@elizaos/agent 0.25.8 → 2.0.0-alpha.83
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -1
- package/package.json +994 -34
- package/packages/agent/src/actions/emote.d.ts +14 -0
- package/packages/agent/src/actions/emote.d.ts.map +1 -0
- package/packages/agent/src/actions/emote.js +91 -0
- package/packages/agent/src/actions/restart.d.ts +19 -0
- package/packages/agent/src/actions/restart.d.ts.map +1 -0
- package/packages/agent/src/actions/restart.js +86 -0
- package/packages/agent/src/actions/send-message.d.ts +3 -0
- package/packages/agent/src/actions/send-message.d.ts.map +1 -0
- package/packages/agent/src/actions/send-message.js +144 -0
- package/packages/agent/src/actions/stream-control.d.ts +15 -0
- package/packages/agent/src/actions/stream-control.d.ts.map +1 -0
- package/packages/agent/src/actions/stream-control.js +357 -0
- package/packages/agent/src/actions/switch-stream-source.d.ts +16 -0
- package/packages/agent/src/actions/switch-stream-source.d.ts.map +1 -0
- package/packages/agent/src/actions/switch-stream-source.js +94 -0
- package/packages/agent/src/actions/terminal.d.ts +14 -0
- package/packages/agent/src/actions/terminal.d.ts.map +1 -0
- package/packages/agent/src/actions/terminal.js +154 -0
- package/packages/agent/src/api/agent-admin-routes.d.ts +38 -0
- package/packages/agent/src/api/agent-admin-routes.d.ts.map +1 -0
- package/packages/agent/src/api/agent-admin-routes.js +93 -0
- package/packages/agent/src/api/agent-lifecycle-routes.d.ts +16 -0
- package/packages/agent/src/api/agent-lifecycle-routes.d.ts.map +1 -0
- package/packages/agent/src/api/agent-lifecycle-routes.js +80 -0
- package/packages/agent/src/api/agent-model.d.ts +12 -0
- package/packages/agent/src/api/agent-model.d.ts.map +1 -0
- package/packages/agent/src/api/agent-model.js +123 -0
- package/packages/agent/src/api/agent-transfer-routes.d.ts +16 -0
- package/packages/agent/src/api/agent-transfer-routes.d.ts.map +1 -0
- package/packages/agent/src/api/agent-transfer-routes.js +124 -0
- package/packages/agent/src/api/apps-routes.d.ts +19 -0
- package/packages/agent/src/api/apps-routes.d.ts.map +1 -0
- package/packages/agent/src/api/apps-routes.js +128 -0
- package/packages/agent/src/api/auth-routes.d.ts +11 -0
- package/packages/agent/src/api/auth-routes.d.ts.map +1 -0
- package/packages/agent/src/api/auth-routes.js +54 -0
- package/packages/agent/src/api/bsc-trade.d.ts +34 -0
- package/packages/agent/src/api/bsc-trade.d.ts.map +1 -0
- package/packages/agent/src/api/bsc-trade.js +567 -0
- package/packages/agent/src/api/bug-report-routes.d.ts +7 -0
- package/packages/agent/src/api/bug-report-routes.d.ts.map +1 -0
- package/packages/agent/src/api/bug-report-routes.js +124 -0
- package/packages/agent/src/api/character-routes.d.ts +50 -0
- package/packages/agent/src/api/character-routes.d.ts.map +1 -0
- package/packages/agent/src/api/character-routes.js +302 -0
- package/packages/agent/src/api/cloud-billing-routes.d.ts +14 -0
- package/packages/agent/src/api/cloud-billing-routes.d.ts.map +1 -0
- package/packages/agent/src/api/cloud-billing-routes.js +400 -0
- package/packages/agent/src/api/cloud-compat-routes.d.ts +15 -0
- package/packages/agent/src/api/cloud-compat-routes.d.ts.map +1 -0
- package/packages/agent/src/api/cloud-compat-routes.js +131 -0
- package/packages/agent/src/api/cloud-routes.d.ts +62 -0
- package/packages/agent/src/api/cloud-routes.d.ts.map +1 -0
- package/packages/agent/src/api/cloud-routes.js +339 -0
- package/packages/agent/src/api/cloud-status-routes.d.ts +15 -0
- package/packages/agent/src/api/cloud-status-routes.d.ts.map +1 -0
- package/packages/agent/src/api/cloud-status-routes.js +165 -0
- package/packages/agent/src/api/compat-utils.d.ts +49 -0
- package/packages/agent/src/api/compat-utils.d.ts.map +1 -0
- package/packages/agent/src/api/compat-utils.js +126 -0
- package/packages/agent/src/api/connector-health.d.ts +34 -0
- package/packages/agent/src/api/connector-health.d.ts.map +1 -0
- package/packages/agent/src/api/connector-health.js +109 -0
- package/packages/agent/src/api/coordinator-wiring.d.ts +46 -0
- package/packages/agent/src/api/coordinator-wiring.d.ts.map +1 -0
- package/packages/agent/src/api/coordinator-wiring.js +101 -0
- package/packages/agent/src/api/credit-detection.d.ts +9 -0
- package/packages/agent/src/api/credit-detection.d.ts.map +1 -0
- package/packages/agent/src/api/credit-detection.js +41 -0
- package/packages/agent/src/api/database.d.ts +33 -0
- package/packages/agent/src/api/database.d.ts.map +1 -0
- package/packages/agent/src/api/database.js +1019 -0
- package/packages/agent/src/api/diagnostics-routes.d.ts +46 -0
- package/packages/agent/src/api/diagnostics-routes.d.ts.map +1 -0
- package/packages/agent/src/api/diagnostics-routes.js +241 -0
- package/packages/agent/src/api/drop-service.d.ts +26 -0
- package/packages/agent/src/api/drop-service.d.ts.map +1 -0
- package/packages/agent/src/api/drop-service.js +134 -0
- package/packages/agent/src/api/early-logs.d.ts +29 -0
- package/packages/agent/src/api/early-logs.d.ts.map +1 -0
- package/packages/agent/src/api/early-logs.js +96 -0
- package/packages/agent/src/api/http-helpers.d.ts +50 -0
- package/packages/agent/src/api/http-helpers.d.ts.map +1 -0
- package/packages/agent/src/api/http-helpers.js +145 -0
- package/packages/agent/src/api/index.d.ts +61 -0
- package/packages/agent/src/api/index.d.ts.map +1 -0
- package/packages/agent/src/api/index.js +59 -0
- package/packages/agent/src/api/knowledge-routes.d.ts +23 -0
- package/packages/agent/src/api/knowledge-routes.d.ts.map +1 -0
- package/packages/agent/src/api/knowledge-routes.js +931 -0
- package/packages/agent/src/api/knowledge-service-loader.d.ts +51 -0
- package/packages/agent/src/api/knowledge-service-loader.d.ts.map +1 -0
- package/packages/agent/src/api/knowledge-service-loader.js +34 -0
- package/packages/agent/src/api/memory-bounds.d.ts +51 -0
- package/packages/agent/src/api/memory-bounds.d.ts.map +1 -0
- package/packages/agent/src/api/memory-bounds.js +81 -0
- package/packages/agent/src/api/memory-routes.d.ts +9 -0
- package/packages/agent/src/api/memory-routes.d.ts.map +1 -0
- package/packages/agent/src/api/memory-routes.js +241 -0
- package/packages/agent/src/api/merkle-tree.d.ts +90 -0
- package/packages/agent/src/api/merkle-tree.d.ts.map +1 -0
- package/packages/agent/src/api/merkle-tree.js +174 -0
- package/packages/agent/src/api/models-routes.d.ts +14 -0
- package/packages/agent/src/api/models-routes.d.ts.map +1 -0
- package/packages/agent/src/api/models-routes.js +37 -0
- package/packages/agent/src/api/nfa-routes.d.ts +5 -0
- package/packages/agent/src/api/nfa-routes.d.ts.map +1 -0
- package/packages/agent/src/api/nfa-routes.js +125 -0
- package/packages/agent/src/api/og-tracker.d.ts +28 -0
- package/packages/agent/src/api/og-tracker.d.ts.map +1 -0
- package/packages/agent/src/api/og-tracker.js +60 -0
- package/packages/agent/src/api/parse-action-block.d.ts +36 -0
- package/packages/agent/src/api/parse-action-block.d.ts.map +1 -0
- package/packages/agent/src/api/parse-action-block.js +110 -0
- package/packages/agent/src/api/permissions-routes.d.ts +32 -0
- package/packages/agent/src/api/permissions-routes.d.ts.map +1 -0
- package/packages/agent/src/api/permissions-routes.js +149 -0
- package/packages/agent/src/api/plugin-validation.d.ts +86 -0
- package/packages/agent/src/api/plugin-validation.d.ts.map +1 -0
- package/packages/agent/src/api/plugin-validation.js +259 -0
- package/packages/agent/src/api/provider-switch-config.d.ts +37 -0
- package/packages/agent/src/api/provider-switch-config.d.ts.map +1 -0
- package/packages/agent/src/api/provider-switch-config.js +317 -0
- package/packages/agent/src/api/registry-routes.d.ts +26 -0
- package/packages/agent/src/api/registry-routes.d.ts.map +1 -0
- package/packages/agent/src/api/registry-routes.js +90 -0
- package/packages/agent/src/api/registry-service.d.ts +77 -0
- package/packages/agent/src/api/registry-service.d.ts.map +1 -0
- package/packages/agent/src/api/registry-service.js +190 -0
- package/packages/agent/src/api/route-helpers.d.ts +16 -0
- package/packages/agent/src/api/route-helpers.d.ts.map +1 -0
- package/packages/agent/src/api/route-helpers.js +1 -0
- package/packages/agent/src/api/sandbox-routes.d.ts +12 -0
- package/packages/agent/src/api/sandbox-routes.d.ts.map +1 -0
- package/packages/agent/src/api/sandbox-routes.js +1334 -0
- package/packages/agent/src/api/server.d.ts +418 -0
- package/packages/agent/src/api/server.d.ts.map +1 -0
- package/packages/agent/src/api/server.js +13614 -0
- package/packages/agent/src/api/signal-routes.d.ts +39 -0
- package/packages/agent/src/api/signal-routes.d.ts.map +1 -0
- package/packages/agent/src/api/signal-routes.js +168 -0
- package/packages/agent/src/api/stream-persistence.d.ts +64 -0
