@clawmem-ai/clawmem 0.1.10 → 0.1.12

package/skills/clawmem/references/manual-ops.md

@@ -0,0 +1,205 @@
+# ClawMem Manual Operations And Troubleshooting
+
+Use this reference only when:
+- the user explicitly wants raw GitHub-style repo or issue operations
+- you are debugging backend state or labels
+- the plugin memory tools are unavailable
+
+ClawMem runs on a GitHub-compatible backend, so repo, issue, label, invitation, and team operations follow GitHub-shaped APIs. That is why `gh` and `curl` are valid fallback tools here.
+
+## Contents
+
+- Route resolution
+- Preflight
+- Save a memory manually
+- Search memories manually
+- Mark memory as stale manually
+- Link related memories manually
+- `git push` to ClawMem
+- Known pitfalls
+- Autonomy
+
+If the plugin tools are available, prefer:
+- `memory_repos` to inspect available repos
+- `memory_list` to inspect the current active-memory index
+- `memory_get` to verify one exact memory
+- `memory_labels` to inspect current schema
+- `memory_repo_create` to create a new memory repo
+- `memory_store` to save
+- `memory_update` to evolve one canonical memory in place
+- `memory_recall` to search
+- `memory_forget` to retire stale memories
+
+## Route resolution
+
+ClawMem is routed per agent identity, not through one global repo or token.
+
+Resolve the current route with the bundled helper:
+
+```sh
+eval "$(python3 scripts/clawmem_exports.py)"
+```
+
+That exports:
+- `CLAWMEM_AGENT_ID`
+- `CLAWMEM_BASE_URL`
+- `CLAWMEM_HOST`
+- `CLAWMEM_DEFAULT_REPO`
+- `CLAWMEM_REPO`
+- `CLAWMEM_TOKEN`
+
+Rules:
+- Never store tokens in files or chat
+- `CLAWMEM_DEFAULT_REPO` is the fallback memory space for automatic flows
+- `CLAWMEM_REPO` is the repo chosen for the current operation
+- If `CLAWMEM_TOKEN` is empty, this agent identity has not been provisioned yet
+
+## Preflight
+
+```sh
+eval "$(python3 scripts/clawmem_exports.py)"
+
+test -n "$CLAWMEM_REPO" || { echo "ClawMem repo missing for agent $CLAWMEM_AGENT_ID"; exit 1; }
+test -n "$CLAWMEM_TOKEN" || { echo "ClawMem token missing for agent $CLAWMEM_AGENT_ID"; exit 1; }
+case "$CLAWMEM_REPO" in
+  */*) ;;
+  *) echo "Invalid CLAWMEM_REPO='$CLAWMEM_REPO' (expected owner/repo)"; exit 1 ;;
+esac
+```
+
+For ClawMem, always pass `--repo "$CLAWMEM_REPO"` to `gh` or use `$CLAWMEM_BASE_URL/repos/$CLAWMEM_REPO/...` with `curl` explicitly.
+
+Do not export `GH_HOST` or `GH_ENTERPRISE_TOKEN` globally for unrelated github.com work. Use per-command env prefixes if you need isolation.
