@cfio/cohort-sync 0.34.6 → 0.34.7

package/dist/index.js

@@ -2625,6 +2625,7 @@ import path3 from "node:path";
 
 // src/sync.ts
 import fs from "node:fs";
+import crypto from "node:crypto";
 import path from "node:path";
 var VALID_STATUSES = /* @__PURE__ */ new Set(["idle", "working", "waiting"]);
 function normalizeStatus(status) {
@@ -2922,8 +2923,8 @@ function writeSkillBody(skillsDir2, location, body) {
   if (path.basename(location) !== "SKILL.md") {
     throw new Error("Skill location must end with SKILL.md");
   }
-  if (body.length > MAX_SKILL_BYTES) {
-    throw new Error(`Skill body exceeds maximum length of ${MAX_SKILL_BYTES} characters`);
+  if (Buffer.byteLength(body, "utf8") > MAX_SKILL_BYTES) {
+    throw new Error(`Skill body exceeds maximum length of ${MAX_SKILL_BYTES} bytes`);
   }
   const root = path.resolve(skillsDir2);
   const target = path.resolve(root, location);
@@ -2935,6 +2936,26 @@ function writeSkillBody(skillsDir2, location, body) {
   fs.writeFileSync(target, body, "utf8");
   return target;
 }
+function hashSkillBody(body) {
+  return crypto.createHash("sha256").update(body, "utf8").digest("hex");
+}
+function writeSkillBodyVerified(skillsDir2, location, body, expectedHash) {
+  if (!expectedHash) {
+    throw new Error("bodyHash is required for skill writeback");
+  }
+  const target = writeSkillBody(skillsDir2, location, body);
+  const actual = hashSkillBody(fs["read"+"FileSync"](target, "utf-8"));
+  if (actual !== expectedHash) {
+    throw new Error("Skill body hash mismatch after write");
+  }
+  return target;
+}
+async function postSkillMaterializationApplied(cfg, payload) {
+  await v1Post(cfg.apiUrl, cfg.apiKey, "/api/v1/skills/materialization-applied", payload);
+}
+async function postSkillMaterializationFailed(cfg, payload) {
+  await v1Post(cfg.apiUrl, cfg.apiKey, "/api/v1/skills/materialization-failed", payload);
+}
 function skillsDirExists(skillsDir2) {
   try {
     return fs.statSync(skillsDir2).isDirectory();
@@ -11931,22 +11952,56 @@ async function executeCommand(cmd, gwClient, cfg, resolveAgentName, logger, cron
   if (cmd.type === "skillWrite") {
     const skillsDir2 = injection?.skillsDir;
     const agentName = cmd.payload?.agentId;
+    const skillId = cmd.payload?.skillId;
     const location = cmd.payload?.location;
     const body = cmd.payload?.skillBody;
+    const targetRevision = cmd.payload?.targetRevision;
+    const bodyHash = cmd.payload?.bodyHash;
     if (!skillsDir2) {
       throw new Error("skillsDir is required for skillWrite");
     }
     if (!agentName) {
       throw new Error("agentId is required for skillWrite");
     }
+    if (!skillId) {
+      throw new Error("skillId is required for skillWrite");
+    }
     if (!location) {
       throw new Error("location is required for skillWrite");
     }
     if (typeof body !== "string") {
       throw new Error("skillBody is required for skillWrite");
     }
-    writeSkillBody(skillsDir2, location, body);
-    await syncSkills(agentName, enumerateSkills(skillsDir2, "openclaw"), cfg, logger);
+    if (typeof targetRevision !== "number") {
+      throw new Error("targetRevision is required for skillWrite");
+    }
+    if (!bodyHash) {
+      throw new Error("bodyHash is required for skillWrite");
+    }
+    try {
+      writeSkillBodyVerified(skillsDir2, location, body, bodyHash);
+      await postSkillMaterializationApplied(cfg, {
+        skillId,
+        agentName,
+        targetRevision,
+        bodyHash,
+        commandId: cmd._id,
+        location
+      });
+    } catch (err) {
+      await postSkillMaterializationFailed(cfg, {
+        skillId,
+        agentName,
+        targetRevision,
+        bodyHash,
+        commandId: cmd._id,
+        location,
+        error: String(err).slice(0, 500)
+      }).catch((ackErr) => {
+        logger.warn(`cohort-sync: materialization failed ack failed: ${String(ackErr)}`);
+      });
+      throw err;
+    }
     return;
   }
   if (cmd.type.startsWith("cron")) {
@@ -13033,10 +13088,10 @@ function subscribeChannels(apiKey2, onUpdate, logger) {
 }
 
