@full-self-developing/fsd 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1191) hide show
  1. package/.engine/engine-config.json +27 -0
  2. package/CODEBASE_CONTEXT.md +152 -0
  3. package/README.md +111 -0
  4. package/README_zh.md +111 -0
  5. package/UI_SPEC.md +57 -0
  6. package/agents/api-proxy.js +542 -0
  7. package/agents/base.js +280 -0
  8. package/agents/branch-manager.js +135 -0
  9. package/agents/cli-models.json +48 -0
  10. package/agents/coder.js +128 -0
  11. package/agents/core-request.js +174 -0
  12. package/agents/dispatcher.js +491 -0
  13. package/agents/drivers/.atomcode/graph.bin +0 -0
  14. package/agents/drivers/atomcode.js +143 -0
  15. package/agents/drivers/gemini-cli.js +195 -0
  16. package/agents/drivers/index.js +65 -0
  17. package/agents/drivers/openrouter.js +390 -0
  18. package/agents/engine-config.js +444 -0
  19. package/agents/log-fixer.js +72 -0
  20. package/agents/mcp-client-manager.js +159 -0
  21. package/agents/optimizer.js +54 -0
  22. package/agents/path-validator.js +43 -0
  23. package/agents/planner.js +81 -0
  24. package/agents/prompt-manager.js +170 -0
  25. package/agents/skeptic.js +79 -0
  26. package/agents/skills-manager.js +130 -0
  27. package/agents/summarizer.js +34 -0
  28. package/agents/test-runner.js +85 -0
  29. package/bin/cli.js +166 -0
  30. package/client/eslint.config.js +21 -0
  31. package/client/index.html +12 -0
  32. package/client/package-lock.json +3339 -0
  33. package/client/package.json +35 -0
  34. package/client/src/App.jsx +745 -0
  35. package/client/src/api.js +78 -0
  36. package/client/src/components/ChatPanel.jsx +277 -0
  37. package/client/src/components/ConfirmationModal.jsx +61 -0
  38. package/client/src/components/ErrorBoundary.jsx +66 -0
  39. package/client/src/components/FolderPicker.jsx +200 -0
  40. package/client/src/components/LoopPanel.jsx +863 -0
  41. package/client/src/components/NotFound.jsx +52 -0
  42. package/client/src/components/SettingsPanel.jsx +966 -0
  43. package/client/src/components/Sidebar.jsx +318 -0
  44. package/client/src/context/SettingsContext.jsx +353 -0
  45. package/client/src/i18n.js +462 -0
  46. package/client/src/index.css +31 -0
  47. package/client/src/main.jsx +17 -0
  48. package/client/vite.config.js +19 -0
  49. package/design.md +875 -0
  50. package/extensions/alibaba/index.ts +11 -0
  51. package/extensions/alibaba/openclaw.plugin.json +34 -0
  52. package/extensions/alibaba/package.json +15 -0
  53. package/extensions/alibaba/plugin-registration.contract.test.ts +7 -0
  54. package/extensions/alibaba/tsconfig.json +16 -0
  55. package/extensions/alibaba/video-generation-provider.test.ts +92 -0
  56. package/extensions/alibaba/video-generation-provider.ts +83 -0
  57. package/extensions/amazon-bedrock/api.ts +6 -0
  58. package/extensions/amazon-bedrock/aws-credential-refresh.ts +42 -0
  59. package/extensions/amazon-bedrock/config-api.ts +4 -0
  60. package/extensions/amazon-bedrock/config-compat.test.ts +81 -0
  61. package/extensions/amazon-bedrock/config-compat.ts +107 -0
  62. package/extensions/amazon-bedrock/discovery-shared.ts +28 -0
  63. package/extensions/amazon-bedrock/discovery.test.ts +608 -0
  64. package/extensions/amazon-bedrock/discovery.ts +616 -0
  65. package/extensions/amazon-bedrock/embedding-provider.test.ts +109 -0
  66. package/extensions/amazon-bedrock/embedding-provider.ts +470 -0
  67. package/extensions/amazon-bedrock/index.test.ts +1249 -0
  68. package/extensions/amazon-bedrock/index.ts +11 -0
  69. package/extensions/amazon-bedrock/lazy-import.test.ts +56 -0
  70. package/extensions/amazon-bedrock/memory-embedding-adapter.test.ts +105 -0
  71. package/extensions/amazon-bedrock/memory-embedding-adapter.ts +47 -0
  72. package/extensions/amazon-bedrock/npm-shrinkwrap.json +1241 -0
  73. package/extensions/amazon-bedrock/openclaw.plugin.json +80 -0
  74. package/extensions/amazon-bedrock/package.json +41 -0
  75. package/extensions/amazon-bedrock/provider-policy-api.test.ts +46 -0
  76. package/extensions/amazon-bedrock/provider-policy-api.ts +9 -0
  77. package/extensions/amazon-bedrock/register.sync.runtime.ts +659 -0
  78. package/extensions/amazon-bedrock/setup-api.ts +18 -0
  79. package/extensions/amazon-bedrock/thinking-policy.ts +32 -0
  80. package/extensions/amazon-bedrock/tsconfig.json +16 -0
  81. package/extensions/anthropic/api.ts +11 -0
  82. package/extensions/anthropic/claude-model-refs.ts +104 -0
  83. package/extensions/anthropic/cli-auth-seam.ts +13 -0
  84. package/extensions/anthropic/cli-backend-api.ts +6 -0
  85. package/extensions/anthropic/cli-backend.ts +83 -0
  86. package/extensions/anthropic/cli-catalog.ts +42 -0
  87. package/extensions/anthropic/cli-constants.ts +41 -0
  88. package/extensions/anthropic/cli-migration.test.ts +487 -0
  89. package/extensions/anthropic/cli-migration.ts +266 -0
  90. package/extensions/anthropic/cli-shared.test.ts +300 -0
  91. package/extensions/anthropic/cli-shared.ts +248 -0
  92. package/extensions/anthropic/config-defaults.ts +428 -0
  93. package/extensions/anthropic/contract-api.ts +9 -0
  94. package/extensions/anthropic/doctor-contract-api.ts +14 -0
  95. package/extensions/anthropic/index.test.ts +663 -0
  96. package/extensions/anthropic/index.ts +11 -0
  97. package/extensions/anthropic/media-understanding-provider.ts +15 -0
  98. package/extensions/anthropic/openclaw.plugin.json +112 -0
  99. package/extensions/anthropic/package.json +18 -0
  100. package/extensions/anthropic/provider-contract-api.ts +59 -0
  101. package/extensions/anthropic/provider-discovery.ts +35 -0
  102. package/extensions/anthropic/provider-policy-api.test.ts +135 -0
  103. package/extensions/anthropic/provider-policy-api.ts +24 -0
  104. package/extensions/anthropic/provider-runtime.contract.test.ts +3 -0
  105. package/extensions/anthropic/register.runtime.ts +668 -0
  106. package/extensions/anthropic/replay-policy.ts +9 -0
  107. package/extensions/anthropic/setup-api.ts +11 -0
  108. package/extensions/anthropic/stream-wrappers.test.ts +233 -0
  109. package/extensions/anthropic/stream-wrappers.ts +228 -0
  110. package/extensions/anthropic/test-api.ts +3 -0
  111. package/extensions/anthropic/tsconfig.json +16 -0
  112. package/extensions/arcee/api.ts +8 -0
  113. package/extensions/arcee/index.test.ts +195 -0
  114. package/extensions/arcee/index.ts +142 -0
  115. package/extensions/arcee/models.ts +68 -0
  116. package/extensions/arcee/onboard.ts +43 -0
  117. package/extensions/arcee/openclaw.plugin.json +46 -0
  118. package/extensions/arcee/package.json +15 -0
  119. package/extensions/arcee/provider-catalog.ts +54 -0
  120. package/extensions/arcee/tsconfig.json +16 -0
  121. package/extensions/azure-speech/azure-speech.live.test.ts +92 -0
  122. package/extensions/azure-speech/index.ts +11 -0
  123. package/extensions/azure-speech/openclaw.plugin.json +66 -0
  124. package/extensions/azure-speech/package.json +15 -0
  125. package/extensions/azure-speech/speech-provider.test.ts +242 -0
  126. package/extensions/azure-speech/speech-provider.ts +306 -0
  127. package/extensions/azure-speech/tsconfig.json +16 -0
  128. package/extensions/azure-speech/tts.test.ts +127 -0
  129. package/extensions/azure-speech/tts.ts +209 -0
  130. package/extensions/byteplus/api.ts +8 -0
  131. package/extensions/byteplus/index.test.ts +60 -0
  132. package/extensions/byteplus/index.ts +84 -0
  133. package/extensions/byteplus/live.test.ts +60 -0
  134. package/extensions/byteplus/models.ts +35 -0
  135. package/extensions/byteplus/openclaw.plugin.json +165 -0
  136. package/extensions/byteplus/package.json +15 -0
  137. package/extensions/byteplus/plugin-registration.contract.test.ts +8 -0
  138. package/extensions/byteplus/provider-catalog.ts +17 -0
  139. package/extensions/byteplus/provider-discovery.ts +31 -0
  140. package/extensions/byteplus/tsconfig.json +16 -0
  141. package/extensions/byteplus/video-generation-provider.test.ts +223 -0
  142. package/extensions/byteplus/video-generation-provider.ts +389 -0
  143. package/extensions/cerebras/api.ts +7 -0
  144. package/extensions/cerebras/index.ts +41 -0
  145. package/extensions/cerebras/models.ts +25 -0
  146. package/extensions/cerebras/onboard.ts +26 -0
  147. package/extensions/cerebras/openclaw.plugin.json +111 -0
  148. package/extensions/cerebras/package.json +15 -0
  149. package/extensions/cerebras/provider-catalog.ts +10 -0
  150. package/extensions/cerebras/tsconfig.json +16 -0
  151. package/extensions/chutes/api.ts +14 -0
  152. package/extensions/chutes/implicit-provider.test.ts +107 -0
  153. package/extensions/chutes/index.ts +194 -0
  154. package/extensions/chutes/model-discovery-env.ts +5 -0
  155. package/extensions/chutes/models.test.ts +289 -0
  156. package/extensions/chutes/models.ts +632 -0
  157. package/extensions/chutes/oauth.ts +235 -0
  158. package/extensions/chutes/onboard.ts +63 -0
  159. package/extensions/chutes/openclaw.plugin.json +726 -0
  160. package/extensions/chutes/package.json +15 -0
  161. package/extensions/chutes/provider-catalog.ts +29 -0
  162. package/extensions/chutes/tsconfig.json +16 -0
  163. package/extensions/cloudflare-ai-gateway/api.ts +14 -0
  164. package/extensions/cloudflare-ai-gateway/catalog-provider.ts +73 -0
  165. package/extensions/cloudflare-ai-gateway/index.test.ts +60 -0
  166. package/extensions/cloudflare-ai-gateway/index.ts +233 -0
  167. package/extensions/cloudflare-ai-gateway/models.ts +44 -0
  168. package/extensions/cloudflare-ai-gateway/onboard.ts +91 -0