+
+## Save a memory manually
+
+Use the tool path first. If raw issue control is required:
+
+### With `gh`
+
+```sh
+for lbl in "type:memory" "kind:core-fact" "kind:convention" "kind:lesson" "kind:skill" "kind:task"; do
+  GH_HOST="$CLAWMEM_HOST" GH_ENTERPRISE_TOKEN="$CLAWMEM_TOKEN" \
+    gh label create "$lbl" --repo "$CLAWMEM_REPO" --color "5319e7" 2>/dev/null || true
+done
+
+GH_HOST="$CLAWMEM_HOST" GH_ENTERPRISE_TOKEN="$CLAWMEM_TOKEN" \
+  gh issue create --repo "$CLAWMEM_REPO" \
+    --title "Memory: <concise title>" \
+    --body "<durable detail in plain language>" \
+    --label "type:memory" \
+    --label "kind:lesson"
+```
+
+### With `curl`
+
+```sh
+for lbl in "type:memory" "kind:core-fact" "kind:convention" "kind:lesson" "kind:skill" "kind:task"; do
+  curl -sf -X POST -H "Authorization: token $CLAWMEM_TOKEN" \
+    -H "Content-Type: application/json" \
+    "$CLAWMEM_BASE_URL/repos/$CLAWMEM_REPO/labels" \
+    -d "{\"name\":\"$lbl\",\"color\":\"5319e7\"}" >/dev/null 2>&1 || true
+done
+
+curl -sf -X POST -H "Authorization: token $CLAWMEM_TOKEN" \
+  -H "Content-Type: application/json" \
+  "$CLAWMEM_BASE_URL/repos/$CLAWMEM_REPO/issues" \
+  -d "{
+    \"title\": \"Memory: <concise title>\",
+    \"body\": \"<durable detail in plain language>\",
+    \"labels\": [\"type:memory\", \"kind:lesson\"]
+  }" | jq '{number, title, url: .html_url}'
+```
+
+## Search memories manually
+
+### With `gh`
+
+```sh
+GH_HOST="$CLAWMEM_HOST" GH_ENTERPRISE_TOKEN="$CLAWMEM_TOKEN" \
+  gh issue list --repo "$CLAWMEM_REPO" \
+    --state open \
+    --label "type:memory" \
+    --search "<keywords>" \
+    --limit 100 \
+    --json number,title,body,labels,updatedAt
+```
+
+### With `curl`
+
+```sh
+curl -sf -H "Authorization: token $CLAWMEM_TOKEN" \
+  "$CLAWMEM_BASE_URL/repos/$CLAWMEM_REPO/issues?state=open&labels=type:memory&per_page=100&type=issues" | \
+  jq --arg q "<keywords>" '
+    ($q | ascii_downcase) as $needle
+    | map(select(
+        ((.title // "") + "\n" + (.body // "")) | ascii_downcase | contains($needle)
+      ))
+    | map({number, title, body, labels: [.labels[]?.name], updatedAt: .updated_at})
+  '
+```
+
+## Mark memory as stale manually
+
+If this is still the same canonical fact or task, prefer `memory_update` instead of retiring the old node.
+
+### With `gh`
+
+```sh
+GH_HOST="$CLAWMEM_HOST" GH_ENTERPRISE_TOKEN="$CLAWMEM_TOKEN" \
+  gh issue close <number> --repo "$CLAWMEM_REPO"
+```
+
+### With `curl`
+
+```sh
+curl -sf -X PATCH -H "Authorization: token $CLAWMEM_TOKEN" \
+  -H "Content-Type: application/json" \
+  "$CLAWMEM_BASE_URL/repos/$CLAWMEM_REPO/issues/<number>" \
+  -d '{"state": "closed"}'
+```
+
+If a new memory replaces an old one, save the new memory first and mention the old `#ID` in the replacement body so the supersession is explicit.
+
+## Link related memories manually
+
+When one memory depends on, refines, or supersedes another, mention `#<id>` in the body so the graph keeps an explicit edge.
+
+Prefer doing this when you create a curated raw memory, or when you are already rewriting the full issue body intentionally.
+
+If you patch an existing plugin-managed memory body by hand, preserve the existing structured body and add the `#<id>` relation into the durable detail instead of overwriting metadata fields blindly.
+
+## `git push` to ClawMem
+
+`GH_HOST` and `GH_ENTERPRISE_TOKEN` affect `gh`, not `git push`. If you need to push code to a ClawMem git service repo:
+
+```sh
+echo "$CLAWMEM_TOKEN" | gh auth login -h "$CLAWMEM_HOST" --with-token
+```
+
+After that, `git push` to `https://git.clawmem.ai/...` works normally.
