Module packs 

Shareable starter rule-pack marketplace (roadmap item ①).

A rule pack is a curated, attributed starter set a brand-new team can install on day-0 to close the cold-start recall gap (difflore import-reviews needs gh auth + PR history; packs need neither). The registry is a plain public GitHub repo exposing an index.json catalog plus per-pack pack.json manifests — install is a pure HTTPS GET of public content with a sha256 supply-chain pin, so it works logged-out and offline-after-cache.

Honesty / moat guardrails (non-negotiable, see roadmap §1)

Installed pack rules are suggestions, not ratified memory. They:

• carry origin = 'pack' (the authoritative “installed, not mined here” marker) and a synthetic source_repo = "pack:<id>" that can never match a real git remote — so the runtime scope gate confines them to the crossRepoStarter suggestion-only fallback automatically (no new privileged retrieval path);
• start at confidence_score = 0.55, below manual (0.7) and conversation (0.6), so they never start at parity with earned memory;
• carry no fabricated metrics — cited_count / trust_rate reflect this team’s observed behavior and start at 0.

Rule body format (dependency on item ⑥)

Pack rule bodies are rendered through item ⑥’s public, DB-free renderer crate::context::rule_render::render_code_spec so an installed pack rule is byte-for-byte indistinguishable in body from a mined rule — only its origin / tags / source_repo / confidence differ. We do NOT re-implement rendering here.

Structs

InstallPackOutcome

Result of an install_pack run.

InstalledPackRule

One installed-rule summary, returned for --dry-run preview and the install confirmation. Carries exactly the fields roadmap §5 step 5 says a dry-run must print: id, globs, tags, origin, synthetic source_repo, confidence.

PackIndex

The registry catalog fetched on packs list / packs install.

PackIndexEntry

One pack’s catalog row. Carries the per-version manifest path + sha256 pin used to verify the fetched manifest (supply-chain guard).

PackIndexVersion

PackMaintainer

PackManifest

The per-pack pack.json manifest.

PackProvenance

Pack-level provenance default. kind is the honesty contract (roadmap §3.3): curated | mined | imported. No kind may carry trust/acceptance numbers into the installing team’s store.

PackRule

One rule inside a manifest. body is the item-⑥-shaped renderable content; examples map to a rule_examples row when both sides are present.

PackRuleExamples

PackRuleProvenance

PackTarget

Enums

PackFetchError

Constants

DEFAULT_PACK_REGISTRY

Raw GitHub content of the registry repo’s default branch. The --registry CLI flag overrides this with a fork, a private mirror, or a file:// path.

PACK_CONFIDENCE

Base confidence for an installed pack rule. Deliberately below manual (0.7) and conversation (0.6): pack rules are suggestions and must not start at parity with the team’s own earned judgment. confidence_from_tags may refine via severity: but the install floor stays here.

PACK_ORIGIN

The origin value stamped on every installed pack rule. The single strongest provenance marker; downstream consumers key off it to render a “from a starter pack” badge and to exclude pack rules from any “your team’s earned memory” metric or eval. The local idx_skills_origin index makes WHERE origin = 'pack' cheap.

PACK_SOURCE_REPO_PREFIX

Reserved synthetic-source_repo namespace prefix. A pack: value can never match a real owner/repo git remote, which is the isolation key (roadmap §4.2): a pack rule can only ever reach the cross-repo starter fallback.

Functions

fetch_index

Fetch and parse the registry index.json.

fetch_manifest

Fetch a pack pack.json, verify its sha256 against the index pin, and parse it. manifest_rel is the index-declared path; expected_sha256 is the pin. Refuses to return a manifest whose bytes don’t match the pin.

install_pack

Install (or dry-run preview) every rule in a fetched pack manifest.

is_default_registry

Whether a --registry override points at the first-party default. Callers use this to demote a maintainer.verified badge to “verified (custom registry)” so the trust signal is never misleading.

manifest_sha256

Hex sha256 over the raw manifest bytes, used as the supply-chain integrity check. The index pins this value; install recomputes it over the fetched bytes and refuses on mismatch.

pack_rule_tag

pack-rule:<ruleId> per-rule identity tag — the lever a version supersede deletes/replaces on, independent of the @version suffix.

pack_source_repo

Build the synthetic source_repo for a pack id (e.g. difflore/go-http-safety -> pack:difflore/go-http-safety).

pack_version_tag

pack:<id>@<version> install-identity tag. packs list --installed groups locally-installed rows on this tag; packs install treats a row already carrying it as idempotent.