  169. package/extensions/cloudflare-ai-gateway/openclaw.plugin.json +44 -0
  170. package/extensions/cloudflare-ai-gateway/package.json +15 -0
  171. package/extensions/cloudflare-ai-gateway/provider-discovery.contract.test.ts +3 -0
  172. package/extensions/cloudflare-ai-gateway/stream-wrappers.test.ts +160 -0
  173. package/extensions/cloudflare-ai-gateway/stream-wrappers.ts +32 -0
  174. package/extensions/cloudflare-ai-gateway/tsconfig.json +16 -0
  175. package/extensions/codex/doctor-contract-api.test.ts +44 -0
  176. package/extensions/codex/doctor-contract-api.ts +68 -0
  177. package/extensions/codex/harness.ts +85 -0
  178. package/extensions/codex/index.test.ts +230 -0
  179. package/extensions/codex/index.ts +125 -0
  180. package/extensions/codex/media-understanding-provider.test.ts +496 -0
  181. package/extensions/codex/media-understanding-provider.ts +524 -0
  182. package/extensions/codex/npm-shrinkwrap.json +1949 -0
  183. package/extensions/codex/openclaw.plugin.json +403 -0
  184. package/extensions/codex/package.json +41 -0
  185. package/extensions/codex/prompt-overlay-runtime-contract.test.ts +48 -0
  186. package/extensions/codex/prompt-overlay.ts +21 -0
  187. package/extensions/codex/provider-catalog.ts +83 -0
  188. package/extensions/codex/provider-discovery.ts +45 -0
  189. package/extensions/codex/provider.test.ts +384 -0
  190. package/extensions/codex/provider.ts +243 -0
  191. package/extensions/codex/src/app-server/app-inventory-cache.test.ts +176 -0
  192. package/extensions/codex/src/app-server/app-inventory-cache.ts +324 -0
  193. package/extensions/codex/src/app-server/approval-bridge.test.ts +1472 -0
  194. package/extensions/codex/src/app-server/approval-bridge.ts +1211 -0
  195. package/extensions/codex/src/app-server/auth-bridge.test.ts +1449 -0
  196. package/extensions/codex/src/app-server/auth-bridge.ts +614 -0
  197. package/extensions/codex/src/app-server/auth-profile-runtime-contract.test.ts +242 -0
  198. package/extensions/codex/src/app-server/capabilities.ts +27 -0
  199. package/extensions/codex/src/app-server/client-factory.ts +24 -0
  200. package/extensions/codex/src/app-server/client.test.ts +563 -0
  201. package/extensions/codex/src/app-server/client.ts +721 -0
  202. package/extensions/codex/src/app-server/compact.test.ts +1029 -0
  203. package/extensions/codex/src/app-server/compact.ts +662 -0
  204. package/extensions/codex/src/app-server/computer-use.test.ts +788 -0
  205. package/extensions/codex/src/app-server/computer-use.ts +683 -0
  206. package/extensions/codex/src/app-server/config.test.ts +948 -0
  207. package/extensions/codex/src/app-server/config.ts +1093 -0
  208. package/extensions/codex/src/app-server/context-engine-projection.test.ts +252 -0
  209. package/extensions/codex/src/app-server/context-engine-projection.ts +403 -0
  210. package/extensions/codex/src/app-server/delivery-no-reply-runtime-contract.test.ts +80 -0
  211. package/extensions/codex/src/app-server/dynamic-tool-diagnostics.ts +73 -0
  212. package/extensions/codex/src/app-server/dynamic-tool-profile.ts +70 -0
  213. package/extensions/codex/src/app-server/dynamic-tools.test.ts +1357 -0
  214. package/extensions/codex/src/app-server/dynamic-tools.ts +646 -0
  215. package/extensions/codex/src/app-server/elicitation-bridge.test.ts +1281 -0
  216. package/extensions/codex/src/app-server/elicitation-bridge.ts +828 -0
  217. package/extensions/codex/src/app-server/event-projector.test.ts +2885 -0
  218. package/extensions/codex/src/app-server/event-projector.ts +2047 -0
  219. package/extensions/codex/src/app-server/image-payload-sanitizer.test.ts +49 -0
  220. package/extensions/codex/src/app-server/image-payload-sanitizer.ts +195 -0
  221. package/extensions/codex/src/app-server/local-runtime-attribution.ts +39 -0
  222. package/extensions/codex/src/app-server/managed-binary.test.ts +141 -0
  223. package/extensions/codex/src/app-server/managed-binary.ts +193 -0
  224. package/extensions/codex/src/app-server/models.test.ts +246 -0
  225. package/extensions/codex/src/app-server/models.ts +172 -0
  226. package/extensions/codex/src/app-server/native-hook-relay.test.ts +274 -0
  227. package/extensions/codex/src/app-server/native-hook-relay.ts +150 -0
  228. package/extensions/codex/src/app-server/native-subagent-monitor.test.ts +1125 -0
  229. package/extensions/codex/src/app-server/native-subagent-monitor.ts +1061 -0
  230. package/extensions/codex/src/app-server/native-subagent-notification.test.ts +176 -0
  231. package/extensions/codex/src/app-server/native-subagent-notification.ts +222 -0
  232. package/extensions/codex/src/app-server/native-subagent-task-ids.ts +3 -0
  233. package/extensions/codex/src/app-server/native-subagent-task-mirror.test.ts +625 -0
  234. package/extensions/codex/src/app-server/native-subagent-task-mirror.ts +460 -0
  235. package/extensions/codex/src/app-server/notification-correlation.ts +91 -0
  236. package/extensions/codex/src/app-server/openclaw-owned-tool-runtime-contract.test.ts +456 -0
  237. package/extensions/codex/src/app-server/outcome-fallback-runtime-contract.test.ts +404 -0
  238. package/extensions/codex/src/app-server/plugin-activation.test.ts +336 -0
  239. package/extensions/codex/src/app-server/plugin-activation.ts +283 -0
  240. package/extensions/codex/src/app-server/plugin-app-cache-key.ts +74 -0
  241. package/extensions/codex/src/app-server/plugin-approval-roundtrip.ts +122 -0
  242. package/extensions/codex/src/app-server/plugin-inventory.test.ts +355 -0
  243. package/extensions/codex/src/app-server/plugin-inventory.ts +357 -0
  244. package/extensions/codex/src/app-server/plugin-thread-config.test.ts +865 -0
  245. package/extensions/codex/src/app-server/plugin-thread-config.ts +455 -0
  246. package/extensions/codex/src/app-server/protocol-generated/json/DynamicToolCallParams.json +33 -0
  247. package/extensions/codex/src/app-server/protocol-generated/json/v2/ErrorNotification.json +199 -0
  248. package/extensions/codex/src/app-server/protocol-generated/json/v2/GetAccountResponse.json +102 -0
  249. package/extensions/codex/src/app-server/protocol-generated/json/v2/ModelListResponse.json +227 -0
  250. package/extensions/codex/src/app-server/protocol-generated/json/v2/ThreadResumeResponse.json +2630 -0
  251. package/extensions/codex/src/app-server/protocol-generated/json/v2/ThreadStartResponse.json +2630 -0
  252. package/extensions/codex/src/app-server/protocol-generated/json/v2/TurnCompletedNotification.json +1659 -0
  253. package/extensions/codex/src/app-server/protocol-generated/json/v2/TurnStartResponse.json +1655 -0
  254. package/extensions/codex/src/app-server/protocol-validators.test.ts +75 -0
  255. package/extensions/codex/src/app-server/protocol-validators.ts +203 -0
  256. package/extensions/codex/src/app-server/protocol.ts +537 -0
  257. package/extensions/codex/src/app-server/rate-limit-cache.ts +48 -0
  258. package/extensions/codex/src/app-server/rate-limits.test.ts +202 -0
  259. package/extensions/codex/src/app-server/rate-limits.ts +583 -0
  260. package/extensions/codex/src/app-server/request.test.ts +68 -0
  261. package/extensions/codex/src/app-server/request.ts +90 -0
  262. package/extensions/codex/src/app-server/run-attempt-thread-cleanup.test.ts +197 -0
  263. package/extensions/codex/src/app-server/run-attempt.context-engine.test.ts +1246 -0
  264. package/extensions/codex/src/app-server/run-attempt.test.ts +10799 -0
  265. package/extensions/codex/src/app-server/run-attempt.ts +5264 -0
  266. package/extensions/codex/src/app-server/run-attempt.vision-tools.test.ts +35 -0
  267. package/extensions/codex/src/app-server/sandbox-exec-server/filesystem.ts +261 -0
  268. package/extensions/codex/src/app-server/sandbox-exec-server/fs-policy.ts +346 -0
  269. package/extensions/codex/src/app-server/sandbox-exec-server/http.ts +312 -0
  270. package/extensions/codex/src/app-server/sandbox-exec-server/json-rpc.ts +93 -0
  271. package/extensions/codex/src/app-server/sandbox-exec-server/processes.ts +411 -0
  272. package/extensions/codex/src/app-server/sandbox-exec-server/runtime.ts +22 -0
  273. package/extensions/codex/src/app-server/sandbox-exec-server/types.ts +80 -0
  274. package/extensions/codex/src/app-server/sandbox-exec-server.fs.test.ts +527 -0
  275. package/extensions/codex/src/app-server/sandbox-exec-server.http.test.ts +210 -0
  276. package/extensions/codex/src/app-server/sandbox-exec-server.test-helpers.ts +236 -0
  277. package/extensions/codex/src/app-server/sandbox-exec-server.test.ts +460 -0
  278. package/extensions/codex/src/app-server/sandbox-exec-server.ts +355 -0
  279. package/extensions/codex/src/app-server/sandbox-guard.ts +153 -0
  280. package/extensions/codex/src/app-server/schema-normalization-runtime-contract.test.ts +206 -0
  281. package/extensions/codex/src/app-server/session-binding.test.ts +303 -0
  282. package/extensions/codex/src/app-server/session-binding.ts +407 -0
  283. package/extensions/codex/src/app-server/session-history.ts +44 -0
  284. package/extensions/codex/src/app-server/shared-client.test.ts +591 -0
  285. package/extensions/codex/src/app-server/shared-client.ts +289 -0
  286. package/extensions/codex/src/app-server/side-question.test.ts +1243 -0
  287. package/extensions/codex/src/app-server/side-question.ts +1019 -0
  288. package/extensions/codex/src/app-server/test-support.ts +48 -0
  289. package/extensions/codex/src/app-server/thread-lifecycle.test.ts +447 -0
  290. package/extensions/codex/src/app-server/thread-lifecycle.ts +1004 -0