+
+## Known pitfalls
+
+| Problem | Fix |
+|---|---|
+| Labels do not update reliably via `PATCH` on some backends | Use `PUT /repos/{owner}/{repo}/issues/{n}/labels` when you need exact label replacement |
+| `openclaw config get` returns redacted token values | Read the config file path via `openclaw config file`, then inspect the JSON directly |
+| Conversation mirror returns `404` | The cached conversation issue was deleted; the plugin recreates it on the next session |
+| New session gets `401 Unauthorized` | Re-read the current agent route. If this is first use, trigger one real turn so the plugin can finish provisioning |
+| Agent uses the wrong memory repo | Resolve `config.agents.<agentId>` for the current agent; do not read only top-level legacy repo settings |
+| `gh` is not the official GitHub CLI | Run `gh --version`; if it is the npm `gh` package instead of the official CLI, use `curl` or replace the CLI install |
+
+## Autonomy
+
+Without confirmation:
+- creating or updating memory nodes
+- adding comments
+- reusing or creating labels
+- closing stale memory nodes
+- creating new memory repos when a new space is clearly needed
+
+Requires confirmation:
+- OpenClaw config changes
+- service restarts
+- deletions that go beyond ordinary memory retirement

package/skills/clawmem/references/repair.md

@@ -0,0 +1,127 @@
+# ClawMem Repair And Verification
+
+Use this reference when ClawMem is already installed but is not selected as the active memory plugin, is missing per-agent provisioning, has a broken route, or needs verification after setup.
+
+The website bootstrap `SKILL.md` is the primary setup guide. This reference is for post-install repair, diagnostics, and compatibility-file reminders.
+
+## Contents
+
+- Verify activation and provisioning
+- Verify read access without manual login
+- Verify the plugin tool path
+- Compatibility mode for SOUL.md, AGENTS.md, and TOOLS.md
+- Definition of done
+- If ClawMem is still broken
+
+## Step 1: Verify activation and provisioning
+
+First verify that ClawMem is the active memory plugin.
+
+```sh
+openclaw status
+python3 - <<'PY'
+import json, os, subprocess
+cfg_path = subprocess.check_output(["openclaw", "config", "file"], text=True).strip()
+with open(os.path.expanduser(cfg_path)) as f:
+    root = json.load(f)
+slots = (root.get("plugins") or {}).get("slots") or {}
+print(f"plugins.slots.memory = {slots.get('memory', 'MISSING')}")
+PY
+```
+
+Expected:
+- OpenClaw status shows ClawMem as the active memory plugin
+- `plugins.slots.memory = clawmem`
+
+Then verify the current agent route. Resolve the current route with the bundled helper:
+
+```sh
+eval "$(python3 scripts/clawmem_exports.py)"
+printf 'agent=%s\nbase=%s\ndefaultRepo=%s\ntoken=%s\n' \
+  "${CLAWMEM_AGENT_ID}" "${CLAWMEM_BASE_URL}" "${CLAWMEM_DEFAULT_REPO}" \
+  "$(test -n "${CLAWMEM_TOKEN}" && printf SET || printf MISSING)"
+```
+
+If `CLAWMEM_DEFAULT_REPO` or `CLAWMEM_TOKEN` is missing, the current agent has not been provisioned yet. Trigger one real turn with that agent so the plugin can finish provisioning and persist credentials, or restart OpenClaw and retry after the agent is first used.
+
+## Step 2: Verify read access without manual login
+
+This proves that a fresh session can query ClawMem using the current agent's provisioned route.
+
+```sh
+eval "$(python3 scripts/clawmem_exports.py)"
+
+test -n "$CLAWMEM_REPO" || { echo "Current agent route has no repo yet"; exit 1; }
+test -n "$CLAWMEM_TOKEN" || { echo "Current agent route has no token yet"; exit 1; }
+
+GH_HOST="$CLAWMEM_HOST" GH_ENTERPRISE_TOKEN="$CLAWMEM_TOKEN" \
+  gh issue list --repo "$CLAWMEM_REPO" --limit 1 --json number,title
+```
+
+If `gh` is unavailable or not the official GitHub CLI, use the fallback probe:
+
+```sh
+curl -sf -H "Authorization: token $CLAWMEM_TOKEN" \
+  "$CLAWMEM_BASE_URL/repos/$CLAWMEM_REPO/issues?state=open&per_page=1&type=issues" | \
+  jq 'map({number,title})'
+```
+
+If either command returns JSON, even `[]`, the route is usable.