- package/packages/agent/src/api/stream-persistence.d.ts.map +1 -0
- package/packages/agent/src/api/stream-persistence.js +231 -0
- package/packages/agent/src/api/stream-route-state.d.ts +50 -0
- package/packages/agent/src/api/stream-route-state.d.ts.map +1 -0
- package/packages/agent/src/api/stream-route-state.js +1 -0
- package/packages/agent/src/api/stream-routes.d.ts +45 -0
- package/packages/agent/src/api/stream-routes.d.ts.map +1 -0
- package/packages/agent/src/api/stream-routes.js +809 -0
- package/packages/agent/src/api/stream-voice-routes.d.ts +36 -0
- package/packages/agent/src/api/stream-voice-routes.d.ts.map +1 -0
- package/packages/agent/src/api/stream-voice-routes.js +133 -0
- package/packages/agent/src/api/streaming-text.d.ts +9 -0
- package/packages/agent/src/api/streaming-text.d.ts.map +1 -0
- package/packages/agent/src/api/streaming-text.js +85 -0
- package/packages/agent/src/api/streaming-types.d.ts +30 -0
- package/packages/agent/src/api/streaming-types.d.ts.map +1 -0
- package/packages/agent/src/api/streaming-types.js +1 -0
- package/packages/agent/src/api/subscription-routes.d.ts +20 -0
- package/packages/agent/src/api/subscription-routes.d.ts.map +1 -0
- package/packages/agent/src/api/subscription-routes.js +191 -0
- package/packages/agent/src/api/terminal-run-limits.d.ts +5 -0
- package/packages/agent/src/api/terminal-run-limits.d.ts.map +1 -0
- package/packages/agent/src/api/terminal-run-limits.js +22 -0
- package/packages/agent/src/api/training-backend-check.d.ts +8 -0
- package/packages/agent/src/api/training-backend-check.d.ts.map +1 -0
- package/packages/agent/src/api/training-backend-check.js +28 -0
- package/packages/agent/src/api/training-routes.d.ts +44 -0
- package/packages/agent/src/api/training-routes.d.ts.map +1 -0
- package/packages/agent/src/api/training-routes.js +195 -0
- package/packages/agent/src/api/training-service-like.d.ts +38 -0
- package/packages/agent/src/api/training-service-like.d.ts.map +1 -0
- package/packages/agent/src/api/training-service-like.js +1 -0
- package/packages/agent/src/api/trajectory-routes.d.ts +17 -0
- package/packages/agent/src/api/trajectory-routes.d.ts.map +1 -0
- package/packages/agent/src/api/trajectory-routes.js +405 -0
- package/packages/agent/src/api/trigger-routes.d.ts +72 -0
- package/packages/agent/src/api/trigger-routes.d.ts.map +1 -0
- package/packages/agent/src/api/trigger-routes.js +268 -0
- package/packages/agent/src/api/twitter-verify.d.ts +25 -0
- package/packages/agent/src/api/twitter-verify.d.ts.map +1 -0
- package/packages/agent/src/api/twitter-verify.js +168 -0
- package/packages/agent/src/api/tx-service.d.ts +47 -0
- package/packages/agent/src/api/tx-service.d.ts.map +1 -0
- package/packages/agent/src/api/tx-service.js +156 -0
- package/packages/agent/src/api/wallet-dex-prices.d.ts +43 -0
- package/packages/agent/src/api/wallet-dex-prices.d.ts.map +1 -0
- package/packages/agent/src/api/wallet-dex-prices.js +149 -0
- package/packages/agent/src/api/wallet-evm-balance.d.ts +65 -0
- package/packages/agent/src/api/wallet-evm-balance.d.ts.map +1 -0
- package/packages/agent/src/api/wallet-evm-balance.js +663 -0
- package/packages/agent/src/api/wallet-routes.d.ts +33 -0
- package/packages/agent/src/api/wallet-routes.d.ts.map +1 -0
- package/packages/agent/src/api/wallet-routes.js +292 -0
- package/packages/agent/src/api/wallet-rpc.d.ts +61 -0
- package/packages/agent/src/api/wallet-rpc.d.ts.map +1 -0
- package/packages/agent/src/api/wallet-rpc.js +367 -0
- package/packages/agent/src/api/wallet-trading-profile.d.ts +51 -0
- package/packages/agent/src/api/wallet-trading-profile.d.ts.map +1 -0
- package/packages/agent/src/api/wallet-trading-profile.js +547 -0
- package/packages/agent/src/api/wallet.d.ts +31 -0
- package/packages/agent/src/api/wallet.d.ts.map +1 -0
- package/packages/agent/src/api/wallet.js +513 -0
- package/packages/agent/src/api/whatsapp-routes.d.ts +39 -0
- package/packages/agent/src/api/whatsapp-routes.d.ts.map +1 -0
- package/packages/agent/src/api/whatsapp-routes.js +182 -0
- package/packages/agent/src/api/zip-utils.d.ts +8 -0
- package/packages/agent/src/api/zip-utils.d.ts.map +1 -0
- package/packages/agent/src/api/zip-utils.js +115 -0
- package/packages/agent/src/auth/anthropic.d.ts +25 -0
- package/packages/agent/src/auth/anthropic.d.ts.map +1 -0
- package/packages/agent/src/auth/anthropic.js +40 -0
- package/packages/agent/src/auth/apply-stealth.d.ts +8 -0
- package/packages/agent/src/auth/apply-stealth.d.ts.map +1 -0
- package/packages/agent/src/auth/apply-stealth.js +35 -0
- package/packages/agent/src/auth/claude-code-stealth.d.ts +2 -0
- package/packages/agent/src/auth/claude-code-stealth.d.ts.map +1 -0
- package/packages/agent/src/auth/claude-code-stealth.js +104 -0
- package/packages/agent/src/auth/credentials.d.ts +55 -0
- package/packages/agent/src/auth/credentials.d.ts.map +1 -0
- package/packages/agent/src/auth/credentials.js +182 -0
- package/packages/agent/src/auth/index.d.ts +7 -0
- package/packages/agent/src/auth/index.d.ts.map +1 -0
- package/packages/agent/src/auth/index.js +3 -0
- package/packages/agent/src/auth/openai-codex.d.ts +27 -0
- package/packages/agent/src/auth/openai-codex.d.ts.map +1 -0
- package/packages/agent/src/auth/openai-codex.js +72 -0
- package/packages/agent/src/auth/types.d.ts +18 -0
- package/packages/agent/src/auth/types.d.ts.map +1 -0
- package/packages/agent/src/auth/types.js +8 -0
- package/packages/agent/src/awareness/registry.d.ts +27 -0
- package/packages/agent/src/awareness/registry.d.ts.map +1 -0
- package/packages/agent/src/awareness/registry.js +161 -0
- package/packages/agent/src/benchmark-server.d.ts +2 -0
- package/packages/agent/src/benchmark-server.d.ts.map +1 -0
- package/packages/agent/src/benchmark-server.js +773 -0
- package/packages/agent/src/bin.d.ts +3 -0
- package/packages/agent/src/bin.d.ts.map +1 -0
- package/packages/agent/src/bin.js +6 -0
- package/packages/agent/src/cli/index.d.ts +2 -0
- package/packages/agent/src/cli/index.d.ts.map +1 -0
- package/packages/agent/src/cli/index.js +40 -0
- package/packages/agent/src/cli/parse-duration.d.ts +5 -0
- package/packages/agent/src/cli/parse-duration.d.ts.map +1 -0
- package/packages/agent/src/cli/parse-duration.js +27 -0
- package/packages/agent/src/cloud/auth.d.ts +19 -0
- package/packages/agent/src/cloud/auth.d.ts.map +1 -0
- package/packages/agent/src/cloud/auth.js +107 -0
- package/packages/agent/src/cloud/backup.d.ts +18 -0
- package/packages/agent/src/cloud/backup.d.ts.map +1 -0
- package/packages/agent/src/cloud/backup.js +42 -0
- package/packages/agent/src/cloud/base-url.d.ts +3 -0
- package/packages/agent/src/cloud/base-url.d.ts.map +1 -0
- package/packages/agent/src/cloud/base-url.js +40 -0
- package/packages/agent/src/cloud/bridge-client.d.ts +56 -0
- package/packages/agent/src/cloud/bridge-client.d.ts.map +1 -0
- package/packages/agent/src/cloud/bridge-client.js +190 -0
- package/packages/agent/src/cloud/cloud-manager.d.ts +32 -0
- package/packages/agent/src/cloud/cloud-manager.d.ts.map +1 -0
- package/packages/agent/src/cloud/cloud-manager.js +119 -0
- package/packages/agent/src/cloud/cloud-proxy.d.ts +20 -0
- package/packages/agent/src/cloud/cloud-proxy.d.ts.map +1 -0
- package/packages/agent/src/cloud/cloud-proxy.js +34 -0
- package/packages/agent/src/cloud/index.d.ts +7 -0
- package/packages/agent/src/cloud/index.d.ts.map +1 -0
- package/packages/agent/src/cloud/index.js +6 -0
- package/packages/agent/src/cloud/reconnect.d.ts +26 -0
- package/packages/agent/src/cloud/reconnect.d.ts.map +1 -0
- package/packages/agent/src/cloud/reconnect.js +86 -0
- package/packages/agent/src/cloud/validate-url.d.ts +2 -0
- package/packages/agent/src/cloud/validate-url.d.ts.map +1 -0
- package/packages/agent/src/cloud/validate-url.js +162 -0
- package/packages/agent/src/config/character-schema.d.ts +25 -0
- package/packages/agent/src/config/character-schema.d.ts.map +1 -0
- package/packages/agent/src/config/character-schema.js +39 -0
- package/packages/agent/src/config/config.d.ts +6 -0
- package/packages/agent/src/config/config.d.ts.map +1 -0
- package/packages/agent/src/config/config.js +118 -0
- package/packages/agent/src/config/env-vars.d.ts +3 -0
- package/packages/agent/src/config/env-vars.d.ts.map +1 -0
- package/packages/agent/src/config/env-vars.js +76 -0
- package/packages/agent/src/config/includes.d.ts +26 -0
- package/packages/agent/src/config/includes.d.ts.map +1 -0
- package/packages/agent/src/config/includes.js +148 -0
- package/packages/agent/src/config/index.d.ts +16 -0
- package/packages/agent/src/config/index.d.ts.map +1 -0
- package/packages/agent/src/config/index.js +15 -0
- package/packages/agent/src/config/object-utils.d.ts +2 -0
- package/packages/agent/src/config/object-utils.d.ts.map +1 -0
- package/packages/agent/src/config/object-utils.js +6 -0
