyork/skillseal)** by [Ian McCutcheon](https://github.com/mcyork) — Cryptographic signing framework for Claude Code skills (future integration)\n- **[SpecFlow](https://github.com/jcfischer/specflow-bundle)** by [Jens-Christian Fischer](https://github.com/jcfischer) — The `arc-manifest.yaml` capability format is adapted from SpecFlow's manifest schema\n- **Debian Project** — The multi-tier trust model is inspired by Debian's main/contrib/non-free architecture\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthe-metafactory%2Farc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthe-metafactory%2Farc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthe-metafactory%2Farc/lists"}