+
+## Step 3: Verify the plugin tool path
+
+From a normal ClawMem-enabled session, verify that:
+- `memory_repos` lists accessible repos and marks the default repo
+- `memory_list` returns the active memory index
+- `memory_get` fetches one exact memory by id or issue number
+- `memory_labels` returns the current reusable schema labels
+- `memory_recall` returns either a hit list or a clean miss
+- `memory_store` is available for immediate durable saves
+- `memory_update` updates an existing memory in place
+- `memory_repo_create` creates a new repo when a new memory space is needed
+
+Conversation summaries or auto-extracted memories from a just-finished session may appear on the next real request, not necessarily immediately at session close.
+
+## Compatibility mode for SOUL.md, AGENTS.md, and TOOLS.md
+
+If your OpenClaw environment still relies on file-injected identity or behavior reminders, use these compact compatibility snippets. Do not duplicate the entire skill body into those files.
+
+### Optional SOUL.md identity block
+
+```markdown
+## Memory System — ClawMem
+I use ClawMem as my memory system.
+When prior context may help, I search ClawMem before answering.
+```
+
+### Optional AGENTS.md reminder
+
+```markdown
+Before ending every response, ask: "Did I learn anything durable this turn?"
+If yes or unsure, save it to ClawMem now.
+```
+
+### Optional TOOLS.md reminder
+
+```markdown
+ClawMem is the primary long-term memory system.
+Use the bundled $clawmem skill for retrieval, saving, routing, schema, and troubleshooting.
+```
+
+These snippets are compatibility aids, not the primary runtime source of truth.
+
+## Definition of done
+
+- `openclaw.json` has `plugins.slots.memory = clawmem`
+- The current agent route has a `defaultRepo` or legacy `repo`
+- The current agent route has a `token`
+- Read-only probe works without manual `gh auth login`
+- Plugin memory tools work from a normal session
+- The bundled `$clawmem` skill is available after installation
+
+## If ClawMem is still broken
+
+- If `plugins.slots.memory` is wrong, set it back to `clawmem`, restart the gateway, and retry.
+- If the route is missing a repo or token, trigger one real turn with that agent and retry provisioning checks.
+- If a new session gets `401 Unauthorized`, re-read the current route instead of assuming the old repo or token is still valid.
+- If your environment still depends on `SOUL.md` or `AGENTS.md`, add the compatibility snippets above rather than pasting large sections of this skill into those files.

package/skills/clawmem/references/schema.md

@@ -0,0 +1,63 @@
+# ClawMem Memory Schema
+
+Use this reference when deciding how to label or shape a memory, or when you need to explain the ClawMem graph model to another agent or user.
+
+## The memory graph
+
+Issues are nodes. Labels are schema. `#ID` references are edges.
+
+When one memory depends on, refines, supersedes, or generalizes another memory, mention the related `#ID` in the issue body so the relationship stays explicit in the graph.
+
+There are two valid memory shapes:
+- Plugin-managed structured memories: created through `memory_store` or `memory_update`; the plugin manages core labels and may also persist agent-selected `kind:*` and `topic:*` labels
+- Curated graph memories: created manually through `gh` or `curl` when you explicitly need raw issue control
+
+## Labels
+
+Plugin-managed memories always include:
+- `type:memory`
+
+Plugin-managed memories may also include:
+- one `kind:*` label
+- optional `topic:*` labels
+
+Lifecycle is carried by native issue state:
+- open issue = active memory
+- closed issue = stale or superseded memory
+
+If you create a curated memory manually, include:
+- `type:memory`
+- one `kind:*` label
+- optional `topic:*` labels, usually no more than two or three
+
+## Kinds
+
+| Kind | Label | Use it for |
+|---|---|---|
+| Core fact | `kind:core-fact` | Stable truths that should update in place as reality changes |
+| Convention | `kind:convention` | Agreed rules or policies |
+| Lesson learned | `kind:lesson` | Corrections, postmortems, or mistakes worth preserving |
+| Skill blueprint | `kind:skill` | Repeatable workflows or playbooks |
+| Active task | `kind:task` | Ongoing work that should stay visible and update over time |
+
+## When to create which kind
+
+| Trigger | Kind |
+|---|---|
+| User corrects a wrong assumption | `kind:lesson` |
+| You and the user agree on a rule | `kind:convention` |
+| A stable fact about the user or project | `kind:core-fact` |
+| A repeatable workflow you figured out | `kind:skill` |
+| Ongoing work to track | `kind:task` |
+
+## Disciplined self-evolution
+
+- Before inventing a new `kind` or `topic`, call `memory_labels`.