  291. package/extensions/codex/src/app-server/thread-lifecycle.user-mcp-servers.test.ts +442 -0
  292. package/extensions/codex/src/app-server/timeout.ts +9 -0
  293. package/extensions/codex/src/app-server/tool-progress-normalization.ts +77 -0
  294. package/extensions/codex/src/app-server/trajectory.test.ts +205 -0
  295. package/extensions/codex/src/app-server/trajectory.ts +368 -0
  296. package/extensions/codex/src/app-server/transcript-mirror.test.ts +527 -0
  297. package/extensions/codex/src/app-server/transcript-mirror.ts +208 -0
  298. package/extensions/codex/src/app-server/transcript-repair-runtime-contract.test.ts +44 -0
  299. package/extensions/codex/src/app-server/transport-stdio.test.ts +184 -0
  300. package/extensions/codex/src/app-server/transport-stdio.ts +107 -0
  301. package/extensions/codex/src/app-server/transport-websocket.test.ts +71 -0
  302. package/extensions/codex/src/app-server/transport-websocket.ts +90 -0
  303. package/extensions/codex/src/app-server/transport.ts +117 -0
  304. package/extensions/codex/src/app-server/user-input-bridge.test.ts +249 -0
  305. package/extensions/codex/src/app-server/user-input-bridge.ts +316 -0
  306. package/extensions/codex/src/app-server/version.ts +5 -0
  307. package/extensions/codex/src/app-server/vision-tools.ts +12 -0
  308. package/extensions/codex/src/command-account.ts +589 -0
  309. package/extensions/codex/src/command-formatters.ts +426 -0
  310. package/extensions/codex/src/command-handlers.ts +2092 -0
  311. package/extensions/codex/src/command-plugins-management.test.ts +172 -0
  312. package/extensions/codex/src/command-plugins-management.ts +137 -0
  313. package/extensions/codex/src/command-rpc.test.ts +16 -0
  314. package/extensions/codex/src/command-rpc.ts +146 -0
  315. package/extensions/codex/src/commands.test.ts +3737 -0
  316. package/extensions/codex/src/commands.ts +65 -0
  317. package/extensions/codex/src/conversation-binding-data.ts +124 -0
  318. package/extensions/codex/src/conversation-binding.test.ts +697 -0
  319. package/extensions/codex/src/conversation-binding.ts +575 -0
  320. package/extensions/codex/src/conversation-control.test.ts +126 -0
  321. package/extensions/codex/src/conversation-control.ts +303 -0
  322. package/extensions/codex/src/conversation-turn-collector.test.ts +191 -0
  323. package/extensions/codex/src/conversation-turn-collector.ts +190 -0
  324. package/extensions/codex/src/conversation-turn-input.test.ts +141 -0
  325. package/extensions/codex/src/conversation-turn-input.ts +106 -0
  326. package/extensions/codex/src/manifest.test.ts +20 -0
  327. package/extensions/codex/src/migration/apply.ts +501 -0
  328. package/extensions/codex/src/migration/helpers.ts +55 -0
  329. package/extensions/codex/src/migration/plan.ts +461 -0
  330. package/extensions/codex/src/migration/provider.test.ts +1741 -0
  331. package/extensions/codex/src/migration/provider.ts +41 -0
  332. package/extensions/codex/src/migration/source.ts +643 -0
  333. package/extensions/codex/src/migration/targets.ts +25 -0
  334. package/extensions/codex/src/node-cli-sessions.test.ts +180 -0
  335. package/extensions/codex/src/node-cli-sessions.ts +711 -0
  336. package/extensions/codex/test-api.ts +95 -0
  337. package/extensions/codex/tsconfig.json +16 -0
  338. package/extensions/comfy/comfy.live.test.ts +128 -0
  339. package/extensions/comfy/image-generation-provider.test.ts +457 -0
  340. package/extensions/comfy/image-generation-provider.ts +79 -0
  341. package/extensions/comfy/index.test.ts +51 -0
  342. package/extensions/comfy/index.ts +45 -0
  343. package/extensions/comfy/music-generation-provider.test.ts +101 -0
  344. package/extensions/comfy/music-generation-provider.ts +88 -0
  345. package/extensions/comfy/openclaw.plugin.json +268 -0
  346. package/extensions/comfy/package.json +15 -0
  347. package/extensions/comfy/plugin-registration.contract.test.ts +11 -0
  348. package/extensions/comfy/test-helpers.ts +113 -0
  349. package/extensions/comfy/tsconfig.json +16 -0
  350. package/extensions/comfy/video-generation-provider.test.ts +184 -0
  351. package/extensions/comfy/video-generation-provider.ts +104 -0
  352. package/extensions/comfy/workflow-runtime.ts +827 -0
  353. package/extensions/deepgram/audio.live.test.ts +75 -0
  354. package/extensions/deepgram/audio.test.ts +146 -0
  355. package/extensions/deepgram/audio.ts +109 -0
  356. package/extensions/deepgram/index.ts +13 -0
  357. package/extensions/deepgram/media-understanding-provider.ts +10 -0
  358. package/extensions/deepgram/openclaw.plugin.json +30 -0
  359. package/extensions/deepgram/package.json +15 -0
  360. package/extensions/deepgram/realtime-transcription-provider.test.ts +69 -0
  361. package/extensions/deepgram/realtime-transcription-provider.ts +283 -0
  362. package/extensions/deepgram/test-api.ts +2 -0
  363. package/extensions/deepgram/tsconfig.json +16 -0
  364. package/extensions/deepinfra/api.ts +8 -0
  365. package/extensions/deepinfra/embedding-provider.ts +33 -0
  366. package/extensions/deepinfra/image-generation-provider.test.ts +224 -0
  367. package/extensions/deepinfra/image-generation-provider.ts +89 -0
  368. package/extensions/deepinfra/index.test.ts +113 -0
  369. package/extensions/deepinfra/index.ts +84 -0
  370. package/extensions/deepinfra/media-models.ts +50 -0
  371. package/extensions/deepinfra/media-understanding-provider.test.ts +73 -0
  372. package/extensions/deepinfra/media-understanding-provider.ts +37 -0
  373. package/extensions/deepinfra/memory-embedding-adapter.test.ts +31 -0
  374. package/extensions/deepinfra/memory-embedding-adapter.ts +35 -0
  375. package/extensions/deepinfra/onboard.test.ts +172 -0
  376. package/extensions/deepinfra/onboard.ts +36 -0
  377. package/extensions/deepinfra/openclaw.plugin.json +203 -0
  378. package/extensions/deepinfra/package.json +15 -0
  379. package/extensions/deepinfra/provider-catalog.ts +24 -0
  380. package/extensions/deepinfra/provider-models.test.ts +217 -0
  381. package/extensions/deepinfra/provider-models.ts +167 -0
  382. package/extensions/deepinfra/provider-policy-api.test.ts +41 -0
  383. package/extensions/deepinfra/provider-policy-api.ts +21 -0
  384. package/extensions/deepinfra/provider.contract.test.ts +3 -0
  385. package/extensions/deepinfra/speech-provider.test.ts +169 -0
  386. package/extensions/deepinfra/speech-provider.ts +41 -0
  387. package/extensions/deepinfra/tsconfig.json +16 -0
  388. package/extensions/deepinfra/video-generation-provider.test.ts +194 -0
  389. package/extensions/deepinfra/video-generation-provider.ts +262 -0
  390. package/extensions/deepseek/api.ts +7 -0
  391. package/extensions/deepseek/deepseek.live.test.ts +232 -0
  392. package/extensions/deepseek/index.test.ts +488 -0
  393. package/extensions/deepseek/index.ts +58 -0
  394. package/extensions/deepseek/models.ts +33 -0
  395. package/extensions/deepseek/onboard.ts +31 -0
  396. package/extensions/deepseek/openclaw.plugin.json +132 -0
  397. package/extensions/deepseek/package.json +15 -0
  398. package/extensions/deepseek/provider-catalog.ts +14 -0
  399. package/extensions/deepseek/provider-discovery.ts +17 -0
  400. package/extensions/deepseek/provider-policy-api.test.ts +264 -0
  401. package/extensions/deepseek/provider-policy-api.ts +104 -0
  402. package/extensions/deepseek/stream.ts +14 -0
  403. package/extensions/deepseek/thinking.ts +19 -0
  404. package/extensions/deepseek/tsconfig.json +16 -0
  405. package/extensions/elevenlabs/config-api.ts +8 -0
  406. package/extensions/elevenlabs/config-compat.test.ts +75 -0
  407. package/extensions/elevenlabs/config-compat.ts +181 -0
  408. package/extensions/elevenlabs/contract-api.ts +8 -0
  409. package/extensions/elevenlabs/doctor-contract.ts +34 -0
  410. package/extensions/elevenlabs/elevenlabs.live.test.ts +91 -0
  411. package/extensions/elevenlabs/index.ts +15 -0
  412. package/extensions/elevenlabs/media-understanding-provider.test.ts +95 -0
  413. package/extensions/elevenlabs/media-understanding-provider.ts +85 -0
  414. package/extensions/elevenlabs/openclaw.plugin.json +40 -0
  415. package/extensions/elevenlabs/package.json +15 -0
  416. package/extensions/elevenlabs/realtime-transcription-provider.test.ts +60 -0
  417. package/extensions/elevenlabs/realtime-transcription-provider.ts +284 -0
  418. package/extensions/elevenlabs/setup-api.ts +11 -0
  419. package/extensions/elevenlabs/shared.ts +10 -0
  420. package/extensions/elevenlabs/speech-provider.test.ts +124 -0
  421. package/extensions/elevenlabs/speech-provider.ts +594 -0
  422. package/extensions/elevenlabs/test-api.ts +6 -0
  423. package/extensions/elevenlabs/tsconfig.json +16 -0
  424. package/extensions/elevenlabs/tts.test.ts +212 -0
  425. package/extensions/elevenlabs/tts.ts +198 -0
  426. package/extensions/fal/image-generation-provider.test.ts +710 -0
  427. package/extensions/fal/image-generation-provider.ts +463 -0
  428. package/extensions/fal/index.ts +19 -0
  429. package/extensions/fal/music-generation-provider.test.ts +200 -0
  430. package/extensions/fal/music-generation-provider.ts +219 -0
  431. package/extensions/fal/onboard.ts +21 -0
  432. package/extensions/fal/openclaw.plugin.json +42 -0
  433. package/extensions/fal/package.json +15 -0
  434. package/extensions/fal/plugin-registration.contract.test.ts +11 -0
  435. package/extensions/fal/provider-contract-api.ts +31 -0
  436. package/extensions/fal/provider-registration.ts +38 -0
  437. package/extensions/fal/test-api.ts +3 -0