- package/packages/agent/src/config/paths.d.ts +13 -0
- package/packages/agent/src/config/paths.d.ts.map +1 -0
- package/packages/agent/src/config/paths.js +67 -0
- package/packages/agent/src/config/plugin-auto-enable.d.ts +16 -0
- package/packages/agent/src/config/plugin-auto-enable.d.ts.map +1 -0
- package/packages/agent/src/config/plugin-auto-enable.js +384 -0
- package/packages/agent/src/config/schema.d.ts +87 -0
- package/packages/agent/src/config/schema.d.ts.map +1 -0
- package/packages/agent/src/config/schema.js +928 -0
- package/packages/agent/src/config/telegram-custom-commands.d.ts +25 -0
- package/packages/agent/src/config/telegram-custom-commands.d.ts.map +1 -0
- package/packages/agent/src/config/telegram-custom-commands.js +71 -0
- package/packages/agent/src/config/types.agent-defaults.d.ts +331 -0
- package/packages/agent/src/config/types.agent-defaults.d.ts.map +1 -0
- package/packages/agent/src/config/types.agent-defaults.js +1 -0
- package/packages/agent/src/config/types.agents.d.ts +110 -0
- package/packages/agent/src/config/types.agents.d.ts.map +1 -0
- package/packages/agent/src/config/types.agents.js +1 -0
- package/packages/agent/src/config/types.d.ts +8 -0
- package/packages/agent/src/config/types.d.ts.map +1 -0
- package/packages/agent/src/config/types.eliza.d.ts +636 -0
- package/packages/agent/src/config/types.eliza.d.ts.map +1 -0
- package/packages/agent/src/config/types.eliza.js +1 -0
- package/packages/agent/src/config/types.gateway.d.ts +216 -0
- package/packages/agent/src/config/types.gateway.d.ts.map +1 -0
- package/packages/agent/src/config/types.gateway.js +1 -0
- package/packages/agent/src/config/types.hooks.d.ts +107 -0
- package/packages/agent/src/config/types.hooks.d.ts.map +1 -0
- package/packages/agent/src/config/types.hooks.js +1 -0
- package/packages/agent/src/config/types.js +7 -0
- package/packages/agent/src/config/types.messages.d.ts +176 -0
- package/packages/agent/src/config/types.messages.d.ts.map +1 -0
- package/packages/agent/src/config/types.messages.js +1 -0
- package/packages/agent/src/config/types.tools.d.ts +400 -0
- package/packages/agent/src/config/types.tools.d.ts.map +1 -0
- package/packages/agent/src/config/types.tools.js +1 -0
- package/packages/agent/src/config/zod-schema.agent-runtime.d.ts +1062 -0
- package/packages/agent/src/config/zod-schema.agent-runtime.d.ts.map +1 -0
- package/packages/agent/src/config/zod-schema.agent-runtime.js +721 -0
- package/packages/agent/src/config/zod-schema.core.d.ts +1021 -0
- package/packages/agent/src/config/zod-schema.core.d.ts.map +1 -0
- package/packages/agent/src/config/zod-schema.core.js +694 -0
- package/packages/agent/src/config/zod-schema.d.ts +4817 -0
- package/packages/agent/src/config/zod-schema.d.ts.map +1 -0
- package/packages/agent/src/config/zod-schema.hooks.d.ts +88 -0
- package/packages/agent/src/config/zod-schema.hooks.d.ts.map +1 -0
- package/packages/agent/src/config/zod-schema.hooks.js +133 -0
- package/packages/agent/src/config/zod-schema.js +778 -0
- package/packages/agent/src/config/zod-schema.providers-core.d.ts +2976 -0
- package/packages/agent/src/config/zod-schema.providers-core.d.ts.map +1 -0
- package/packages/agent/src/config/zod-schema.providers-core.js +1006 -0
- package/packages/agent/src/config/zod-schema.session.d.ts +183 -0
- package/packages/agent/src/config/zod-schema.session.d.ts.map +1 -0
- package/packages/agent/src/config/zod-schema.session.js +86 -0
- package/packages/agent/src/contracts/apps.d.ts +42 -0
- package/packages/agent/src/contracts/apps.d.ts.map +1 -0
- package/packages/agent/src/contracts/apps.js +4 -0
- package/packages/agent/src/contracts/awareness.d.ts +38 -0
- package/packages/agent/src/contracts/awareness.d.ts.map +1 -0
- package/packages/agent/src/contracts/awareness.js +7 -0
- package/packages/agent/src/contracts/config.d.ts +146 -0
- package/packages/agent/src/contracts/config.d.ts.map +1 -0
- package/packages/agent/src/contracts/config.js +4 -0
- package/packages/agent/src/contracts/drop.d.ts +20 -0
- package/packages/agent/src/contracts/drop.d.ts.map +1 -0
- package/packages/agent/src/contracts/drop.js +4 -0
- package/packages/agent/src/contracts/index.d.ts +9 -0
- package/packages/agent/src/contracts/index.d.ts.map +1 -0
- package/packages/agent/src/contracts/index.js +8 -0
- package/packages/agent/src/contracts/onboarding.d.ts +379 -0
- package/packages/agent/src/contracts/onboarding.d.ts.map +1 -0
- package/packages/agent/src/contracts/onboarding.js +290 -0
- package/packages/agent/src/contracts/permissions.d.ts +35 -0
- package/packages/agent/src/contracts/permissions.d.ts.map +1 -0
- package/packages/agent/src/contracts/permissions.js +4 -0
- package/packages/agent/src/contracts/verification.d.ts +9 -0
- package/packages/agent/src/contracts/verification.d.ts.map +1 -0
- package/packages/agent/src/contracts/verification.js +4 -0
- package/packages/agent/src/contracts/wallet.d.ts +409 -0
- package/packages/agent/src/contracts/wallet.d.ts.map +1 -0
- package/packages/agent/src/contracts/wallet.js +60 -0
- package/packages/agent/src/diagnostics/integration-observability.d.ts +40 -0
- package/packages/agent/src/diagnostics/integration-observability.d.ts.map +1 -0
- package/packages/agent/src/diagnostics/integration-observability.js +68 -0
- package/packages/agent/src/emotes/catalog.d.ts +31 -0
- package/packages/agent/src/emotes/catalog.d.ts.map +1 -0
- package/packages/agent/src/emotes/catalog.js +618 -0
- package/packages/agent/src/hooks/discovery.d.ts +13 -0
- package/packages/agent/src/hooks/discovery.d.ts.map +1 -0
- package/packages/agent/src/hooks/discovery.js +184 -0
- package/packages/agent/src/hooks/eligibility.d.ts +12 -0
- package/packages/agent/src/hooks/eligibility.d.ts.map +1 -0
- package/packages/agent/src/hooks/eligibility.js +100 -0
- package/packages/agent/src/hooks/index.d.ts +3 -0
- package/packages/agent/src/hooks/index.d.ts.map +1 -0
- package/packages/agent/src/hooks/index.js +2 -0
- package/packages/agent/src/hooks/loader.d.ts +34 -0
- package/packages/agent/src/hooks/loader.d.ts.map +1 -0
- package/packages/agent/src/hooks/loader.js +176 -0
- package/packages/agent/src/hooks/registry.d.ts +11 -0
- package/packages/agent/src/hooks/registry.d.ts.map +1 -0
- package/packages/agent/src/hooks/registry.js +58 -0
- package/packages/agent/src/hooks/types.d.ts +104 -0
- package/packages/agent/src/hooks/types.d.ts.map +1 -0
- package/packages/agent/src/hooks/types.js +8 -0
- package/packages/agent/src/index.d.ts +20 -0
- package/packages/agent/src/index.d.ts.map +1 -0
- package/packages/agent/src/index.js +19 -0
- package/packages/agent/src/onboarding-presets.d.ts +78 -0
- package/packages/agent/src/onboarding-presets.d.ts.map +1 -0
- package/packages/agent/src/onboarding-presets.js +1352 -0
- package/packages/agent/src/plugins/custom-rtmp/index.d.ts +12 -0
- package/packages/agent/src/plugins/custom-rtmp/index.d.ts.map +1 -0
- package/packages/agent/src/plugins/custom-rtmp/index.js +26 -0
- package/packages/agent/src/providers/admin-trust.d.ts +4 -0
- package/packages/agent/src/providers/admin-trust.d.ts.map +1 -0
- package/packages/agent/src/providers/admin-trust.js +53 -0
- package/packages/agent/src/providers/session-bridge.d.ts +24 -0
- package/packages/agent/src/providers/session-bridge.d.ts.map +1 -0
- package/packages/agent/src/providers/session-bridge.js +85 -0
- package/packages/agent/src/providers/session-utils.d.ts +20 -0
- package/packages/agent/src/providers/session-utils.d.ts.map +1 -0
- package/packages/agent/src/providers/session-utils.js +33 -0
- package/packages/agent/src/providers/simple-mode.d.ts +4 -0
- package/packages/agent/src/providers/simple-mode.d.ts.map +1 -0
- package/packages/agent/src/providers/simple-mode.js +85 -0
- package/packages/agent/src/providers/ui-catalog.d.ts +3 -0
- package/packages/agent/src/providers/ui-catalog.d.ts.map +1 -0
- package/packages/agent/src/providers/ui-catalog.js +123 -0
- package/packages/agent/src/providers/workspace-provider.d.ts +22 -0
- package/packages/agent/src/providers/workspace-provider.d.ts.map +1 -0
- package/packages/agent/src/providers/workspace-provider.js +167 -0
- package/packages/agent/src/providers/workspace.d.ts +54 -0
- package/packages/agent/src/providers/workspace.d.ts.map +1 -0
- package/packages/agent/src/providers/workspace.js +405 -0
- package/packages/agent/src/runtime/agent-event-service.d.ts +35 -0
- package/packages/agent/src/runtime/agent-event-service.d.ts.map +1 -0
- package/packages/agent/src/runtime/agent-event-service.js +16 -0
- package/packages/agent/src/runtime/cloud-onboarding.d.ts +55 -0
- package/packages/agent/src/runtime/cloud-onboarding.d.ts.map +1 -0
- package/packages/agent/src/runtime/cloud-onboarding.js +279 -0
- package/packages/agent/src/runtime/core-plugins.d.ts +14 -0