+- Reuse current schema when it already fits.
+- If the current schema does not fit and a new label would help future retrieval, coordination, or reuse, create it deliberately.
+- New labels should be short, general, and likely to apply again across future memories or agents.
+- Do not invent random label prefixes. Schema evolution must stay within `kind:*` and `topic:*`.
+
+## Storage rule
+
+If you are writing something so the agent remembers it later, store it in ClawMem. If you are writing something for a tool or human to read directly, write a file instead.

package/skills/clawmem/scripts/clawmem_exports.py

@@ -0,0 +1,54 @@
+#!/usr/bin/env python3
+
+import json
+import os
+import shlex
+import subprocess
+import sys
+
+
+def normalize_base_url(raw: str) -> str:
+    value = (raw or "https://git.clawmem.ai/api/v3").rstrip("/")
+    if not value.endswith("/api/v3"):
+        value = f"{value}/api/v3"
+    return value
+
+
+def main() -> int:
+    agent_id = (sys.argv[1].strip() if len(sys.argv) > 1 and sys.argv[1].strip() else os.environ.get("OPENCLAW_AGENT_ID", "main"))
+    repo_override = sys.argv[2].strip() if len(sys.argv) > 2 else ""
+
+    try:
+        cfg_path = subprocess.check_output(["openclaw", "config", "file"], text=True).strip()
+    except FileNotFoundError:
+        print("clawmem_exports.py: openclaw CLI was not found in PATH", file=sys.stderr)
+        return 1
+    with open(os.path.expanduser(cfg_path), "r", encoding="utf-8") as handle:
+        root = json.load(handle)
+
+    cfg = (((root.get("plugins") or {}).get("entries") or {}).get("clawmem") or {}).get("config") or {}
+    agents = cfg.get("agents") or {}
+    route = agents.get(agent_id) or {}
+
+    base_url = normalize_base_url(route.get("baseUrl") or cfg.get("baseUrl") or "")
+    default_repo = route.get("defaultRepo") or route.get("repo") or cfg.get("defaultRepo") or cfg.get("repo") or ""
+    repo = repo_override or default_repo
+    token = route.get("token") or ""
+    host = base_url.removesuffix("/api/v3").replace("https://", "").replace("http://", "")
+
+    pairs = {
+        "CLAWMEM_AGENT_ID": agent_id,
+        "CLAWMEM_BASE_URL": base_url,
+        "CLAWMEM_HOST": host,
+        "CLAWMEM_DEFAULT_REPO": default_repo,
+        "CLAWMEM_REPO": repo,
+        "CLAWMEM_TOKEN": token,
+    }
+
+    for key, value in pairs.items():
+        print(f"export {key}={shlex.quote(value)}")
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

package/src/github-client.ts

@@ -6,7 +6,62 @@ type IssueResponse = { number: number; title?: string; body?: string; state?: st
 type SearchIssuesResponse = { items?: IssueResponse[]; total_count?: number; incomplete_results?: boolean };
 type CommentResponse = { id?: number; body?: string; created_at?: string };
 type LabelResponse = { name?: string; color?: string; description?: string };
-type RepoResponse = { name?: string; full_name?: string; description?: string; private?: boolean; owner?: { login?: string } };
+type PermissionMap = Record<string, boolean | undefined>;
+type RepoResponse = {
+  name?: string;
+  full_name?: string;
+  description?: string;
+  private?: boolean;
+  owner?: { login?: string };
+  permissions?: PermissionMap;
+  role_name?: string;
+};
+type OrgResponse = {
+  id?: number;
+  login?: string;
+  name?: string;
+  description?: string;
+  default_repository_permission?: string;
+};
+type TeamResponse = {
+  id?: number;
+  slug?: string;
+  name?: string;
+  description?: string;
+  privacy?: string;
+  permission?: string;
+  role_name?: string;
+  permissions?: PermissionMap;
+};
+type CollaboratorResponse = {
+  id?: number;
+  login?: string;
+  name?: string;
+  permissions?: PermissionMap;
+  role_name?: string;
+};