  438. package/extensions/fal/tsconfig.json +16 -0
  439. package/extensions/fal/video-generation-provider.test.ts +566 -0
  440. package/extensions/fal/video-generation-provider.ts +648 -0
  441. package/extensions/fireworks/index.test.ts +181 -0
  442. package/extensions/fireworks/index.ts +85 -0
  443. package/extensions/fireworks/model-id.ts +5 -0
  444. package/extensions/fireworks/onboard.ts +30 -0
  445. package/extensions/fireworks/openclaw.plugin.json +73 -0
  446. package/extensions/fireworks/package.json +18 -0
  447. package/extensions/fireworks/provider-catalog.ts +50 -0
  448. package/extensions/fireworks/provider-policy-api.ts +8 -0
  449. package/extensions/fireworks/stream.test.ts +184 -0
  450. package/extensions/fireworks/stream.ts +39 -0
  451. package/extensions/fireworks/thinking-policy.ts +17 -0
  452. package/extensions/fireworks/tsconfig.json +16 -0
  453. package/extensions/github-copilot/api.ts +1 -0
  454. package/extensions/github-copilot/auth.test.ts +109 -0
  455. package/extensions/github-copilot/auth.ts +65 -0
  456. package/extensions/github-copilot/connection-bound-ids.live.test.ts +231 -0
  457. package/extensions/github-copilot/connection-bound-ids.test.ts +96 -0
  458. package/extensions/github-copilot/connection-bound-ids.ts +81 -0
  459. package/extensions/github-copilot/embeddings.test.ts +287 -0
  460. package/extensions/github-copilot/embeddings.ts +342 -0
  461. package/extensions/github-copilot/index.test.ts +660 -0
  462. package/extensions/github-copilot/index.ts +492 -0
  463. package/extensions/github-copilot/login.ts +323 -0
  464. package/extensions/github-copilot/model-metadata.ts +51 -0
  465. package/extensions/github-copilot/models-defaults.ts +61 -0
  466. package/extensions/github-copilot/models.test.ts +695 -0
  467. package/extensions/github-copilot/models.ts +274 -0
  468. package/extensions/github-copilot/openclaw.plugin.json +270 -0
  469. package/extensions/github-copilot/package.json +19 -0
  470. package/extensions/github-copilot/provider-auth.contract.test.ts +3 -0
  471. package/extensions/github-copilot/provider-discovery.contract.test.ts +7 -0
  472. package/extensions/github-copilot/provider-runtime.contract.test.ts +3 -0
  473. package/extensions/github-copilot/register.runtime.ts +24 -0
  474. package/extensions/github-copilot/replay-policy.ts +9 -0
  475. package/extensions/github-copilot/stream.test.ts +282 -0
  476. package/extensions/github-copilot/stream.ts +157 -0
  477. package/extensions/github-copilot/token.ts +6 -0
  478. package/extensions/github-copilot/tsconfig.json +16 -0
  479. package/extensions/github-copilot/usage.ts +68 -0
  480. package/extensions/google/api.test.ts +249 -0
  481. package/extensions/google/api.ts +91 -0
  482. package/extensions/google/cli-backend.ts +58 -0
  483. package/extensions/google/default-model.test.ts +115 -0
  484. package/extensions/google/doctor-contract-api.ts +18 -0
  485. package/extensions/google/embedding-batch.ts +379 -0
  486. package/extensions/google/embedding-provider.test.ts +264 -0
  487. package/extensions/google/embedding-provider.ts +441 -0
  488. package/extensions/google/gemini-auth.ts +20 -0
  489. package/extensions/google/gemini-cli-provider.ts +145 -0
  490. package/extensions/google/generation-provider-metadata.ts +121 -0
  491. package/extensions/google/google-genai-runtime.ts +8 -0
  492. package/extensions/google/google-shared.test-helpers.ts +99 -0
  493. package/extensions/google/google-shared.test.ts +380 -0
  494. package/extensions/google/google.live.test.ts +179 -0
  495. package/extensions/google/image-generation-provider.test.ts +503 -0
  496. package/extensions/google/image-generation-provider.ts +272 -0
  497. package/extensions/google/index.test.ts +310 -0
  498. package/extensions/google/index.ts +354 -0
  499. package/extensions/google/manifest.test.ts +104 -0
  500. package/extensions/google/media-understanding-provider.ts +164 -0
  501. package/extensions/google/media-understanding-provider.video.test.ts +158 -0
  502. package/extensions/google/memory-embedding-adapter.ts +79 -0
  503. package/extensions/google/model-id.test.ts +42 -0
  504. package/extensions/google/model-id.ts +35 -0
  505. package/extensions/google/music-generation-provider.test.ts +278 -0
  506. package/extensions/google/music-generation-provider.ts +176 -0
  507. package/extensions/google/oauth-token-shared.test.ts +39 -0
  508. package/extensions/google/oauth-token-shared.ts +42 -0
  509. package/extensions/google/oauth.credentials.ts +273 -0
  510. package/extensions/google/oauth.flow.ts +61 -0
  511. package/extensions/google/oauth.http.ts +24 -0
  512. package/extensions/google/oauth.project.ts +232 -0
  513. package/extensions/google/oauth.runtime.ts +1 -0
  514. package/extensions/google/oauth.settings.ts +72 -0
  515. package/extensions/google/oauth.shared.ts +44 -0
  516. package/extensions/google/oauth.test.ts +922 -0
  517. package/extensions/google/oauth.token.ts +138 -0
  518. package/extensions/google/oauth.ts +104 -0
  519. package/extensions/google/onboard.ts +78 -0
  520. package/extensions/google/openclaw.plugin.json +706 -0
  521. package/extensions/google/package.json +19 -0
  522. package/extensions/google/plugin-registration.contract.test.ts +12 -0
  523. package/extensions/google/provider-contract-api.ts +77 -0
  524. package/extensions/google/provider-hooks.ts +18 -0
  525. package/extensions/google/provider-models.test.ts +513 -0
  526. package/extensions/google/provider-models.ts +237 -0
  527. package/extensions/google/provider-policy-api.test.ts +201 -0
  528. package/extensions/google/provider-policy-api.ts +11 -0
  529. package/extensions/google/provider-policy.ts +208 -0
  530. package/extensions/google/provider-registration.ts +72 -0
  531. package/extensions/google/provider-runtime.contract.test.ts +3 -0
  532. package/extensions/google/realtime-voice-provider.test.ts +857 -0
  533. package/extensions/google/realtime-voice-provider.ts +952 -0
  534. package/extensions/google/runtime-api.ts +19 -0
  535. package/extensions/google/setup-api.test.ts +23 -0
  536. package/extensions/google/setup-api.ts +13 -0
  537. package/extensions/google/speech-provider.test.ts +682 -0
  538. package/extensions/google/speech-provider.ts +683 -0
  539. package/extensions/google/src/gemini-web-search-provider.runtime.ts +367 -0
  540. package/extensions/google/src/gemini-web-search-provider.shared.ts +45 -0
  541. package/extensions/google/src/gemini-web-search-provider.ts +151 -0
  542. package/extensions/google/test-api.ts +6 -0
  543. package/extensions/google/thinking-api.ts +14 -0
  544. package/extensions/google/thinking.test.ts +153 -0
  545. package/extensions/google/thinking.ts +14 -0
  546. package/extensions/google/transport-stream.test.ts +1726 -0
  547. package/extensions/google/transport-stream.ts +1396 -0
  548. package/extensions/google/tsconfig.json +16 -0
  549. package/extensions/google/vertex-adc.ts +188 -0
  550. package/extensions/google/video-generation-provider.test.ts +573 -0
  551. package/extensions/google/video-generation-provider.ts +591 -0
  552. package/extensions/google/web-search-contract-api.ts +1 -0
  553. package/extensions/google/web-search-provider.test.ts +548 -0
  554. package/extensions/google/web-search-provider.ts +1 -0
  555. package/extensions/groq/api.ts +60 -0
  556. package/extensions/groq/index.test.ts +90 -0
  557. package/extensions/groq/index.ts +21 -0
  558. package/extensions/groq/media-understanding-provider.ts +21 -0
  559. package/extensions/groq/openclaw.plugin.json +314 -0
  560. package/extensions/groq/package.json +15 -0
  561. package/extensions/groq/test-api.ts +1 -0
  562. package/extensions/groq/tsconfig.json +16 -0
  563. package/extensions/huggingface/api.ts +10 -0
  564. package/extensions/huggingface/index.test.ts +81 -0
  565. package/extensions/huggingface/index.ts +60 -0
  566. package/extensions/huggingface/model-discovery-env.ts +5 -0
  567. package/extensions/huggingface/models.test.ts +98 -0
  568. package/extensions/huggingface/models.ts +218 -0
  569. package/extensions/huggingface/onboard.ts +26 -0
  570. package/extensions/huggingface/openclaw.plugin.json +57 -0
  571. package/extensions/huggingface/package.json +15 -0
  572. package/extensions/huggingface/provider-catalog.ts +22 -0
  573. package/extensions/huggingface/tsconfig.json +16 -0
  574. package/extensions/image-generation-core/api.ts +30 -0
  575. package/extensions/image-generation-core/package.json +10 -0
  576. package/extensions/image-generation-core/runtime-api.ts +6 -0
  577. package/extensions/image-generation-core/src/runtime.test.ts +29 -0
  578. package/extensions/image-generation-core/src/runtime.ts +6 -0
  579. package/extensions/image-generation-core/tsconfig.json +16 -0
  580. package/extensions/kimi-coding/api.ts +8 -0
  581. package/extensions/kimi-coding/implicit-provider.test.ts +116 -0
  582. package/extensions/kimi-coding/index.test.ts +45 -0
  583. package/extensions/kimi-coding/index.ts +113 -0
  584. package/extensions/kimi-coding/onboard.test.ts +44 -0
  585. package/extensions/kimi-coding/onboard.ts +42 -0
  586. package/extensions/kimi-coding/openclaw.plugin.json +64 -0
  587. package/extensions/kimi-coding/package.json +18 -0
  588. package/extensions/kimi-coding/provider-catalog.test.ts +23 -0
  589. package/extensions/kimi-coding/provider-catalog.ts +58 -0
  590. package/extensions/kimi-coding/replay-policy.test.ts +10 -0
  591. package/extensions/kimi-coding/replay-policy.ts +3 -0