- package/packages/agent/src/runtime/core-plugins.d.ts.map +1 -0
- package/packages/agent/src/runtime/core-plugins.js +51 -0
- package/packages/agent/src/runtime/custom-actions.d.ts +40 -0
- package/packages/agent/src/runtime/custom-actions.d.ts.map +1 -0
- package/packages/agent/src/runtime/custom-actions.js +454 -0
- package/packages/agent/src/runtime/eliza-plugin.d.ts +16 -0
- package/packages/agent/src/runtime/eliza-plugin.d.ts.map +1 -0
- package/packages/agent/src/runtime/eliza-plugin.js +108 -0
- package/packages/agent/src/runtime/eliza.d.ts +205 -0
- package/packages/agent/src/runtime/eliza.d.ts.map +1 -0
- package/packages/agent/src/runtime/eliza.js +3935 -0
- package/packages/agent/src/runtime/embedding-presets.d.ts +19 -0
- package/packages/agent/src/runtime/embedding-presets.d.ts.map +1 -0
- package/packages/agent/src/runtime/embedding-presets.js +53 -0
- package/packages/agent/src/runtime/index.d.ts +9 -0
- package/packages/agent/src/runtime/index.d.ts.map +1 -0
- package/packages/agent/src/runtime/index.js +8 -0
- package/packages/agent/src/runtime/onboarding-names.d.ts +11 -0
- package/packages/agent/src/runtime/onboarding-names.d.ts.map +1 -0
- package/packages/agent/src/runtime/onboarding-names.js +74 -0
- package/packages/agent/src/runtime/release-plugin-policy.d.ts +20 -0
- package/packages/agent/src/runtime/release-plugin-policy.d.ts.map +1 -0
- package/packages/agent/src/runtime/release-plugin-policy.js +87 -0
- package/packages/agent/src/runtime/restart.d.ts +45 -0
- package/packages/agent/src/runtime/restart.d.ts.map +1 -0
- package/packages/agent/src/runtime/restart.js +45 -0
- package/packages/agent/src/runtime/trajectory-persistence.d.ts +214 -0
- package/packages/agent/src/runtime/trajectory-persistence.d.ts.map +1 -0
- package/packages/agent/src/runtime/trajectory-persistence.js +1957 -0
- package/packages/agent/src/runtime/version.d.ts +2 -0
- package/packages/agent/src/runtime/version.d.ts.map +1 -0
- package/packages/agent/src/runtime/version.js +5 -0
- package/packages/agent/src/security/audit-log.d.ts +49 -0
- package/packages/agent/src/security/audit-log.d.ts.map +1 -0
- package/packages/agent/src/security/audit-log.js +161 -0
- package/packages/agent/src/security/network-policy.d.ts +6 -0
- package/packages/agent/src/security/network-policy.d.ts.map +1 -0
- package/packages/agent/src/security/network-policy.js +85 -0
- package/packages/agent/src/server/index.d.ts +3 -0
- package/packages/agent/src/server/index.d.ts.map +1 -0
- package/packages/agent/src/server/index.js +1 -0
- package/packages/agent/src/services/agent-export.d.ts +100 -0
- package/packages/agent/src/services/agent-export.d.ts.map +1 -0
- package/packages/agent/src/services/agent-export.js +729 -0
- package/packages/agent/src/services/app-manager.d.ts +34 -0
- package/packages/agent/src/services/app-manager.d.ts.map +1 -0
- package/packages/agent/src/services/app-manager.js +425 -0
- package/packages/agent/src/services/browser-capture.d.ts +39 -0
- package/packages/agent/src/services/browser-capture.d.ts.map +1 -0
- package/packages/agent/src/services/browser-capture.js +162 -0
- package/packages/agent/src/services/coding-agent-context.d.ts +310 -0
- package/packages/agent/src/services/coding-agent-context.d.ts.map +1 -0
- package/packages/agent/src/services/coding-agent-context.js +281 -0
- package/packages/agent/src/services/fallback-training-service.d.ts +78 -0
- package/packages/agent/src/services/fallback-training-service.d.ts.map +1 -0
- package/packages/agent/src/services/fallback-training-service.js +126 -0
- package/packages/agent/src/services/index.d.ts +18 -0
- package/packages/agent/src/services/index.d.ts.map +1 -0
- package/packages/agent/src/services/index.js +17 -0
- package/packages/agent/src/services/mcp-marketplace.d.ts +89 -0
- package/packages/agent/src/services/mcp-marketplace.d.ts.map +1 -0
- package/packages/agent/src/services/mcp-marketplace.js +200 -0
- package/packages/agent/src/services/plugin-manager-types.d.ts +139 -0
- package/packages/agent/src/services/plugin-manager-types.d.ts.map +1 -0
- package/packages/agent/src/services/plugin-manager-types.js +18 -0
- package/packages/agent/src/services/privy-wallets.d.ts +18 -0
- package/packages/agent/src/services/privy-wallets.d.ts.map +1 -0
- package/packages/agent/src/services/privy-wallets.js +225 -0
- package/packages/agent/src/services/registry-client-app-meta.d.ts +6 -0
- package/packages/agent/src/services/registry-client-app-meta.d.ts.map +1 -0
- package/packages/agent/src/services/registry-client-app-meta.js +147 -0
- package/packages/agent/src/services/registry-client-endpoints.d.ts +7 -0
- package/packages/agent/src/services/registry-client-endpoints.d.ts.map +1 -0
- package/packages/agent/src/services/registry-client-endpoints.js +183 -0
- package/packages/agent/src/services/registry-client-local.d.ts +4 -0
- package/packages/agent/src/services/registry-client-local.d.ts.map +1 -0
- package/packages/agent/src/services/registry-client-local.js +377 -0
- package/packages/agent/src/services/registry-client-network.d.ts +9 -0
- package/packages/agent/src/services/registry-client-network.d.ts.map +1 -0
- package/packages/agent/src/services/registry-client-network.js +109 -0
- package/packages/agent/src/services/registry-client-queries.d.ts +15 -0
- package/packages/agent/src/services/registry-client-queries.d.ts.map +1 -0
- package/packages/agent/src/services/registry-client-queries.js +150 -0
- package/packages/agent/src/services/registry-client-types.d.ts +115 -0
- package/packages/agent/src/services/registry-client-types.d.ts.map +1 -0
- package/packages/agent/src/services/registry-client-types.js +1 -0
- package/packages/agent/src/services/registry-client.d.ts +39 -0
- package/packages/agent/src/services/registry-client.d.ts.map +1 -0
- package/packages/agent/src/services/registry-client.js +249 -0
- package/packages/agent/src/services/remote-signing-service.d.ts +58 -0
- package/packages/agent/src/services/remote-signing-service.d.ts.map +1 -0
- package/packages/agent/src/services/remote-signing-service.js +185 -0
- package/packages/agent/src/services/sandbox-engine.d.ts +96 -0
- package/packages/agent/src/services/sandbox-engine.d.ts.map +1 -0
- package/packages/agent/src/services/sandbox-engine.js +604 -0
- package/packages/agent/src/services/sandbox-manager.d.ts +104 -0
- package/packages/agent/src/services/sandbox-manager.d.ts.map +1 -0
- package/packages/agent/src/services/sandbox-manager.js +353 -0
- package/packages/agent/src/services/self-updater.d.ts +21 -0
- package/packages/agent/src/services/self-updater.d.ts.map +1 -0
- package/packages/agent/src/services/self-updater.js +162 -0
- package/packages/agent/src/services/signal-pairing.d.ts +37 -0
- package/packages/agent/src/services/signal-pairing.d.ts.map +1 -0
- package/packages/agent/src/services/signal-pairing.js +124 -0
- package/packages/agent/src/services/signing-policy.d.ts +44 -0
- package/packages/agent/src/services/signing-policy.d.ts.map +1 -0
- package/packages/agent/src/services/signing-policy.js +165 -0
- package/packages/agent/src/services/skill-catalog-client.d.ts +47 -0
- package/packages/agent/src/services/skill-catalog-client.d.ts.map +1 -0
- package/packages/agent/src/services/skill-catalog-client.js +130 -0
- package/packages/agent/src/services/skill-marketplace.d.ts +42 -0
- package/packages/agent/src/services/skill-marketplace.d.ts.map +1 -0
- package/packages/agent/src/services/skill-marketplace.js +680 -0
- package/packages/agent/src/services/stream-manager.d.ts +121 -0
- package/packages/agent/src/services/stream-manager.d.ts.map +1 -0
- package/packages/agent/src/services/stream-manager.js +604 -0
- package/packages/agent/src/services/tts-stream-bridge.d.ts +83 -0
- package/packages/agent/src/services/tts-stream-bridge.d.ts.map +1 -0
- package/packages/agent/src/services/tts-stream-bridge.js +349 -0
- package/packages/agent/src/services/update-checker.d.ts +29 -0
- package/packages/agent/src/services/update-checker.d.ts.map +1 -0
- package/packages/agent/src/services/update-checker.js +134 -0
- package/packages/agent/src/services/version-compat.d.ts +99 -0
- package/packages/agent/src/services/version-compat.d.ts.map +1 -0
- package/packages/agent/src/services/version-compat.js +195 -0
- package/packages/agent/src/services/whatsapp-pairing.d.ts +41 -0
- package/packages/agent/src/services/whatsapp-pairing.d.ts.map +1 -0
- package/packages/agent/src/services/whatsapp-pairing.js +209 -0
- package/packages/agent/src/shared/ui-catalog-prompt.d.ts +52 -0
- package/packages/agent/src/shared/ui-catalog-prompt.d.ts.map +1 -0
- package/packages/agent/src/shared/ui-catalog-prompt.js +1028 -0
- package/packages/agent/src/test-support/process-helpers.d.ts +13 -0