+type RepositoryInvitationResponse = {
+  id?: number;
+  created_at?: string;
+  permissions?: string;
+  repository?: RepoResponse;
+  invitee?: { login?: string; name?: string };
+  inviter?: { login?: string; name?: string };
+};
+type TeamMembershipResponse = { state?: string; role?: string };
+type InvitationResponse = {
+  id?: number;
+  role?: string;
+  created_at?: string;
+  expires_at?: string | null;
+  email?: string;
+  login?: string;
+  organization?: OrgResponse;
+  invitee?: { login?: string };
+  inviter?: { login?: string };
+  team_ids?: number[];
+  teams?: TeamResponse[];
+};
 type ReqOpts = { allowNotFound?: boolean; allowValidationError?: boolean; omitAuth?: boolean };
 
 export class GitHubIssueClient {
@@ -71,6 +126,130 @@ export class GitHubIssueClient {
       }),
     });
   }
+  async listUserOrgs(): Promise<OrgResponse[]> {
+    return this.req<OrgResponse[]>("user/orgs", { method: "GET" });
+  }
+  async createUserOrg(params: { login: string; name?: string; defaultRepositoryPermission?: string }): Promise<OrgResponse> {
+    return this.req<OrgResponse>("user/orgs", {
+      method: "POST",
+      body: JSON.stringify({
+        login: params.login,
+        ...(params.name ? { name: params.name } : {}),
+        ...(params.defaultRepositoryPermission ? { default_repository_permission: params.defaultRepositoryPermission } : {}),
+      }),
+    });
+  }
+  async getOrg(org: string): Promise<OrgResponse> {
+    return this.req<OrgResponse>(`orgs/${encodeURIComponent(org)}`, { method: "GET" });
+  }
+  async listOrgTeams(org: string): Promise<TeamResponse[]> {
+    return this.req<TeamResponse[]>(`orgs/${encodeURIComponent(org)}/teams`, { method: "GET" });
+  }
+  async createOrgTeam(org: string, params: { name: string; description?: string; privacy?: "closed" | "secret" }): Promise<TeamResponse> {
+    return this.req<TeamResponse>(`orgs/${encodeURIComponent(org)}/teams`, {
+      method: "POST",
+      body: JSON.stringify({
+        name: params.name,
+        ...(params.description ? { description: params.description } : {}),
+        privacy: params.privacy ?? "closed",
+      }),
+    });
+  }
+  async setTeamMembership(org: string, teamSlug: string, username: string, role: "member" | "maintainer"): Promise<TeamMembershipResponse> {
+    return this.req<TeamMembershipResponse>(
+      `orgs/${encodeURIComponent(org)}/teams/${encodeURIComponent(teamSlug)}/memberships/${encodeURIComponent(username)}`,
+      { method: "PUT", body: JSON.stringify({ role }) },
+    );
+  }
+  async removeTeamMembership(org: string, teamSlug: string, username: string): Promise<void> {
+    await this.req(
+      `orgs/${encodeURIComponent(org)}/teams/${encodeURIComponent(teamSlug)}/memberships/${encodeURIComponent(username)}`,
+      { method: "DELETE" },
+    );
+  }
+  async listTeamRepos(org: string, teamSlug: string): Promise<RepoResponse[]> {
+    return this.req<RepoResponse[]>(`orgs/${encodeURIComponent(org)}/teams/${encodeURIComponent(teamSlug)}/repos`, { method: "GET" });
+  }
+  async setTeamRepoAccess(org: string, teamSlug: string, owner: string, repo: string, permission: "read" | "write" | "admin"): Promise<void> {
+    await this.req(
+      `orgs/${encodeURIComponent(org)}/teams/${encodeURIComponent(teamSlug)}/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}`,
+      { method: "PUT", body: JSON.stringify({ permission }) },
+    );
+  }
+  async removeTeamRepoAccess(org: string, teamSlug: string, owner: string, repo: string): Promise<void> {
+    await this.req(
+      `orgs/${encodeURIComponent(org)}/teams/${encodeURIComponent(teamSlug)}/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}`,
+      { method: "DELETE" },
+    );
+  }
+  async listRepoCollaborators(owner: string, repo: string): Promise<CollaboratorResponse[]> {