  592. package/extensions/kimi-coding/stream.test.ts +603 -0
  593. package/extensions/kimi-coding/stream.ts +399 -0
  594. package/extensions/kimi-coding/tsconfig.json +16 -0
  595. package/extensions/litellm/api.ts +8 -0
  596. package/extensions/litellm/image-generation-provider.test.ts +348 -0
  597. package/extensions/litellm/image-generation-provider.ts +142 -0
  598. package/extensions/litellm/index.test.ts +107 -0
  599. package/extensions/litellm/index.ts +108 -0
  600. package/extensions/litellm/onboard.test.ts +21 -0
  601. package/extensions/litellm/onboard.ts +55 -0
  602. package/extensions/litellm/openclaw.plugin.json +35 -0
  603. package/extensions/litellm/package.json +15 -0
  604. package/extensions/litellm/provider-catalog.ts +10 -0
  605. package/extensions/litellm/tsconfig.json +16 -0
  606. package/extensions/lmstudio/README.md +3 -0
  607. package/extensions/lmstudio/api.ts +36 -0
  608. package/extensions/lmstudio/index.test.ts +207 -0
  609. package/extensions/lmstudio/index.ts +137 -0
  610. package/extensions/lmstudio/memory-embedding-adapter.ts +36 -0
  611. package/extensions/lmstudio/openclaw.plugin.json +53 -0
  612. package/extensions/lmstudio/package.json +15 -0
  613. package/extensions/lmstudio/plugin-registration.contract.test.ts +6 -0
  614. package/extensions/lmstudio/runtime-api.ts +35 -0
  615. package/extensions/lmstudio/src/api.ts +42 -0
  616. package/extensions/lmstudio/src/defaults.ts +14 -0
  617. package/extensions/lmstudio/src/embedding-provider.ts +147 -0
  618. package/extensions/lmstudio/src/models.fetch.ts +277 -0
  619. package/extensions/lmstudio/src/models.test.ts +491 -0
  620. package/extensions/lmstudio/src/models.ts +536 -0
  621. package/extensions/lmstudio/src/plain-text-tool-calls.ts +24 -0
  622. package/extensions/lmstudio/src/provider-auth.ts +59 -0
  623. package/extensions/lmstudio/src/runtime.test.ts +357 -0
  624. package/extensions/lmstudio/src/runtime.ts +276 -0
  625. package/extensions/lmstudio/src/setup.test.ts +1543 -0
  626. package/extensions/lmstudio/src/setup.ts +878 -0
  627. package/extensions/lmstudio/src/stream.test.ts +658 -0
  628. package/extensions/lmstudio/src/stream.ts +493 -0
  629. package/extensions/media-understanding-core/image-ops.ts +137 -0
  630. package/extensions/media-understanding-core/package.json +14 -0
  631. package/extensions/media-understanding-core/runtime-api.ts +9 -0
  632. package/extensions/media-understanding-core/src/runtime.ts +9 -0
  633. package/extensions/media-understanding-core/tsconfig.json +16 -0
  634. package/extensions/microsoft/index.ts +11 -0
  635. package/extensions/microsoft/microsoft.live.test.ts +14 -0
  636. package/extensions/microsoft/openclaw.plugin.json +15 -0
  637. package/extensions/microsoft/package.json +18 -0
  638. package/extensions/microsoft/speech-provider.test.ts +298 -0
  639. package/extensions/microsoft/speech-provider.ts +295 -0
  640. package/extensions/microsoft/test-api.ts +1 -0
  641. package/extensions/microsoft/tsconfig.json +16 -0
  642. package/extensions/microsoft/tts.test.ts +193 -0
  643. package/extensions/microsoft/tts.ts +137 -0
  644. package/extensions/minimax/README.md +37 -0
  645. package/extensions/minimax/api.ts +27 -0
  646. package/extensions/minimax/image-generation-provider.test.ts +313 -0
  647. package/extensions/minimax/image-generation-provider.ts +216 -0
  648. package/extensions/minimax/index.test.ts +408 -0
  649. package/extensions/minimax/index.ts +39 -0
  650. package/extensions/minimax/media-understanding-provider.ts +23 -0
  651. package/extensions/minimax/minimax.live.test.ts +115 -0
  652. package/extensions/minimax/model-definitions.test.ts +101 -0
  653. package/extensions/minimax/model-definitions.ts +91 -0
  654. package/extensions/minimax/music-generation-provider.test.ts +198 -0
  655. package/extensions/minimax/music-generation-provider.ts +259 -0
  656. package/extensions/minimax/oauth.runtime.ts +1 -0
  657. package/extensions/minimax/oauth.ts +233 -0
  658. package/extensions/minimax/onboard.test.ts +126 -0
  659. package/extensions/minimax/onboard.ts +104 -0
  660. package/extensions/minimax/openclaw.plugin.json +133 -0
  661. package/extensions/minimax/package.json +15 -0
  662. package/extensions/minimax/plugin-registration.contract.test.ts +15 -0
  663. package/extensions/minimax/provider-catalog.ts +86 -0
  664. package/extensions/minimax/provider-contract-api.ts +84 -0
  665. package/extensions/minimax/provider-discovery.contract.test.ts +3 -0
  666. package/extensions/minimax/provider-http.test-helpers.ts +142 -0
  667. package/extensions/minimax/provider-models.ts +21 -0
  668. package/extensions/minimax/provider-registration.ts +285 -0
  669. package/extensions/minimax/speech-provider.test.ts +576 -0
  670. package/extensions/minimax/speech-provider.ts +312 -0
  671. package/extensions/minimax/src/minimax-web-search-provider.runtime.ts +270 -0
  672. package/extensions/minimax/src/minimax-web-search-provider.test.ts +177 -0
  673. package/extensions/minimax/src/minimax-web-search-provider.ts +64 -0
  674. package/extensions/minimax/test-api.ts +11 -0
  675. package/extensions/minimax/tsconfig.json +16 -0
  676. package/extensions/minimax/tts.ts +116 -0
  677. package/extensions/minimax/video-generation-provider.test.ts +214 -0
  678. package/extensions/minimax/video-generation-provider.ts +456 -0
  679. package/extensions/minimax/web-search-contract-api.ts +35 -0
  680. package/extensions/minimax/web-search-provider.ts +1 -0
  681. package/extensions/mistral/api.test.ts +195 -0
  682. package/extensions/mistral/api.ts +81 -0
  683. package/extensions/mistral/embedding-provider.ts +52 -0
  684. package/extensions/mistral/index.ts +61 -0
  685. package/extensions/mistral/media-understanding-provider.test.ts +46 -0
  686. package/extensions/mistral/media-understanding-provider.ts +21 -0
  687. package/extensions/mistral/memory-embedding-adapter.ts +35 -0
  688. package/extensions/mistral/mistral.live.test.ts +62 -0
  689. package/extensions/mistral/model-definitions.test.ts +65 -0
  690. package/extensions/mistral/model-definitions.ts +37 -0
  691. package/extensions/mistral/onboard.test.ts +54 -0
  692. package/extensions/mistral/onboard.ts +31 -0
  693. package/extensions/mistral/openclaw.plugin.json +180 -0
  694. package/extensions/mistral/package.json +15 -0
  695. package/extensions/mistral/provider-catalog.ts +10 -0
  696. package/extensions/mistral/provider-compat.ts +62 -0
  697. package/extensions/mistral/realtime-transcription-provider.test.ts +61 -0
  698. package/extensions/mistral/realtime-transcription-provider.ts +280 -0
  699. package/extensions/mistral/test-api.ts +2 -0
  700. package/extensions/mistral/tsconfig.json +16 -0
  701. package/extensions/moonshot/api.ts +9 -0
  702. package/extensions/moonshot/index.test.ts +73 -0
  703. package/extensions/moonshot/index.ts +81 -0
  704. package/extensions/moonshot/media-understanding-provider.test.ts +92 -0
  705. package/extensions/moonshot/media-understanding-provider.ts +85 -0
  706. package/extensions/moonshot/moonshot.live.test.ts +56 -0
  707. package/extensions/moonshot/onboard.ts +38 -0
  708. package/extensions/moonshot/openclaw.plugin.json +209 -0
  709. package/extensions/moonshot/package.json +15 -0
  710. package/extensions/moonshot/provider-catalog.test.ts +84 -0
  711. package/extensions/moonshot/provider-catalog.ts +34 -0
  712. package/extensions/moonshot/provider-contract-api.ts +33 -0
  713. package/extensions/moonshot/provider-discovery.ts +17 -0
  714. package/extensions/moonshot/src/kimi-web-search-provider.runtime.ts +513 -0
  715. package/extensions/moonshot/src/kimi-web-search-provider.test.ts +297 -0
  716. package/extensions/moonshot/src/kimi-web-search-provider.ts +71 -0
  717. package/extensions/moonshot/test-api.ts +2 -0
  718. package/extensions/moonshot/tsconfig.json +16 -0
  719. package/extensions/moonshot/web-search-contract-api.ts +28 -0
  720. package/extensions/moonshot/web-search-provider.ts +1 -0
  721. package/extensions/nvidia/api.ts +6 -0
  722. package/extensions/nvidia/index.test.ts +180 -0
  723. package/extensions/nvidia/index.ts +64 -0
  724. package/extensions/nvidia/onboard.test.ts +49 -0
  725. package/extensions/nvidia/onboard.ts +30 -0
  726. package/extensions/nvidia/openclaw.plugin.json +122 -0
  727. package/extensions/nvidia/package.json +15 -0
  728. package/extensions/nvidia/plugin-registration.contract.test.ts +14 -0
  729. package/extensions/nvidia/provider-catalog.test.ts +21 -0
  730. package/extensions/nvidia/provider-catalog.ts +15 -0
  731. package/extensions/nvidia/tsconfig.json +16 -0
  732. package/extensions/ollama/README.md +3 -0
  733. package/extensions/ollama/api.ts +34 -0
  734. package/extensions/ollama/index.test.ts +979 -0
  735. package/extensions/ollama/index.ts +336 -0
  736. package/extensions/ollama/ollama.live.test.ts +287 -0
  737. package/extensions/ollama/openclaw.plugin.json +67 -0
  738. package/extensions/ollama/package.json +19 -0
  739. package/extensions/ollama/plugin-registration.contract.test.ts +7 -0
  740. package/extensions/ollama/provider-discovery.import-guard.test.ts +29 -0
  741. package/extensions/ollama/provider-discovery.test.ts +657 -0
  742. package/extensions/ollama/provider-discovery.ts +69 -0
  743. package/extensions/ollama/provider-policy-api.test.ts +72 -0
  744. package/extensions/ollama/provider-policy-api.ts +59 -0
  745. package/extensions/ollama/runtime-api.ts +22 -0
  746. package/extensions/ollama/src/defaults.ts +14 -0