- package/packages/agent/src/test-support/process-helpers.d.ts.map +1 -0
- package/packages/agent/src/test-support/process-helpers.js +23 -0
- package/packages/agent/src/test-support/route-test-helpers.d.ts +37 -0
- package/packages/agent/src/test-support/route-test-helpers.d.ts.map +1 -0
- package/packages/agent/src/test-support/route-test-helpers.js +54 -0
- package/packages/agent/src/test-support/test-helpers.d.ts +77 -0
- package/packages/agent/src/test-support/test-helpers.d.ts.map +1 -0
- package/packages/agent/src/test-support/test-helpers.js +210 -0
- package/packages/agent/src/testing/index.d.ts +4 -0
- package/packages/agent/src/testing/index.d.ts.map +1 -0
- package/packages/agent/src/testing/index.js +3 -0
- package/packages/agent/src/triggers/action.d.ts +3 -0
- package/packages/agent/src/triggers/action.d.ts.map +1 -0
- package/packages/agent/src/triggers/action.js +267 -0
- package/packages/agent/src/triggers/runtime.d.ts +24 -0
- package/packages/agent/src/triggers/runtime.d.ts.map +1 -0
- package/packages/agent/src/triggers/runtime.js +322 -0
- package/packages/agent/src/triggers/scheduling.d.ts +70 -0
- package/packages/agent/src/triggers/scheduling.d.ts.map +1 -0
- package/packages/agent/src/triggers/scheduling.js +355 -0
- package/packages/agent/src/triggers/types.d.ts +115 -0
- package/packages/agent/src/triggers/types.d.ts.map +1 -0
- package/packages/agent/src/triggers/types.js +1 -0
- package/packages/agent/src/utils/exec-safety.d.ts +2 -0
- package/packages/agent/src/utils/exec-safety.d.ts.map +1 -0
- package/packages/agent/src/utils/exec-safety.js +21 -0
- package/packages/agent/src/utils/number-parsing.d.ts +26 -0
- package/packages/agent/src/utils/number-parsing.d.ts.map +1 -0
- package/packages/agent/src/utils/number-parsing.js +52 -0
- package/packages/agent/src/utils/spoken-text.d.ts +2 -0
- package/packages/agent/src/utils/spoken-text.d.ts.map +1 -0
- package/packages/agent/src/utils/spoken-text.js +56 -0
- package/packages/agent/src/version-resolver.d.ts +3 -0
- package/packages/agent/src/version-resolver.d.ts.map +1 -0
- package/packages/agent/src/version-resolver.js +51 -0
- package/jest.config.js +0 -17
- package/src/__tests__/client-type-identification.test.ts +0 -59
- package/src/defaultCharacter.ts +0 -530
- package/src/index.ts +0 -865
- package/tsconfig.json +0 -16
|
@@ -0,0 +1,680 @@
|
|
|
1
|
+
import { execFile } from "node:child_process";
|
|
2
|
+
import fs from "node:fs/promises";
|
|
3
|
+
import os from "node:os";
|
|
4
|
+
import path from "node:path";
|
|
5
|
+
import { promisify } from "node:util";
|
|
6
|
+
import { logger } from "@elizaos/core";
|
|
7
|
+
import { createIntegrationTelemetrySpan } from "../diagnostics/integration-observability";
|
|
8
|
+
const execFileAsync = promisify(execFile);
|
|
9
|
+
const DEFAULT_SKILLS_MARKETPLACE_URL = "https://clawhub.ai";
|
|
10
|
+
const LEGACY_SKILLSMP_HOST = "skillsmp.com";
|
|
11
|
+
const VALID_NAME = /^[a-zA-Z0-9._-]+$/;
|
|
12
|
+
const VALID_GIT_REF = /^[a-zA-Z0-9][\w./-]*$/;
|
|
13
|
+
/** Timeout for git clone/sparse-checkout (shallow + sparse should be fast). */
|
|
14
|
+
const GIT_TIMEOUT_MS = 15_000;
|
|
15
|
+
/** Timeout for marketplace API fetch calls. */
|
|
16
|
+
const FETCH_TIMEOUT_MS = 30_000;
|
|
17
|
+
/**
|
|
18
|
+
* Run a security scan on a skill directory.
|
|
19
|
+
*
|
|
20
|
+
* Checks for binary files, symlink escapes, and missing SKILL.md.
|
|
21
|
+
* This is a self-contained manifest check — the full content-level scan
|
|
22
|
+
* (code + markdown patterns) is handled by the AgentSkillsService when
|
|
23
|
+
* it loads the skill. This layer catches the most dangerous structural
|
|
24
|
+
* attacks at the marketplace install boundary.
|
|
25
|
+
*/
|
|
26
|
+
async function runSkillSecurityScan(skillDir) {
|
|
27
|
+
const fsPromises = await import("node:fs/promises");
|
|
28
|
+
const pathMod = await import("node:path");
|
|
29
|
+
const findings = [];
|
|
30
|
+
const manifestFindings = [];
|
|
31
|
+
let scannedFiles = 0;
|
|
32
|
+
const BINARY_EXTENSIONS = new Set([
|
|
33
|
+
".exe",
|
|
34
|
+
".dll",
|
|
35
|
+
".so",
|
|
36
|
+
".dylib",
|
|
37
|
+
".wasm",
|
|
38
|
+
".bin",
|
|
39
|
+
".com",
|
|
40
|
+
".bat",
|
|
41
|
+
".cmd",
|
|
42
|
+
]);
|
|
43
|
+
// Walk and check
|
|
44
|
+
async function walk(dir) {
|
|
45
|
+
const entries = await fsPromises.readdir(dir, { withFileTypes: true });
|
|
46
|
+
for (const entry of entries) {
|
|
47
|
+
if (entry.name === "node_modules")
|
|
48
|
+
continue;
|
|
49
|
+
const fullPath = pathMod.join(dir, entry.name);
|
|
50
|
+
const relPath = pathMod.relative(skillDir, fullPath);
|
|
51
|
+
if (entry.isDirectory()) {
|
|
52
|
+
await walk(fullPath);
|
|
53
|
+
}
|
|
54
|
+
else if (entry.isFile()) {
|
|
55
|
+
scannedFiles++;
|
|
56
|
+
const ext = pathMod.extname(entry.name).toLowerCase();
|
|
57
|
+
if (BINARY_EXTENSIONS.has(ext)) {
|
|
58
|
+
manifestFindings.push({
|
|
59
|
+
ruleId: "binary-file",
|
|
60
|
+
severity: "critical",
|
|
61
|
+
file: relPath,
|
|
62
|
+
message: `Binary executable file detected (${ext})`,
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
else if (entry.isSymbolicLink()) {
|
|
67
|
+
const resolved = await fsPromises.realpath(fullPath).catch(() => "");
|
|
68
|
+
if (resolved && !resolved.startsWith(skillDir + pathMod.sep)) {
|
|
69
|
+
manifestFindings.push({
|
|
70
|
+
ruleId: "symlink-escape",
|
|
71
|
+
severity: "critical",
|
|
72
|
+
file: relPath,
|
|
73
|
+
message: `Symbolic link points outside skill directory`,
|
|
74
|
+
});
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
await walk(skillDir);
|
|
80
|
+
// Check SKILL.md exists
|
|
81
|
+
const skillMdPath = pathMod.join(skillDir, "SKILL.md");
|
|
82
|
+
const hasSkillMd = await fsPromises
|
|
83
|
+
.stat(skillMdPath)
|
|
84
|
+
.then((s) => s.isFile())
|
|
85
|
+
.catch(() => false);
|
|
86
|
+
if (!hasSkillMd) {
|
|
87
|
+
manifestFindings.push({
|
|
88
|
+
ruleId: "missing-skill-md",
|
|
89
|
+
severity: "critical",
|
|
90
|
+
file: "SKILL.md",
|
|
91
|
+
message: "No SKILL.md file found — invalid skill package",
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
const hasBlocking = manifestFindings.some((f) => f.ruleId === "binary-file" ||
|
|
95
|
+
f.ruleId === "symlink-escape" ||
|
|
96
|
+
f.ruleId === "missing-skill-md");
|
|
97
|
+
const critical = manifestFindings.filter((f) => f.severity === "critical").length;
|
|
98
|
+
const warn = manifestFindings.filter((f) => f.severity === "warn").length;
|
|
99
|
+
let status = "clean";
|
|
100
|
+
if (hasBlocking)
|
|
101
|
+
status = "blocked";
|
|
102
|
+
else if (critical > 0)
|
|
103
|
+
status = "critical";
|
|
104
|
+
else if (warn > 0)
|
|
105
|
+
status = "warning";
|
|
106
|
+
const report = {
|
|
107
|
+
scannedAt: new Date().toISOString(),
|
|
108
|
+
status,
|
|
109
|
+
summary: { scannedFiles, critical, warn, info: 0 },
|
|
110
|
+
findings,
|
|
111
|
+
manifestFindings,
|
|
112
|
+
skillPath: skillDir,
|
|
113
|
+
};
|
|
114
|
+
// Persist the report
|
|
115
|
+
await fsPromises.writeFile(pathMod.join(skillDir, ".scan-results.json"), JSON.stringify(report, null, 2), "utf-8");
|
|
116
|
+
return report;
|
|
117
|
+
}
|
|
118
|
+
function stateDirBase() {
|
|
119
|
+
const base = process.env.ELIZA_STATE_DIR?.trim();
|
|
120
|
+
return base || path.join(os.homedir(), ".eliza");
|
|
121
|
+
}
|
|
122
|
+
function safeName(raw) {
|
|
123
|
+
const trimmed = raw.trim();
|
|
124
|
+
const slug = trimmed
|
|
125
|
+
.replace(/[^a-zA-Z0-9._-]/g, "-")
|
|
126
|
+
.replace(/-+/g, "-")
|
|
127
|
+
.replace(/^-+|-+$/g, "");
|
|
128
|
+
if (!slug)
|
|
129
|
+
throw new Error("Invalid skill name");
|
|
130
|
+
if (!VALID_NAME.test(slug))
|
|
131
|
+
throw new Error(`Invalid skill name: ${raw}`);
|
|
132
|
+
return slug;
|
|
133
|
+
}
|
|
134
|
+
function validateGitRef(ref) {
|
|
135
|
+
if (!ref || !VALID_GIT_REF.test(ref)) {
|
|
136
|
+
throw new Error("Invalid git ref");
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
function sanitizeSkillPath(raw) {
|
|
140
|
+
const trimmed = raw.trim();
|
|
141
|
+
if (!trimmed)
|
|
142
|
+
throw new Error("Invalid skill path");
|
|
143
|
+
if (trimmed.startsWith("~"))
|
|
144
|
+
throw new Error("Invalid skill path");
|
|
145
|
+
if (path.posix.isAbsolute(trimmed) || path.win32.isAbsolute(trimmed)) {
|
|
146
|
+
throw new Error("Invalid skill path");
|
|
147
|
+
}
|
|
148
|
+
if (trimmed.includes("\\"))
|
|
149
|
+
throw new Error("Invalid skill path");
|
|
150
|
+
const cleaned = trimmed.replace(/^\/+/, "");
|
|
151
|
+
if (!cleaned)
|
|
152
|
+
throw new Error("Invalid skill path");
|
|
153
|
+
if (path.posix.isAbsolute(cleaned) || path.win32.isAbsolute(cleaned)) {
|
|
154
|
+
throw new Error("Invalid skill path");
|
|
155
|
+
}
|
|
156
|
+
if (cleaned === ".")
