External skill management: install, list, trust, remove with hot reload

[bug-ops]

Summary

Add a complete lifecycle for managing external skills: install from URL or local path, list with trust/status info, manage trust levels, and remove — all with hot reload support. The trust system (TrustLevel, blake3 hashing, SQLite persistence) and hot reload (SkillWatcher + debounced notify) are already implemented. This issue connects them into a unified management interface accessible from CLI, in-session commands, and TUI.

Current state

What exists

• Trust system — TrustLevel enum (Trusted/Verified/Quarantined/Blocked), blake3 hash verification, SQLite persistence (skill_trust table), SkillSource enum (Local/Hub/File)
• Hot reload — SkillWatcher with notify + 500ms debounce, fires SkillEvent::Changed, triggers registry.reload()
• In-session commands — /skills (list), /skill trust/block/unblock, /skill stats/versions/activate/approve/reset
• Config — skills.paths (Vec), skills.trust.{default_level, local_level, hash_mismatch_level}

What is missing

• No way to install a skill from URL or arbitrary path at runtime
• No CLI subcommand for skill management (only in-session slash commands)
• No way to remove a skill (only block)
• No TUI panel for skill management
• SkillSource::Hub exists as a type but has no client implementation
• Skills are only discovered from pre-configured skills.paths at startup

Proposed design

1. Skill install from URL or local path

CLI: zeph skill install <source>

• <source> can be:
  • Local path: ./my-skills/weather or /abs/path/to/skill-dir
  • Git repo URL: https://github.com/user/zeph-skill-foo (clone to ~/.config/zeph/skills/<name>/)
  • Git repo subdirectory: https://github.com/user/skills-collection#weather (fragment = subdirectory)
• Validates SKILL.md exists and parses correctly
• Computes blake3 hash, records SkillSource (File or Hub) in skill_trust table
• Assigns initial trust from skills.trust.default_level (Quarantined by default)
• Copies/clones into managed skills directory (~/.config/zeph/skills/) unless already in a watched path
• Triggers hot reload — no restart required

In-session: /skill install <source> — same behavior, with output in chat

2. Skill list with rich metadata

CLI: zeph skill list [--format table|json]

NAME              SOURCE    TRUST         HASH     SKILLS DEPS
github-pr-review  hub       quarantined   a3f2..   GITHUB_TOKEN
weather-check     file      trusted       8bc1..   WEATHER_API_KEY
code-review       local     trusted       f12d..   -
blocked-skill     hub       blocked       -        -

Columns: name, source kind, trust level, hash (truncated), required secrets (from requires-secrets per #682)

In-session: /skills — enhance existing command to show trust level and source alongside name/description

3. Trust management consolidation

Existing /skill trust/block/unblock commands work well. Add:

• CLI equivalents: zeph skill trust <name> [level], zeph skill block <name>, zeph skill unblock <name>
• Hash re-verification: zeph skill verify <name> — recompute blake3 hash, compare with stored, report tamper status
• Bulk trust: zeph skill trust-all <level> --source hub — set trust for all skills from a given source

4. Skill removal

CLI: zeph skill remove <name> [--force]

• Deletes trust record from SQLite
• Removes skill directory from managed path (~/.config/zeph/skills/<name>/)
• Refuses to remove skills from user-configured skills.paths unless --force (prints warning with path)
• Triggers hot reload

In-session: /skill remove <name> — same with confirmation prompt

5. TUI: Skills management panel

Add a skills panel to the TUI dashboard (feature-gated under tui):

• List view — table: name, source, trust level (color-coded), hash status, required secrets
• Install — input form for URL or path
• Trust toggle — inline trust level change (cycle through levels or pick from list)
• Remove — select + confirm deletion
• Detail view — expand skill to see full description, body preview, version history, invocation stats
• Hash status indicator — checkmark (valid), warning (mismatch), dash (not computed)
• Keyboard: consistent with other TUI panels, i to install, t to toggle trust, d to remove, Enter for detail

6. Managed skills directory

Introduce ~/.config/zeph/skills/ as the default managed directory for installed external skills:

• Auto-added to skills.paths at runtime (appended, lowest priority)
• Created on first skill install if it doesn't exist
• Each skill in its own subdirectory: ~/.config/zeph/skills/<skill-name>/SKILL.md
• Already watched by SkillWatcher since it's in skills.paths

7. Hash verification on reload

When SkillWatcher triggers a reload:

• Recompute blake3 for changed skills
• Compare with stored hash in skill_trust table
• If mismatch: downgrade trust to skills.trust.hash_mismatch_level (default: Quarantined), log warning
• Update stored hash only after user explicitly re-trusts (/skill trust <name> trusted)

Implementation plan

1. Managed skills directory — add ~/.config/zeph/skills/ path logic, auto-append to skills.paths
2. Install mechanism — git clone for URLs, copy/symlink for local paths, SKILL.md validation, trust record creation
3. Remove mechanism — SQLite cleanup, directory removal, hot reload trigger
4. CLI subcommands — zeph skill {install, list, remove, trust, block, unblock, verify} via clap
5. Enhanced in-session commands — /skill install, /skill remove, enhanced /skills list
6. Hash verification on reload — integrate blake3 check into watcher reload path
7. TUI skills panel — list/install/trust/remove/detail views
8. Documentation — skill authoring guide, trust model docs

Acceptance criteria

• zeph skill install <url> clones repo into managed directory and registers with Quarantined trust
• zeph skill install <path> copies skill from local path into managed directory
• Installed skills are available immediately via hot reload (no restart)
• zeph skill list shows all skills with source, trust level, hash, required secrets
• zeph skill remove <name> deletes skill directory and trust record
• zeph skill remove refuses to delete from user-configured paths without --force
• zeph skill trust <name> <level> updates trust in SQLite
• zeph skill verify <name> recomputes and compares blake3 hash
• Hash mismatch on reload auto-downgrades trust to configured level
• Hash is updated in SQLite only after explicit re-trust by user
• /skill install and /skill remove work in-session with hot reload
• /skills list shows trust level and source
• TUI skills panel: list, install, trust toggle, remove, detail view
• Unit tests for install, remove, hash verification, trust transitions