  747. package/extensions/ollama/src/discovery-shared.test.ts +41 -0
  748. package/extensions/ollama/src/discovery-shared.ts +322 -0
  749. package/extensions/ollama/src/embedding-provider.test.ts +557 -0
  750. package/extensions/ollama/src/embedding-provider.ts +393 -0
  751. package/extensions/ollama/src/media-understanding-provider.ts +18 -0
  752. package/extensions/ollama/src/memory-embedding-adapter.ts +30 -0
  753. package/extensions/ollama/src/model-id.ts +24 -0
  754. package/extensions/ollama/src/ollama-json.ts +143 -0
  755. package/extensions/ollama/src/provider-base-url.test.ts +44 -0
  756. package/extensions/ollama/src/provider-base-url.ts +23 -0
  757. package/extensions/ollama/src/provider-models.ssrf.test.ts +41 -0
  758. package/extensions/ollama/src/provider-models.test.ts +312 -0
  759. package/extensions/ollama/src/provider-models.ts +327 -0
  760. package/extensions/ollama/src/setup.test.ts +771 -0
  761. package/extensions/ollama/src/setup.ts +743 -0
  762. package/extensions/ollama/src/stream-runtime.test.ts +2218 -0
  763. package/extensions/ollama/src/stream.test.ts +252 -0
  764. package/extensions/ollama/src/stream.ts +1347 -0
  765. package/extensions/ollama/src/web-search-provider.test.ts +488 -0
  766. package/extensions/ollama/src/web-search-provider.ts +350 -0
  767. package/extensions/ollama/src/wsl2-crash-loop-check.test.ts +157 -0
  768. package/extensions/ollama/src/wsl2-crash-loop-check.ts +84 -0
  769. package/extensions/ollama/tsconfig.json +16 -0
  770. package/extensions/ollama/web-search-contract-api.ts +26 -0
  771. package/extensions/ollama/web-search-provider.ts +1 -0
  772. package/extensions/openai/api.ts +16 -0
  773. package/extensions/openai/auth-choice-copy.ts +33 -0
  774. package/extensions/openai/base-url.test.ts +60 -0
  775. package/extensions/openai/base-url.ts +23 -0
  776. package/extensions/openai/default-models.test.ts +36 -0
  777. package/extensions/openai/default-models.ts +40 -0
  778. package/extensions/openai/embedding-batch.test.ts +10 -0
  779. package/extensions/openai/embedding-batch.ts +274 -0
  780. package/extensions/openai/embedding-provider.test.ts +102 -0
  781. package/extensions/openai/embedding-provider.ts +110 -0
  782. package/extensions/openai/image-generation-provider.test.ts +1624 -0
  783. package/extensions/openai/image-generation-provider.ts +903 -0
  784. package/extensions/openai/index.test.ts +630 -0
  785. package/extensions/openai/index.ts +58 -0
  786. package/extensions/openai/media-understanding-provider.test.ts +119 -0
  787. package/extensions/openai/media-understanding-provider.ts +51 -0
  788. package/extensions/openai/memory-embedding-adapter.test.ts +82 -0
  789. package/extensions/openai/memory-embedding-adapter.ts +68 -0
  790. package/extensions/openai/native-web-search.ts +103 -0
  791. package/extensions/openai/openai-codex-auth-identity.test.ts +77 -0
  792. package/extensions/openai/openai-codex-auth-identity.ts +100 -0
  793. package/extensions/openai/openai-codex-catalog.ts +12 -0
  794. package/extensions/openai/openai-codex-device-code.test.ts +248 -0
  795. package/extensions/openai/openai-codex-device-code.ts +309 -0
  796. package/extensions/openai/openai-codex-oauth.runtime.ts +348 -0
  797. package/extensions/openai/openai-codex-provider.runtime.ts +45 -0
  798. package/extensions/openai/openai-codex-provider.test.ts +883 -0
  799. package/extensions/openai/openai-codex-provider.ts +636 -0
  800. package/extensions/openai/openai-codex-shared.ts +3 -0
  801. package/extensions/openai/openai-provider.live.test.ts +196 -0
  802. package/extensions/openai/openai-provider.test.ts +929 -0
  803. package/extensions/openai/openai-provider.ts +325 -0
  804. package/extensions/openai/openai-tts.live.test.ts +44 -0
  805. package/extensions/openai/openai.live.test.ts +493 -0
  806. package/extensions/openai/openclaw.plugin.json +897 -0
  807. package/extensions/openai/openclaw.plugin.test.ts +181 -0
  808. package/extensions/openai/package.json +19 -0
  809. package/extensions/openai/plugin-registration.contract.test.ts +9 -0
  810. package/extensions/openai/prompt-overlay.ts +51 -0
  811. package/extensions/openai/provider-auth.contract.test.ts +12 -0
  812. package/extensions/openai/provider-catalog.contract.test.ts +3 -0
  813. package/extensions/openai/provider-contract-api.ts +83 -0
  814. package/extensions/openai/provider-policy-api.ts +20 -0
  815. package/extensions/openai/provider-runtime.contract.test.ts +3 -0
  816. package/extensions/openai/realtime-provider-shared.ts +168 -0
  817. package/extensions/openai/realtime-transcription-provider.test.ts +356 -0
  818. package/extensions/openai/realtime-transcription-provider.ts +307 -0
  819. package/extensions/openai/realtime-voice-provider.test.ts +1924 -0
  820. package/extensions/openai/realtime-voice-provider.ts +1315 -0
  821. package/extensions/openai/register.runtime.ts +15 -0
  822. package/extensions/openai/replay-policy.ts +32 -0
  823. package/extensions/openai/setup-api.test.ts +29 -0
  824. package/extensions/openai/setup-api.ts +166 -0
  825. package/extensions/openai/shared.ts +131 -0
  826. package/extensions/openai/speech-provider.test.ts +324 -0
  827. package/extensions/openai/speech-provider.ts +347 -0
  828. package/extensions/openai/test-api.ts +9 -0
  829. package/extensions/openai/test-support/provider-catalog.contract-test-support.ts +134 -0
  830. package/extensions/openai/thinking-policy.ts +55 -0
  831. package/extensions/openai/transport-policy.test.ts +128 -0
  832. package/extensions/openai/transport-policy.ts +111 -0
  833. package/extensions/openai/tsconfig.json +16 -0
  834. package/extensions/openai/tts.test.ts +444 -0
  835. package/extensions/openai/tts.ts +184 -0
  836. package/extensions/openai/video-generation-provider.test.ts +254 -0
  837. package/extensions/openai/video-generation-provider.ts +382 -0
  838. package/extensions/opencode/api.ts +9 -0
  839. package/extensions/opencode/index.test.ts +84 -0
  840. package/extensions/opencode/index.ts +74 -0
  841. package/extensions/opencode/media-understanding-provider.test.ts +44 -0
  842. package/extensions/opencode/media-understanding-provider.ts +42 -0
  843. package/extensions/opencode/onboard.test.ts +25 -0
  844. package/extensions/opencode/onboard.ts +29 -0
  845. package/extensions/opencode/openclaw.plugin.json +55 -0
  846. package/extensions/opencode/package.json +15 -0
  847. package/extensions/opencode/plugin-registration.contract.test.ts +8 -0
  848. package/extensions/opencode/provider-policy-api.test.ts +44 -0
  849. package/extensions/opencode/provider-policy-api.ts +5 -0
  850. package/extensions/opencode/tsconfig.json +16 -0
  851. package/extensions/opencode-go/api.ts +27 -0
  852. package/extensions/opencode-go/index.test.ts +305 -0
  853. package/extensions/opencode-go/index.ts +101 -0
  854. package/extensions/opencode-go/media-understanding-provider.test.ts +12 -0
  855. package/extensions/opencode-go/media-understanding-provider.ts +15 -0
  856. package/extensions/opencode-go/onboard.test.ts +28 -0
  857. package/extensions/opencode-go/onboard.ts +17 -0
  858. package/extensions/opencode-go/openclaw.plugin.json +106 -0
  859. package/extensions/opencode-go/package.json +15 -0
  860. package/extensions/opencode-go/plugin-registration.contract.test.ts +8 -0
  861. package/extensions/opencode-go/provider-catalog.ts +135 -0
  862. package/extensions/opencode-go/stream.ts +51 -0
  863. package/extensions/opencode-go/tsconfig.json +16 -0
  864. package/extensions/openrouter/api.ts +12 -0
  865. package/extensions/openrouter/image-generation-provider.test.ts +361 -0
  866. package/extensions/openrouter/image-generation-provider.ts +345 -0
  867. package/extensions/openrouter/index.test.ts +650 -0
  868. package/extensions/openrouter/index.ts +184 -0
  869. package/extensions/openrouter/media-understanding-provider.test.ts +260 -0
  870. package/extensions/openrouter/media-understanding-provider.ts +176 -0
  871. package/extensions/openrouter/models.ts +18 -0
  872. package/extensions/openrouter/music-generation-provider.test.ts +226 -0
  873. package/extensions/openrouter/music-generation-provider.ts +344 -0
  874. package/extensions/openrouter/onboard.test.ts +27 -0
  875. package/extensions/openrouter/onboard.ts +32 -0
  876. package/extensions/openrouter/openclaw.plugin.json +81 -0
  877. package/extensions/openrouter/openrouter.live.test.ts +118 -0
  878. package/extensions/openrouter/package.json +15 -0
  879. package/extensions/openrouter/provider-catalog.ts +88 -0
  880. package/extensions/openrouter/provider-contract-api.ts +27 -0
  881. package/extensions/openrouter/provider-policy-api.ts +5 -0
  882. package/extensions/openrouter/provider-routing.ts +87 -0
  883. package/extensions/openrouter/provider-runtime.contract.test.ts +3 -0
  884. package/extensions/openrouter/speech-provider.test.ts +218 -0
  885. package/extensions/openrouter/speech-provider.ts +46 -0
  886. package/extensions/openrouter/stream.ts +247 -0
  887. package/extensions/openrouter/test-api.ts +4 -0
  888. package/extensions/openrouter/thinking-policy.ts +34 -0
  889. package/extensions/openrouter/tsconfig.json +16 -0
  890. package/extensions/openrouter/video-generation-provider.test.ts +722 -0
  891. package/extensions/openrouter/video-generation-provider.ts +530 -0
  892. package/extensions/openrouter/video-http.ts +48 -0
  893. package/extensions/openrouter/video-model-catalog.ts +299 -0
  894. package/extensions/openshell/index.ts +28 -0
  895. package/extensions/openshell/npm-shrinkwrap.json +24 -0