|
|
157
|
+
return ".";
|
|
158
|
+
const parts = cleaned.split("/").filter(Boolean);
|
|
159
|
+
if (parts.length === 0)
|
|
160
|
+
throw new Error("Invalid skill path");
|
|
161
|
+
if (parts.some((p) => p === "." || p === "..")) {
|
|
162
|
+
throw new Error("Invalid skill path");
|
|
163
|
+
}
|
|
164
|
+
return parts.join("/");
|
|
165
|
+
}
|
|
166
|
+
function assertPathWithinRoot(rootDir, targetPath) {
|
|
167
|
+
const root = path.resolve(rootDir);
|
|
168
|
+
const target = path.resolve(targetPath);
|
|
169
|
+
if (target === root)
|
|
170
|
+
return;
|
|
171
|
+
if (!target.startsWith(`${root}${path.sep}`)) {
|
|
172
|
+
throw new Error("Skill path escapes repository root");
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
function normalizeRepo(raw) {
|
|
176
|
+
const repo = raw
|
|
177
|
+
.replace(/^https:\/\/github\.com\//i, "")
|
|
178
|
+
.replace(/\.git$/i, "")
|
|
179
|
+
.replace(/^github:/i, "")
|
|
180
|
+
.trim();
|
|
181
|
+
if (!/^[a-zA-Z0-9._-]+\/[a-zA-Z0-9._-]+$/.test(repo)) {
|
|
182
|
+
throw new Error(`Invalid repository: ${raw}`);
|
|
183
|
+
}
|
|
184
|
+
return repo;
|
|
185
|
+
}
|
|
186
|
+
function parseGithubUrl(rawUrl) {
|
|
187
|
+
let url;
|
|
188
|
+
try {
|
|
189
|
+
url = new URL(rawUrl);
|
|
190
|
+
}
|
|
191
|
+
catch (err) {
|
|
192
|
+
throw new Error(`Invalid GitHub URL: ${err instanceof Error ? err.message : String(err)}`);
|
|
193
|
+
}
|
|
194
|
+
if (url.hostname !== "github.com") {
|
|
195
|
+
throw new Error("Only github.com URLs are supported for skill install");
|
|
196
|
+
}
|
|
197
|
+
const treeMarker = "/tree/";
|
|
198
|
+
const rawIndex = rawUrl.toLowerCase().indexOf(treeMarker);
|
|
199
|
+
if (rawIndex !== -1) {
|
|
200
|
+
const rawTail = rawUrl.slice(rawIndex + treeMarker.length);
|
|
201
|
+
const rawPath = rawTail.split(/[?#]/)[0];
|
|
202
|
+
let decoded = rawPath;
|
|
203
|
+
try {
|
|
204
|
+
decoded = decodeURIComponent(rawPath);
|
|
205
|
+
}
|
|
206
|
+
catch {
|
|
207
|
+
// Keep raw path if decode fails; still scan for traversal tokens.
|
|
208
|
+
}
|
|
209
|
+
if (/(^|\/)\.\.(\/|$)/.test(decoded)) {
|
|
210
|
+
throw new Error("Invalid skill path");
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
const parts = url.pathname.split("/").filter(Boolean);
|
|
214
|
+
if (parts.length < 2) {
|
|
215
|
+
throw new Error("GitHub URL must include owner/repo");
|
|
216
|
+
}
|
|
217
|
+
const repository = normalizeRepo(`${parts[0]}/${parts[1]}`);
|
|
218
|
+
if (parts[2] === "tree" && parts.length >= 4) {
|
|
219
|
+
const ref = parts[3];
|
|
220
|
+
validateGitRef(ref);
|
|
221
|
+
const treePath = parts.slice(4).join("/");
|
|
222
|
+
const safePath = treePath ? sanitizeSkillPath(treePath) : null;
|
|
223
|
+
return { repository, path: safePath, ref: ref || null };
|
|
224
|
+
}
|
|
225
|
+
return { repository, path: null, ref: null };
|
|
226
|
+
}
|
|
227
|
+
function installationRoot(workspaceDir) {
|
|
228
|
+
return path.join(workspaceDir, "skills", ".marketplace");
|
|
229
|
+
}
|
|
230
|
+
function installsRecordPath(workspaceDir) {
|
|
231
|
+
return path.join(workspaceDir, "skills", ".cache", "marketplace-installs.json");
|
|
232
|
+
}
|
|
233
|
+
async function ensureInstallDirs(workspaceDir) {
|
|
234
|
+
await fs.mkdir(installationRoot(workspaceDir), { recursive: true });
|
|
235
|
+
await fs.mkdir(path.dirname(installsRecordPath(workspaceDir)), {
|
|
236
|
+
recursive: true,
|
|
237
|
+
});
|
|
238
|
+
}
|
|
239
|
+
async function readInstallRecords(workspaceDir) {
|
|
240
|
+
try {
|
|
241
|
+
const raw = await fs.readFile(installsRecordPath(workspaceDir), "utf-8");
|
|
242
|
+
const parsed = JSON.parse(raw);
|
|
243
|
+
if (!parsed || typeof parsed !== "object" || Array.isArray(parsed))
|
|
244
|
+
return {};
|
|
245
|
+
return parsed;
|
|
246
|
+
}
|
|
247
|
+
catch {
|
|
248
|
+
return {};
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
async function writeInstallRecords(workspaceDir, records) {
|
|
252
|
+
await ensureInstallDirs(workspaceDir);
|
|
253
|
+
await fs.writeFile(installsRecordPath(workspaceDir), JSON.stringify(records, null, 2), "utf-8");
|
|
254
|
+
}
|
|
255
|
+
function normalizeTags(raw) {
|
|
256
|
+
if (Array.isArray(raw)) {
|
|
257
|
+
return raw
|
|
258
|
+
.map((t) => String(t ?? "").trim())
|
|
259
|
+
.filter((t) => t.length > 0)
|
|
260
|
+
.slice(0, 10);
|
|
261
|
+
}
|
|
262
|
+
if (raw && typeof raw === "object") {
|
|
263
|
+
return Object.keys(raw)
|
|
264
|
+
.map((t) => t.trim())
|
|
265
|
+
.filter((t) => t.length > 0)
|
|
266
|
+
.slice(0, 10);
|
|
267
|
+
}
|
|
268
|
+
return [];
|
|
269
|
+
}
|
|
270
|
+
function inferRepository(skill) {
|
|
271
|
+
const candidates = [
|
|
272
|
+
skill.repository,
|
|
273
|
+
skill.repo,
|
|
274
|
+
skill.gitRepo,
|
|
275
|
+
skill.github,
|
|
276
|
+
skill.githubRepo,
|
|
277
|
+
skill.git?.repo,
|
|
278
|
+
];
|
|
279
|
+
for (const value of candidates) {
|
|
280
|
+
if (typeof value !== "string" || !value.trim())
|
|
281
|
+
continue;
|
|
282
|
+
try {
|
|
283
|
+
return normalizeRepo(value);
|
|
284
|
+
}
|
|
285
|
+
catch (err) {
|
|
286
|
+
logger.debug(`[skill-marketplace] Failed to normalize repo: ${err instanceof Error ? err.message : err}`);
|
|
287
|
+
}
|
|
288
|
+
}
|
|
289
|
+
// Try to extract repository from githubUrl (e.g., https://github.com/owner/repo/tree/...)
|
|
290
|
+
const githubUrl = skill.githubUrl;
|
|
291
|
+
if (typeof githubUrl === "string" && githubUrl.includes("github.com")) {
|
|
292
|
+
try {
|
|
293
|
+
const url = new URL(githubUrl);
|
|
294
|
+
const parts = url.pathname.split("/").filter(Boolean);
|
|
295
|
+
if (parts.length >= 2) {
|
|
296
|
+
return normalizeRepo(`${parts[0]}/${parts[1]}`);
|
|
297
|
+
}
|
|
298
|
+
}
|
|
299
|
+
catch (err) {
|
|
300
|
+
logger.debug(`[skill-marketplace] Failed to normalize repo: ${err instanceof Error ? err.message : err}`);
|
|
301
|
+
}
|
|
302
|
+
}
|
|
303
|
+
return null;
|
|
304
|
+
}
|
|
305
|
+
function inferPath(skill) {
|
|
306
|
+
const candidates = [
|
|
307
|
+
skill.path,
|
|
308
|
+
skill.skillPath,
|
|
309
|
+
skill.installPath,
|
|
310
|
+
skill.directory,
|
|
311
|
+
];
|
|
312
|
+
for (const value of candidates) {
|
|
313
|
+
if (typeof value !== "string")
|
|
314
|
+
continue;
|
|
315
|
+
const cleaned = value.replace(/^\/+/, "").trim();
|
|
316
|
+
if (cleaned && !cleaned.startsWith("..") && !cleaned.includes("/.."))
|
|
317
|
+
return cleaned;
|
|
318
|
+
}
|
|
319
|
+
// Try to extract path from githubUrl (e.g., https://github.com/owner/repo/tree/main/skills/content-marketer)
|
|
320
|
+
const githubUrl = skill.githubUrl;
|
|
321
|
+
if (typeof githubUrl === "string" && githubUrl.includes("/tree/")) {
|
|
322
|
+
const treeIndex = githubUrl.indexOf("/tree/");
|
|
323
|
+
const afterTree = githubUrl.slice(treeIndex + 6); // skip "/tree/"
|
|
324
|
+
// afterTree = "main/skills/content-marketer" → skip the branch, take the rest
|
|
325
|
+
const slashIndex = afterTree.indexOf("/");
|
|
326
|
+
if (slashIndex !== -1) {
|
|
327
|
+
const pathPart = afterTree.slice(slashIndex + 1);
|
|
328
|
+
if (pathPart && !pathPart.startsWith("..") && !pathPart.includes("/.."))