 // src/gateway-client.ts
-import crypto2 from "node:crypto";
+import crypto3 from "node:crypto";
 
 // src/device-identity-crypto.ts
-import crypto from "node:crypto";
+import crypto2 from "node:crypto";
 import fs2 from "node:fs";
 import path2 from "node:path";
 import os from "node:os";
@@ -13065,12 +13120,12 @@ function loadOrCreateDeviceIdentity() {
     persistIdentity(legacy);
     return legacy;
   }
-  const { publicKey, privateKey } = crypto.generateKeyPairSync("ed25519");
+  const { publicKey, privateKey } = crypto2.generateKeyPairSync("ed25519");
   const publicKeyPem = publicKey.export({ type: "spki", format: "pem" });
   const privateKeyPem = privateKey.export({ type: "pkcs8", format: "pem" });
   const publicKeyDer = publicKey.export({ type: "spki", format: "der" });
   const rawPublicKey = publicKeyDer.subarray(publicKeyDer.length - 32);
-  const deviceId = crypto.createHash("sha256").update(new Uint8Array(rawPublicKey)).digest("hex");
+  const deviceId = crypto2.createHash("sha256").update(new Uint8Array(rawPublicKey)).digest("hex");
   const identity = { deviceId, publicKeyPem, privateKeyPem };
   console.debug("cohort-sync: device identity created", { deviceId });
   persistIdentity(identity);
@@ -13106,8 +13161,8 @@ function buildDeviceAuthPayloadV3(params) {
   ].join("|");
 }
 function signPayload(privateKeyPem, payload) {
-  const key = crypto.createPrivateKey(privateKeyPem);
-  const signature = crypto.sign(null, new Uint8Array(Buffer.from(payload, "utf-8")), key);
+  const key = crypto2.createPrivateKey(privateKeyPem);
+  const signature = crypto2.sign(null, new Uint8Array(Buffer.from(payload, "utf-8")), key);
   return signature.toString("base64").replaceAll("+", "-").replaceAll("/", "_").replace(/=+$/, "");
 }
 
@@ -13299,7 +13354,7 @@ var GatewayClient = class {
         ws.addEventListener("message", onChallengeMessage);
         const sendConnect = () => {
           ws.removeEventListener("message", onChallengeMessage);
-          const id = crypto2.randomUUID();
+          const id = crypto3.randomUUID();
           const frame = buildConnectFrame(
             id,
             this._getToken(),
@@ -13412,7 +13467,7 @@ var GatewayClient = class {
     if (!this.isAlive()) {
       throw new Error("Gateway client is not connected");
     }
-    const id = crypto2.randomUUID();
+    const id = crypto3.randomUUID();
     const frame = {
       type: "req",
       id,
@@ -14323,7 +14378,7 @@ function dumpEvent(event) {
 function positiveNumber(value) {
   return typeof value === "number" && Number.isFinite(value) && value > 0 ? value : void 0;
 }
-var PLUGIN_VERSION = true ? "0.34.6" : "unknown";
+var PLUGIN_VERSION = true ? "0.34.7" : "unknown";
 var PRESENCE_PING_INTERVAL_MS = 12e4;
 function resolveGatewayToken(api) {
   const token2 = api.config?.gateway?.auth?.token;

package/dist/openclaw.plugin.json

@@ -85,5 +85,5 @@
       }
     }
   },
-  "version": "0.34.6"
+  "version": "0.34.7"
 }

package/dist/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cfio/cohort-sync",
-  "version": "0.34.6",
+  "version": "0.34.7",
   "description": "OpenClaw plugin — syncs agent telemetry, sessions, and activity to the Cohort dashboard",
   "type": "module",
   "main": "index.js",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cfio/cohort-sync",
-  "version": "0.34.6",
+  "version": "0.34.7",
   "description": "OpenClaw plugin — syncs agent telemetry, sessions, and activity to the Cohort dashboard",
   "license": "MIT",
   "homepage": "https://docs.cohort.bot/gateway",