  896. package/extensions/openshell/openclaw.plugin.json +118 -0
  897. package/extensions/openshell/package.json +37 -0
  898. package/extensions/openshell/src/backend.e2e.test.ts +595 -0
  899. package/extensions/openshell/src/backend.test.ts +40 -0
  900. package/extensions/openshell/src/backend.ts +512 -0
  901. package/extensions/openshell/src/backend.types.ts +11 -0
  902. package/extensions/openshell/src/cli.ts +85 -0
  903. package/extensions/openshell/src/config.test.ts +80 -0
  904. package/extensions/openshell/src/config.ts +194 -0
  905. package/extensions/openshell/src/fs-bridge.ts +370 -0
  906. package/extensions/openshell/src/mirror.test.ts +194 -0
  907. package/extensions/openshell/src/mirror.ts +141 -0
  908. package/extensions/openshell/src/openshell-core.test.ts +529 -0
  909. package/extensions/openshell/tsconfig.json +16 -0
  910. package/extensions/perplexity/index.ts +11 -0
  911. package/extensions/perplexity/openclaw.plugin.json +52 -0
  912. package/extensions/perplexity/package.json +15 -0
  913. package/extensions/perplexity/src/perplexity-web-search-provider.runtime.ts +551 -0
  914. package/extensions/perplexity/src/perplexity-web-search-provider.shared.ts +124 -0
  915. package/extensions/perplexity/src/perplexity-web-search-provider.test.ts +151 -0
  916. package/extensions/perplexity/src/perplexity-web-search-provider.ts +127 -0
  917. package/extensions/perplexity/test-api.ts +1 -0
  918. package/extensions/perplexity/tsconfig.json +16 -0
  919. package/extensions/perplexity/web-search-contract-api.ts +13 -0
  920. package/extensions/perplexity/web-search-provider.ts +1 -0
  921. package/extensions/qianfan/api.ts +6 -0
  922. package/extensions/qianfan/index.test.ts +133 -0
  923. package/extensions/qianfan/index.ts +31 -0
  924. package/extensions/qianfan/onboard.ts +61 -0
  925. package/extensions/qianfan/openclaw.plugin.json +78 -0
  926. package/extensions/qianfan/package.json +15 -0
  927. package/extensions/qianfan/provider-catalog.ts +13 -0
  928. package/extensions/qianfan/tsconfig.json +16 -0
  929. package/extensions/qwen/api.ts +34 -0
  930. package/extensions/qwen/index.test.ts +31 -0
  931. package/extensions/qwen/index.ts +181 -0
  932. package/extensions/qwen/media-understanding-provider.test.ts +76 -0
  933. package/extensions/qwen/media-understanding-provider.ts +88 -0
  934. package/extensions/qwen/model-definitions.ts +20 -0
  935. package/extensions/qwen/models.ts +202 -0
  936. package/extensions/qwen/onboard.ts +73 -0
  937. package/extensions/qwen/openclaw.plugin.json +143 -0
  938. package/extensions/qwen/package.json +15 -0
  939. package/extensions/qwen/plugin-registration.contract.test.ts +10 -0
  940. package/extensions/qwen/provider-catalog.test.ts +62 -0
  941. package/extensions/qwen/provider-catalog.ts +13 -0
  942. package/extensions/qwen/provider-discovery.contract.test.ts +3 -0
  943. package/extensions/qwen/stream.test.ts +171 -0
  944. package/extensions/qwen/stream.ts +87 -0
  945. package/extensions/qwen/test-api.ts +2 -0
  946. package/extensions/qwen/tsconfig.json +16 -0
  947. package/extensions/qwen/video-generation-provider.test.ts +155 -0
  948. package/extensions/qwen/video-generation-provider.ts +111 -0
  949. package/extensions/runway/index.ts +11 -0
  950. package/extensions/runway/openclaw.plugin.json +34 -0
  951. package/extensions/runway/package.json +15 -0
  952. package/extensions/runway/plugin-registration.contract.test.ts +7 -0
  953. package/extensions/runway/tsconfig.json +16 -0
  954. package/extensions/runway/video-generation-provider.test.ts +248 -0
  955. package/extensions/runway/video-generation-provider.ts +462 -0
  956. package/extensions/senseaudio/index.ts +11 -0
  957. package/extensions/senseaudio/media-understanding-provider.test.ts +136 -0
  958. package/extensions/senseaudio/media-understanding-provider.ts +25 -0
  959. package/extensions/senseaudio/openclaw.plugin.json +18 -0
  960. package/extensions/senseaudio/package.json +15 -0
  961. package/extensions/senseaudio/test-api.ts +1 -0
  962. package/extensions/sglang/README.md +3 -0
  963. package/extensions/sglang/api.ts +7 -0
  964. package/extensions/sglang/defaults.ts +4 -0
  965. package/extensions/sglang/index.test.ts +34 -0
  966. package/extensions/sglang/index.ts +95 -0
  967. package/extensions/sglang/models.ts +23 -0
  968. package/extensions/sglang/openclaw.plugin.json +45 -0
  969. package/extensions/sglang/package.json +15 -0
  970. package/extensions/sglang/provider-discovery.contract.test.ts +7 -0
  971. package/extensions/sglang/tsconfig.json +16 -0
  972. package/extensions/skill-workshop/api.ts +3 -0
  973. package/extensions/skill-workshop/index.test.ts +990 -0
  974. package/extensions/skill-workshop/index.ts +170 -0
  975. package/extensions/skill-workshop/openclaw.plugin.json +83 -0
  976. package/extensions/skill-workshop/package.json +18 -0
  977. package/extensions/skill-workshop/src/config.ts +50 -0
  978. package/extensions/skill-workshop/src/prompt.ts +18 -0
  979. package/extensions/skill-workshop/src/reviewer.ts +290 -0
  980. package/extensions/skill-workshop/src/scanner.ts +69 -0
  981. package/extensions/skill-workshop/src/signals.ts +95 -0
  982. package/extensions/skill-workshop/src/skills.ts +186 -0
  983. package/extensions/skill-workshop/src/store.ts +184 -0
  984. package/extensions/skill-workshop/src/text.ts +59 -0
  985. package/extensions/skill-workshop/src/tool.ts +200 -0
  986. package/extensions/skill-workshop/src/types.ts +42 -0
  987. package/extensions/skill-workshop/src/workshop.ts +85 -0
  988. package/extensions/speech-core/api.ts +54 -0
  989. package/extensions/speech-core/package.json +10 -0
  990. package/extensions/speech-core/runtime-api.ts +42 -0
  991. package/extensions/speech-core/src/tts.test.ts +1025 -0
  992. package/extensions/speech-core/src/tts.ts +1929 -0
  993. package/extensions/speech-core/tsconfig.json +16 -0
  994. package/extensions/stepfun/index.ts +252 -0
  995. package/extensions/stepfun/onboard.ts +73 -0
  996. package/extensions/stepfun/openclaw.plugin.json +148 -0
  997. package/extensions/stepfun/package.json +15 -0
  998. package/extensions/stepfun/provider-catalog.ts +40 -0
  999. package/extensions/stepfun/tsconfig.json +16 -0
  1000. package/extensions/tencent/api.ts +7 -0
  1001. package/extensions/tencent/index.ts +64 -0
  1002. package/extensions/tencent/models.ts +25 -0
  1003. package/extensions/tencent/onboard.ts +38 -0
  1004. package/extensions/tencent/openclaw.plugin.json +86 -0
  1005. package/extensions/tencent/package.json +15 -0
  1006. package/extensions/tencent/provider-catalog.ts +14 -0
  1007. package/extensions/tencent/provider-discovery.ts +17 -0
  1008. package/extensions/tencent/tsconfig.json +16 -0
  1009. package/extensions/together/api.ts +7 -0
  1010. package/extensions/together/index.ts +42 -0
  1011. package/extensions/together/models.ts +23 -0
  1012. package/extensions/together/onboard.ts +26 -0
  1013. package/extensions/together/openclaw.plugin.json +160 -0
  1014. package/extensions/together/package.json +15 -0
  1015. package/extensions/together/plugin-registration.contract.test.ts +8 -0
  1016. package/extensions/together/provider-catalog.ts +10 -0
  1017. package/extensions/together/tsconfig.json +16 -0
  1018. package/extensions/together/video-generation-provider.test.ts +130 -0
  1019. package/extensions/together/video-generation-provider.ts +281 -0
  1020. package/extensions/tts-local-cli/index.ts +11 -0
  1021. package/extensions/tts-local-cli/openclaw.plugin.json +15 -0
  1022. package/extensions/tts-local-cli/package.json +15 -0
  1023. package/extensions/tts-local-cli/speech-provider.test.ts +307 -0
  1024. package/extensions/tts-local-cli/speech-provider.ts +455 -0
  1025. package/extensions/venice/api.ts +8 -0
  1026. package/extensions/venice/index.test.ts +109 -0
  1027. package/extensions/venice/index.ts +70 -0
  1028. package/extensions/venice/models.test.ts +291 -0
  1029. package/extensions/venice/models.ts +302 -0
  1030. package/extensions/venice/onboard.ts +27 -0
  1031. package/extensions/venice/openclaw.plugin.json +504 -0
  1032. package/extensions/venice/package.json +15 -0
  1033. package/extensions/venice/provider-catalog.ts +11 -0
  1034. package/extensions/venice/provider-runtime.contract.test.ts +3 -0
  1035. package/extensions/venice/stream.ts +37 -0
  1036. package/extensions/venice/tsconfig.json +16 -0
  1037. package/extensions/vercel-ai-gateway/api.ts +12 -0
  1038. package/extensions/vercel-ai-gateway/index.ts +41 -0
  1039. package/extensions/vercel-ai-gateway/models.ts +226 -0
  1040. package/extensions/vercel-ai-gateway/onboard.ts +32 -0
  1041. package/extensions/vercel-ai-gateway/openclaw.plugin.json +61 -0
  1042. package/extensions/vercel-ai-gateway/package.json +15 -0
  1043. package/extensions/vercel-ai-gateway/provider-catalog.test.ts +96 -0
  1044. package/extensions/vercel-ai-gateway/provider-catalog.ts +22 -0
  1045. package/extensions/vercel-ai-gateway/thinking.test.ts +100 -0
  1046. package/extensions/vercel-ai-gateway/thinking.ts +77 -0
  1047. package/extensions/vercel-ai-gateway/tsconfig.json +16 -0
  1048. package/extensions/vllm/README.md +3 -0
  1049. package/extensions/vllm/api.ts +8 -0
  1050. package/extensions/vllm/defaults.ts +4 -0
  1051. package/extensions/vllm/index.ts +96 -0
  1052. package/extensions/vllm/models.ts +23 -0
  1053. package/extensions/vllm/openclaw.plugin.json +45 -0
  1054. package/extensions/vllm/package.json +15 -0