|
|
329
|
+
return pathPart;
|
|
330
|
+
}
|
|
331
|
+
}
|
|
332
|
+
return null;
|
|
333
|
+
}
|
|
334
|
+
function inferName(skill, fallbackId) {
|
|
335
|
+
const candidates = [
|
|
336
|
+
skill.displayName,
|
|
337
|
+
skill.slug,
|
|
338
|
+
skill.name,
|
|
339
|
+
skill.id,
|
|
340
|
+
skill.title,
|
|
341
|
+
];
|
|
342
|
+
for (const value of candidates) {
|
|
343
|
+
if (typeof value !== "string")
|
|
344
|
+
continue;
|
|
345
|
+
const cleaned = value.trim();
|
|
346
|
+
if (cleaned)
|
|
347
|
+
return cleaned;
|
|
348
|
+
}
|
|
349
|
+
if (fallbackId.includes("/")) {
|
|
350
|
+
return fallbackId.split("/").pop() || fallbackId;
|
|
351
|
+
}
|
|
352
|
+
return fallbackId;
|
|
353
|
+
}
|
|
354
|
+
function inferDescription(skill) {
|
|
355
|
+
const candidates = [skill.description, skill.summary, skill.shortDescription];
|
|
356
|
+
for (const value of candidates) {
|
|
357
|
+
if (typeof value === "string" && value.trim())
|
|
358
|
+
return value.trim();
|
|
359
|
+
}
|
|
360
|
+
return "";
|
|
361
|
+
}
|
|
362
|
+
function resolveMarketplaceBaseUrl() {
|
|
363
|
+
const configured = process.env.SKILLS_REGISTRY?.trim() ||
|
|
364
|
+
process.env.CLAWHUB_REGISTRY?.trim() ||
|
|
365
|
+
process.env.SKILLS_MARKETPLACE_URL?.trim();
|
|
366
|
+
return configured || DEFAULT_SKILLS_MARKETPLACE_URL;
|
|
367
|
+
}
|
|
368
|
+
function isLegacySkillsmp(baseUrl) {
|
|
369
|
+
try {
|
|
370
|
+
const hostname = new URL(baseUrl).hostname.toLowerCase();
|
|
371
|
+
return (hostname === LEGACY_SKILLSMP_HOST || hostname.endsWith(".skillsmp.com"));
|
|
372
|
+
}
|
|
373
|
+
catch {
|
|
374
|
+
return baseUrl.toLowerCase().includes(LEGACY_SKILLSMP_HOST);
|
|
375
|
+
}
|
|
376
|
+
}
|
|
377
|
+
export async function searchSkillsMarketplace(query, opts) {
|
|
378
|
+
const baseUrl = resolveMarketplaceBaseUrl();
|
|
379
|
+
const legacySkillsmp = isLegacySkillsmp(baseUrl);
|
|
380
|
+
const endpoint = legacySkillsmp
|
|
381
|
+
? opts?.aiSearch
|
|
382
|
+
? "/api/v1/skills/ai-search"
|
|
383
|
+
: "/api/v1/skills/search"
|
|
384
|
+
: "/api/v1/search";
|
|
385
|
+
const url = new URL(`${baseUrl}${endpoint}`);
|
|
386
|
+
if (query.trim())
|
|
387
|
+
url.searchParams.set("q", query.trim());
|
|
388
|
+
url.searchParams.set("limit", String(Math.max(1, Math.min(opts?.limit ?? 20, 50))));
|
|
389
|
+
const headers = {
|
|
390
|
+
Accept: "application/json",
|
|
391
|
+
};
|
|
392
|
+
if (legacySkillsmp) {
|
|
393
|
+
const apiKey = process.env.SKILLSMP_API_KEY?.trim();
|
|
394
|
+
if (!apiKey) {
|
|
395
|
+
throw new Error("SKILLSMP_API_KEY is not set. Add it to enable Skills marketplace search.");
|
|
396
|
+
}
|
|
397
|
+
headers.Authorization = `Bearer ${apiKey}`;
|
|
398
|
+
}
|
|
399
|
+
const searchSpan = createIntegrationTelemetrySpan({
|
|
400
|
+
boundary: "marketplace",
|
|
401
|
+
operation: "search_skills_marketplace",
|
|
402
|
+
timeoutMs: FETCH_TIMEOUT_MS,
|
|
403
|
+
});
|
|
404
|
+
let resp;
|
|
405
|
+
try {
|
|
406
|
+
resp = await fetch(url, {
|
|
407
|
+
headers,
|
|
408
|
+
signal: AbortSignal.timeout(FETCH_TIMEOUT_MS),
|
|
409
|
+
});
|
|
410
|
+
}
|
|
411
|
+
catch (err) {
|
|
412
|
+
searchSpan.failure({ error: err });
|
|
413
|
+
const msg = err instanceof Error ? err.message : String(err);
|
|
414
|
+
throw new Error(msg.includes("aborted") || msg.includes("timeout")
|
|
415
|
+
? `Skills marketplace request timed out after ${FETCH_TIMEOUT_MS / 1000}s`
|
|
416
|
+
: `Skills marketplace network error: ${msg}`);
|
|
417
|
+
}
|
|
418
|
+
const payload = (await resp.json().catch(() => ({})));
|
|
419
|
+
if (!resp.ok) {
|
|
420
|
+
searchSpan.failure({ statusCode: resp.status, errorKind: "http_error" });
|
|
421
|
+
const msg = payload.error?.message;
|
|
422
|
+
throw new Error(typeof msg === "string" && msg
|
|
423
|
+
? msg
|
|
424
|
+
: `Skills marketplace request failed (${resp.status})`);
|
|
425
|
+
}
|
|
426
|
+
const buckets = [payload.results, payload.skills, payload.data];
|
|
427
|
+
let list = [];
|
|
428
|
+
for (const bucket of buckets) {
|
|
429
|
+
if (Array.isArray(bucket)) {
|
|
430
|
+
list = bucket;
|
|
431
|
+
break;
|
|
432
|
+
}
|
|
433
|
+
if (bucket &&
|
|
434
|
+
typeof bucket === "object" &&
|
|
435
|
+
Array.isArray(bucket.results)) {
|
|
436
|
+
list = bucket.results;
|
|
437
|
+
break;
|
|
438
|
+
}
|
|
439
|
+
if (bucket &&
|
|
440
|
+
typeof bucket === "object" &&
|
|
441
|
+
Array.isArray(bucket.skills)) {
|
|
442
|
+
list = bucket.skills;
|
|
443
|
+
break;
|
|
444
|
+
}
|
|
445
|
+
}
|
|
446
|
+
const out = [];
|
|
447
|
+
for (const entry of list) {
|
|
448
|
+
if (!entry || typeof entry !== "object" || Array.isArray(entry))
|
|
449
|
+
continue;
|
|
450
|
+
const skill = entry;
|
|
451
|
+
const slug = typeof skill.slug === "string" ? skill.slug.trim() : "";
|
|
452
|
+
const repository = inferRepository(skill);
|
|
453
|
+
if (!repository && !slug)
|
|
454
|
+
continue;
|
|
455
|
+
const fallbackId = repository || slug;
|
|
456
|
+
const name = inferName(skill, fallbackId);
|
|
457
|
+
const description = inferDescription(skill);
|
|
458
|
+
const skillPath = inferPath(skill);
|
|
459
|
+
const scoreValue = skill.score;
|
|
460
|
+
const score = typeof scoreValue === "number" && Number.isFinite(scoreValue)
|
|
461
|
+
? scoreValue
|
|
462
|
+
: null;
|
|
463
|
+
const githubUrl = typeof skill.githubUrl === "string" && skill.githubUrl.trim()
|
|
464
|
+
? skill.githubUrl.trim()
|
|
465
|
+
: repository
|
|
466
|
+
? `https://github.com/${repository}`
|
|
467
|
+
: undefined;
|
|
468
|
+
out.push({
|
|
469
|
+
id: String(skill.id ?? slug ?? name),
|
|
470
|
+
slug: slug || undefined,
|
|
471
|
+
name,
|
|
472
|
+
description,
|
|
473
|
+
repository: repository || undefined,
|
|
474
|
+
githubUrl,
|
|
475
|
+
path: skillPath,
|
|
476
|
+
tags: normalizeTags(skill.tags ?? skill.topics),
|
|
477
|
+
score,
|
|
478
|
+
source: legacySkillsmp ? "skillsmp" : "clawhub",
|
|
479
|
+
});
|
|
480
|
+
}
|
|
481
|
+
searchSpan.success({ statusCode: resp.status });
|
|
482
|
+
return out;
|
|
483
|
+
}
|
|
484
|
+
async function runGitCloneSubset(repository, ref, skillPath, targetDir) {
|
|
485
|
+
if (ref)
|
|
486
|
+
validateGitRef(ref);
|
|
487
|
+
if (skillPath !== ".") {
|
|
488
|
+
sanitizeSkillPath(skillPath);
|
|
489
|
+
}
|
|
490
|
+
await withTemporarySparseCheckout(repository, ref, skillPath, async (cloneDir) => {
|
|
491
|
+
const sourceDir = path.join(cloneDir, skillPath);
|
|
492
|
+
assertPathWithinRoot(cloneDir, sourceDir);
|
|
493
|
+
const stat = await fs.stat(sourceDir).catch(() => null);
|
|
494
|
+
if (!stat || !stat.isDirectory()) {
|
|
495
|
+
throw new Error(`Skill path not found in repository: ${skillPath}`);
|
|
496
|
+
}
|
|
497
|
+
await fs.mkdir(path.dirname(targetDir), { recursive: true });
|
|
498
|
+
await fs.cp(sourceDir, targetDir, {
|
|
499
|
+
recursive: true,
|
|
500
|
+
errorOnExist: true,
|
|
501
|
+
force: false,
|
|
502
|
+
});
|
|
503
|
+
});
|
|
504
|
+
}
|
|
505
|
+
async function resolveSkillPathInRepo(repository, ref, requestedPath) {
|
|
506
|
+
if (ref)
|
|
507
|
+
validateGitRef(ref);
|
|
508
|
+
if (requestedPath)
|
|
509
|
+
return sanitizeSkillPath(requestedPath);
|
|
510
|
+
// Use --no-checkout + git ls-tree to discover SKILL.md without relying on
|
|
511
|
+
// sparse-checkout cone mode, which only fetches root-level files when
|
|
512
|
+
// checkoutPath="." and silently omits skills/ subdirectories.