+    return this.req<CollaboratorResponse[]>(
+      `repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/collaborators`,
+      { method: "GET" },
+    );
+  }
+  async listRepoInvitations(owner: string, repo: string): Promise<RepositoryInvitationResponse[]> {
+    return this.req<RepositoryInvitationResponse[]>(
+      `repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/invitations`,
+      { method: "GET" },
+    );
+  }
+  async setRepoCollaborator(owner: string, repo: string, username: string, permission: "read" | "write" | "admin"): Promise<RepositoryInvitationResponse | undefined> {
+    return this.req<RepositoryInvitationResponse>(
+      `repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/collaborators/${encodeURIComponent(username)}`,
+      { method: "PUT", body: JSON.stringify({ permission }) },
+    );
+  }
+  async removeRepoCollaborator(owner: string, repo: string, username: string): Promise<void> {
+    await this.req(
+      `repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/collaborators/${encodeURIComponent(username)}`,
+      { method: "DELETE" },
+    );
+  }
+  async getRepo(owner: string, repo: string): Promise<RepoResponse> {
+    return this.req<RepoResponse>(`repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}`, { method: "GET" });
+  }
+  async listRepoTeams(owner: string, repo: string): Promise<TeamResponse[]> {
+    return this.req<TeamResponse[]>(`repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/teams`, { method: "GET" });
+  }
+  async listUserRepoInvitations(): Promise<RepositoryInvitationResponse[]> {
+    return this.req<RepositoryInvitationResponse[]>("user/repository_invitations", { method: "GET" });
+  }
+  async acceptUserRepoInvitation(invitationId: number): Promise<void> {
+    await this.req(`user/repository_invitations/${invitationId}`, { method: "PATCH" });
+  }
+  async declineUserRepoInvitation(invitationId: number): Promise<void> {
+    await this.req(`user/repository_invitations/${invitationId}`, { method: "DELETE" });
+  }
+  async listOrgInvitations(org: string): Promise<InvitationResponse[]> {
+    return this.req<InvitationResponse[]>(`orgs/${encodeURIComponent(org)}/invitations`, { method: "GET" });
+  }
+  async createOrgInvitation(
+    org: string,
+    params: { inviteeLogin: string; role?: "member" | "admin"; teamIds?: number[]; expiresInDays?: number },
+  ): Promise<InvitationResponse> {
+    return this.req<InvitationResponse>(`orgs/${encodeURIComponent(org)}/invitations`, {
+      method: "POST",
+      body: JSON.stringify({
+        invitee_login: params.inviteeLogin,
+        role: params.role ?? "member",
+        ...(params.teamIds && params.teamIds.length > 0 ? { team_ids: params.teamIds } : {}),
+        ...(typeof params.expiresInDays === "number" ? { expires_in_days: params.expiresInDays } : {}),
+      }),
+    });
+  }
+  async listOrgOutsideCollaborators(org: string): Promise<CollaboratorResponse[]> {
+    return this.req<CollaboratorResponse[]>(`orgs/${encodeURIComponent(org)}/outside_collaborators`, { method: "GET" });
+  }
+  async listUserOrgInvitations(): Promise<InvitationResponse[]> {
+    return this.req<InvitationResponse[]>("user/organization_invitations", { method: "GET" });
+  }
+  async acceptUserOrgInvitation(invitationId: number): Promise<void> {
+    await this.req(`user/organization_invitations/${invitationId}`, { method: "PATCH" });
+  }
+  async declineUserOrgInvitation(invitationId: number): Promise<void> {
+    await this.req(`user/organization_invitations/${invitationId}`, { method: "DELETE" });
+  }
   async ensureLabels(labels: string[]): Promise<void> {
     for (const label of labels) {
       if (!label.trim()) continue;