|
|
513
|
+
const repoUrl = `https://github.com/${repository}.git`;
|
|
514
|
+
const tmpBase = await fs.mkdtemp(path.join(stateDirBase(), "skill-probe-"));
|
|
515
|
+
const cloneDir = path.join(tmpBase, "repo");
|
|
516
|
+
try {
|
|
517
|
+
const cloneArgs = [
|
|
518
|
+
"clone",
|
|
519
|
+
"--depth",
|
|
520
|
+
"1",
|
|
521
|
+
"--filter=blob:none",
|
|
522
|
+
"--no-checkout",
|
|
523
|
+
...(ref ? ["--branch", ref] : []),
|
|
524
|
+
repoUrl,
|
|
525
|
+
cloneDir,
|
|
526
|
+
];
|
|
527
|
+
await execFileAsync("git", cloneArgs, { timeout: GIT_TIMEOUT_MS });
|
|
528
|
+
const { stdout } = await execFileAsync("git", ["-C", cloneDir, "ls-tree", "-r", "--name-only", "HEAD"], { timeout: GIT_TIMEOUT_MS });
|
|
529
|
+
const allPaths = stdout
|
|
530
|
+
.split("\n")
|
|
531
|
+
.map((p) => p.trim())
|
|
532
|
+
.filter(Boolean);
|
|
533
|
+
if (allPaths.includes("SKILL.md"))
|
|
534
|
+
return ".";
|
|
535
|
+
for (const filePath of allPaths) {
|
|
536
|
+
const parts = filePath.split("/");
|
|
537
|
+
if (parts.length === 3 &&
|
|
538
|
+
parts[0] === "skills" &&
|
|
539
|
+
parts[2] === "SKILL.md") {
|
|
540
|
+
return sanitizeSkillPath(`${parts[0]}/${parts[1]}`);
|
|
541
|
+
}
|
|
542
|
+
}
|
|
543
|
+
throw new Error("Could not determine skill path automatically. Provide an explicit GitHub tree URL or path.");
|
|
544
|
+
}
|
|
545
|
+
finally {
|
|
546
|
+
await fs
|
|
547
|
+
.rm(tmpBase, { recursive: true, force: true })
|
|
548
|
+
.catch(() => undefined);
|
|
549
|
+
}
|
|
550
|
+
}
|
|
551
|
+
async function withTemporarySparseCheckout(repository, ref, checkoutPath, task) {
|
|
552
|
+
const repoUrl = `https://github.com/${repository}.git`;
|
|
553
|
+
const tmpBase = await fs.mkdtemp(path.join(stateDirBase(), "skill-probe-"));
|
|
554
|
+
const cloneDir = path.join(tmpBase, "repo");
|
|
555
|
+
try {
|
|
556
|
+
const cloneArgs = [
|
|
557
|
+
"clone",
|
|
558
|
+
"--depth",
|
|
559
|
+
"1",
|
|
560
|
+
"--filter=blob:none",
|
|
561
|
+
"--sparse",
|
|
562
|
+
...(ref ? ["--branch", ref] : []),
|
|
563
|
+
repoUrl,
|
|
564
|
+
cloneDir,
|
|
565
|
+
];
|
|
566
|
+
await execFileAsync("git", cloneArgs, { timeout: GIT_TIMEOUT_MS });
|
|
567
|
+
await execFileAsync("git", ["-C", cloneDir, "sparse-checkout", "set", checkoutPath], { timeout: GIT_TIMEOUT_MS });
|
|
568
|
+
return await task(cloneDir);
|
|
569
|
+
}
|
|
570
|
+
finally {
|
|
571
|
+
await fs
|
|
572
|
+
.rm(tmpBase, { recursive: true, force: true })
|
|
573
|
+
.catch(() => undefined);
|
|
574
|
+
}
|
|
575
|
+
}
|
|
576
|
+
export async function installMarketplaceSkill(workspaceDir, input) {
|
|
577
|
+
await ensureInstallDirs(workspaceDir);
|
|
578
|
+
let repository = input.repository?.trim()
|
|
579
|
+
? normalizeRepo(input.repository)
|
|
580
|
+
: null;
|
|
581
|
+
let requestedPath = input.path?.trim() ? sanitizeSkillPath(input.path) : null;
|
|
582
|
+
let gitRef = null;
|
|
583
|
+
if (input.githubUrl?.trim()) {
|
|
584
|
+
const parsed = parseGithubUrl(input.githubUrl.trim());
|
|
585
|
+
repository = parsed.repository;
|
|
586
|
+
if (!requestedPath && parsed.path)
|
|
587
|
+
requestedPath = parsed.path;
|
|
588
|
+
if (parsed.ref)
|
|
589
|
+
gitRef = parsed.ref;
|
|
590
|
+
}
|
|
591
|
+
if (!repository) {
|
|
592
|
+
throw new Error("Install requires a repository or GitHub URL");
|
|
593
|
+
}
|
|
594
|
+
const skillPath = await resolveSkillPathInRepo(repository, gitRef, requestedPath);
|
|
595
|
+
const baseName = input.name?.trim() ||
|
|
596
|
+
path.posix.basename(skillPath === "." ? repository.split("/")[1] : skillPath);
|
|
597
|
+
const id = safeName(baseName);
|
|
598
|
+
const targetDir = path.join(installationRoot(workspaceDir), id);
|
|
599
|
+
const exists = await fs
|
|
600
|
+
.stat(targetDir)
|
|
601
|
+
.then(() => true)
|
|
602
|
+
.catch(() => false);
|
|
603
|
+
if (exists) {
|
|
604
|
+
throw new Error(`Skill "${id}" is already installed`);
|
|
605
|
+
}
|
|
606
|
+
await runGitCloneSubset(repository, gitRef, skillPath, targetDir);
|
|
607
|
+
const skillDoc = path.join(targetDir, "SKILL.md");
|
|
608
|
+
const validSkill = await fs
|
|
609
|
+
.stat(skillDoc)
|
|
610
|
+
.then((s) => s.isFile())
|
|
611
|
+
.catch(() => false);
|
|
612
|
+
if (!validSkill) {
|
|
613
|
+
await fs
|
|
614
|
+
.rm(targetDir, { recursive: true, force: true })
|
|
615
|
+
.catch(() => undefined);
|
|
616
|
+
throw new Error("Installed path does not contain SKILL.md");
|
|
617
|
+
}
|
|
618
|
+
// ── Security scan ─────────────────────────────────────────
|
|
619
|
+
// Scan the skill directory for dangerous patterns before making it available.
|
|
620
|
+
// Blocked skills are removed and an error is thrown.
|
|
621
|
+
const scanReport = await runSkillSecurityScan(targetDir);
|
|
622
|
+
const scanStatus = scanReport.status;
|
|
623
|
+
if (scanReport.status === "blocked") {
|
|
624
|
+
await fs
|
|
625
|
+
.rm(targetDir, { recursive: true, force: true })
|
|
626
|
+
.catch(() => undefined);
|
|
627
|
+
const reasons = [
|
|
628
|
+
...scanReport.findings.map((f) => f.message),
|
|
629
|
+
...scanReport.manifestFindings.map((f) => f.message),
|
|
630
|
+
];
|
|
631
|
+
throw new Error(`Skill "${id}" blocked by security scan: ${reasons.join("; ")}`);
|
|
632
|
+
}
|
|
633
|
+
if (scanReport.status === "critical" || scanReport.status === "warning") {
|
|
634
|
+
logger.warn(`[skills-marketplace] Security scan for "${id}": ${scanReport.status} ` +
|
|
635
|
+
`(${scanReport.summary.critical} critical, ${scanReport.summary.warn} warnings)`);
|
|
636
|
+
}
|
|
637
|
+
const record = {
|
|
638
|
+
id,
|
|
639
|
+
name: input.name?.trim() || id,
|
|
640
|
+
description: input.description?.trim() || "",
|
|
641
|
+
repository,
|
|
642
|
+
githubUrl: `https://github.com/${repository}`,
|
|
643
|
+
path: skillPath,
|
|
644
|
+
installPath: targetDir,
|
|
645
|
+
installedAt: new Date().toISOString(),
|
|
646
|
+
source: input.source ?? "manual",
|
|
647
|
+
scanStatus,
|
|
648
|
+
};
|
|
649
|
+
const records = await readInstallRecords(workspaceDir);
|
|
650
|
+
records[id] = record;
|
|
651
|
+
await writeInstallRecords(workspaceDir, records);
|
|
652
|
+
logger.info(`[skills-marketplace] Installed ${record.id} from ${record.repository}:${record.path} (scan: ${scanStatus ?? "skipped"})`);
|
|
653
|
+
return record;
|
|
654
|
+
}
|
|
655
|
+
export async function listInstalledMarketplaceSkills(workspaceDir) {
|
|
656
|
+
const records = await readInstallRecords(workspaceDir);
|
|
657
|
+
const values = Object.values(records);
|
|
658
|
+
values.sort((a, b) => b.installedAt.localeCompare(a.installedAt));
|
|
659
|
+
return values;
|
|
660
|
+
}
|
|
661
|
+
export async function uninstallMarketplaceSkill(workspaceDir, skillId) {
|
|
662
|
+
const id = safeName(skillId);
|
|
663
|
+
const records = await readInstallRecords(workspaceDir);
|
|
664
|
+
const existing = records[id];
|
|
665
|
+
if (!existing) {
|
|
666
|
+
throw new Error(`Installed marketplace skill "${id}" not found`);
|
|
667
|
+
}
|
|
668
|
+
// Security: ensure installPath is within the expected marketplace directory
|
|
669
|
+
const expectedRoot = path.resolve(installationRoot(workspaceDir));
|
|
670
|
+
const resolvedPath = path.resolve(existing.installPath);
|
|
671
|
+
if (!resolvedPath.startsWith(`${expectedRoot}${path.sep}`) ||
|
|
672
|
+
resolvedPath === expectedRoot) {
|
|
673
|
+
throw new Error(`Refusing to remove skill outside ${expectedRoot}`);
|
|
674
|
+
}
|
|
675
|
+
await fs.rm(existing.installPath, { recursive: true, force: true });
|
|
676
|
+
delete records[id];
|
|
677
|
+
await writeInstallRecords(workspaceDir, records);
|
|
678
|
+
logger.info(`[skills-marketplace] Uninstalled ${id}`);
|
|
679
|
+
return existing;
|
|
680
|
+
}
|