  1055. package/extensions/vllm/provider-discovery.contract.test.ts +7 -0
  1056. package/extensions/vllm/register.runtime.ts +7 -0
  1057. package/extensions/vllm/stream.test.ts +282 -0
  1058. package/extensions/vllm/stream.ts +164 -0
  1059. package/extensions/vllm/tsconfig.json +16 -0
  1060. package/extensions/volcengine/api.ts +56 -0
  1061. package/extensions/volcengine/index.test.ts +92 -0
  1062. package/extensions/volcengine/index.ts +87 -0
  1063. package/extensions/volcengine/models.ts +28 -0
  1064. package/extensions/volcengine/openclaw.plugin.json +221 -0
  1065. package/extensions/volcengine/package.json +15 -0
  1066. package/extensions/volcengine/provider-catalog.ts +17 -0
  1067. package/extensions/volcengine/provider-discovery.ts +31 -0
  1068. package/extensions/volcengine/speech-provider.ts +229 -0
  1069. package/extensions/volcengine/tsconfig.json +16 -0
  1070. package/extensions/volcengine/tts.live.test.ts +30 -0
  1071. package/extensions/volcengine/tts.test.ts +279 -0
  1072. package/extensions/volcengine/tts.ts +266 -0
  1073. package/extensions/voyage/embedding-batch.ts +315 -0
  1074. package/extensions/voyage/embedding-provider.ts +90 -0
  1075. package/extensions/voyage/index.ts +11 -0
  1076. package/extensions/voyage/memory-embedding-adapter.ts +56 -0
  1077. package/extensions/voyage/openclaw.plugin.json +18 -0
  1078. package/extensions/voyage/package.json +15 -0
  1079. package/extensions/xai/.boundary-stubs/anthropic-vertex-api.d.ts +2 -0
  1080. package/extensions/xai/.boundary-stubs/ollama-api.d.ts +1 -0
  1081. package/extensions/xai/.boundary-stubs/ollama-runtime-api.d.ts +16 -0
  1082. package/extensions/xai/.boundary-stubs/speech-core-runtime-api.d.ts +33 -0
  1083. package/extensions/xai/api.test.ts +51 -0
  1084. package/extensions/xai/api.ts +119 -0
  1085. package/extensions/xai/code-execution.test.ts +262 -0
  1086. package/extensions/xai/code-execution.ts +146 -0
  1087. package/extensions/xai/image-generation-provider.test.ts +293 -0
  1088. package/extensions/xai/image-generation-provider.ts +124 -0
  1089. package/extensions/xai/index.test.ts +263 -0
  1090. package/extensions/xai/index.ts +233 -0
  1091. package/extensions/xai/model-compat.ts +34 -0
  1092. package/extensions/xai/model-definitions.ts +346 -0
  1093. package/extensions/xai/model-id.test.ts +32 -0
  1094. package/extensions/xai/model-id.ts +24 -0
  1095. package/extensions/xai/onboard.test.ts +91 -0
  1096. package/extensions/xai/onboard.ts +56 -0
  1097. package/extensions/xai/openclaw.plugin.json +274 -0
  1098. package/extensions/xai/package.json +20 -0
  1099. package/extensions/xai/plugin-registration.contract.test.ts +11 -0
  1100. package/extensions/xai/provider-catalog.ts +12 -0
  1101. package/extensions/xai/provider-contract-api.ts +22 -0
  1102. package/extensions/xai/provider-discovery.ts +27 -0
  1103. package/extensions/xai/provider-models.ts +45 -0
  1104. package/extensions/xai/provider-policy-api.test.ts +37 -0
  1105. package/extensions/xai/provider-policy-api.ts +18 -0
  1106. package/extensions/xai/realtime-transcription-provider.test.ts +273 -0
  1107. package/extensions/xai/realtime-transcription-provider.ts +306 -0
  1108. package/extensions/xai/runtime-model-compat.test.ts +60 -0
  1109. package/extensions/xai/runtime-model-compat.ts +72 -0
  1110. package/extensions/xai/setup-api.ts +22 -0
  1111. package/extensions/xai/speech-provider.test.ts +184 -0
  1112. package/extensions/xai/speech-provider.ts +275 -0
  1113. package/extensions/xai/src/code-execution-shared.ts +110 -0
  1114. package/extensions/xai/src/responses-tool-shared.test.ts +107 -0
  1115. package/extensions/xai/src/responses-tool-shared.ts +163 -0
  1116. package/extensions/xai/src/tool-auth-shared.test.ts +326 -0
  1117. package/extensions/xai/src/tool-auth-shared.ts +219 -0
  1118. package/extensions/xai/src/tool-config-shared.test.ts +36 -0
  1119. package/extensions/xai/src/tool-config-shared.ts +32 -0
  1120. package/extensions/xai/src/web-search-provider.runtime.ts +429 -0
  1121. package/extensions/xai/src/web-search-response.types.ts +25 -0
  1122. package/extensions/xai/src/web-search-shared.ts +124 -0
  1123. package/extensions/xai/src/x-search-config.ts +78 -0
  1124. package/extensions/xai/src/x-search-shared.ts +146 -0
  1125. package/extensions/xai/src/xai-user-agent.test.ts +59 -0
  1126. package/extensions/xai/src/xai-user-agent.ts +52 -0
  1127. package/extensions/xai/stream.test.ts +410 -0
  1128. package/extensions/xai/stream.ts +359 -0
  1129. package/extensions/xai/stt.test.ts +106 -0
  1130. package/extensions/xai/stt.ts +91 -0
  1131. package/extensions/xai/test-api.ts +1 -0
  1132. package/extensions/xai/test-helpers.ts +73 -0
  1133. package/extensions/xai/tsconfig.json +64 -0
  1134. package/extensions/xai/tts.test.ts +125 -0
  1135. package/extensions/xai/tts.ts +97 -0
  1136. package/extensions/xai/video-generation-provider.test.ts +443 -0
  1137. package/extensions/xai/video-generation-provider.ts +499 -0
  1138. package/extensions/xai/web-search-contract-api.ts +29 -0
  1139. package/extensions/xai/web-search.test.ts +1242 -0
  1140. package/extensions/xai/web-search.ts +68 -0
  1141. package/extensions/xai/x-search-tool-shared.ts +48 -0
  1142. package/extensions/xai/x-search.live.test.ts +76 -0
  1143. package/extensions/xai/x-search.test.ts +484 -0
  1144. package/extensions/xai/x-search.ts +230 -0
  1145. package/extensions/xai/xai-oauth.test.ts +387 -0
  1146. package/extensions/xai/xai-oauth.ts +752 -0
  1147. package/extensions/xai/xai.live.test.ts +323 -0
  1148. package/launcher.js +97 -0
  1149. package/logger.js +87 -0
  1150. package/package.json +21 -0
  1151. package/server.js +1800 -0
  1152. package/skills/ai-error-prevention/SKILL.md +105 -0
  1153. package/skills/api-design/SKILL.md +523 -0
  1154. package/skills/architecture-decision-records/SKILL.md +179 -0
  1155. package/skills/autonomous-loops/SKILL.md +610 -0
  1156. package/skills/backend-patterns/SKILL.md +598 -0
  1157. package/skills/codebase-onboarding/SKILL.md +233 -0
  1158. package/skills/coding-standards/SKILL.md +530 -0
  1159. package/skills/database-migrations/SKILL.md +429 -0
  1160. package/skills/deep-research/SKILL.md +155 -0
  1161. package/skills/error-prevention/SKILL.md +61 -0
  1162. package/skills/exa-search/SKILL.md +103 -0
  1163. package/skills/frontend-slides/SKILL.md +184 -0
  1164. package/skills/frontend-slides/STYLE_PRESETS.md +330 -0
  1165. package/skills/git-workflow/SKILL.md +715 -0
  1166. package/skills/iterative-retrieval/SKILL.md +211 -0
  1167. package/skills/php-security/SKILL.md +70 -0
  1168. package/skills/php-security/rules/thinkphp-security.rules +23 -0
  1169. package/skills/requirement-ears/SKILL.md +31 -0
  1170. package/skills/rules-distill/SKILL.md +264 -0
  1171. package/skills/rules-distill/scripts/scan-rules.sh +58 -0
  1172. package/skills/rules-distill/scripts/scan-skills.sh +129 -0
  1173. package/skills/search-first/SKILL.md +161 -0
  1174. package/skills/security-review/SKILL.md +495 -0
  1175. package/skills/security-review/cloud-infrastructure-security.md +361 -0
  1176. package/skills/security-scan/SKILL.md +68 -0
  1177. package/skills/security-scan/scripts/scan-config.ps1 +31 -0
  1178. package/skills/security-scan/scripts/scan-sqli.ps1 +21 -0
  1179. package/skills/skill-stocktake/SKILL.md +193 -0
  1180. package/skills/skill-stocktake/scripts/quick-diff.sh +87 -0
  1181. package/skills/skill-stocktake/scripts/save-results.sh +56 -0
  1182. package/skills/skill-stocktake/scripts/scan.sh +170 -0
  1183. package/skills/strategic-compact/SKILL.md +131 -0
  1184. package/skills/strategic-compact/suggest-compact.sh +54 -0
  1185. package/skills/tdd-workflow/SKILL.md +90 -0
  1186. package/skills/tdd-workflow/examples/IntegrationTestExample.php +35 -0
  1187. package/skills/tdd-workflow/examples/UnitTestExample.php +39 -0
  1188. package/skills/ui-spec-guider/ui-spec-guider/SKILL.md +37 -0
  1189. package/skills/ui-spec-guider/ui-spec-guider.skill +0 -0
  1190. package/skills/verification-loop/SKILL.md +126 -0
  1191. package/start.bat +29 -0
package/skills/security-review/cloud-infrastructure-security.md ADDED
@@ -0,0 +1,361 @@
1
+ | name | description |
2
+ |------|-------------|
3
+ | cloud-infrastructure-security | Use this skill when deploying to cloud platforms, configuring infrastructure, managing IAM policies, setting up logging/monitoring, or implementing CI/CD pipelines. Provides cloud security checklist aligned with best practices. |
4
+
5
+ # Cloud & Infrastructure Security Skill
6
+
7
+ This skill ensures cloud infrastructure, CI/CD pipelines, and deployment configurations follow security best practices and comply with industry standards.
8
+
9
+ ## When to Activate
10
+
11
+ - Deploying applications to cloud platforms (AWS, Vercel, Railway, Cloudflare)
12
+ - Configuring IAM roles and permissions
13
+ - Setting up CI/CD pipelines
14
+ - Implementing infrastructure as code (Terraform, CloudFormation)
15
+ - Configuring logging and monitoring
16
+ - Managing secrets in cloud environments
17
+ - Setting up CDN and edge security
18
+ - Implementing disaster recovery and backup strategies
19
+
20
+ ## Cloud Security Checklist
21
+
22
+ ### 1. IAM & Access Control
23
+
24
+ #### Principle of Least Privilege
25
+
26
+ ```yaml
27
+ # PASS: CORRECT: Minimal permissions
28
+ iam_role:
29
+ permissions:
30
+ - s3:GetObject # Only read access
31
+ - s3:ListBucket
32
+ resources:
33
+ - arn:aws:s3:::my-bucket/* # Specific bucket only
34
+
35
+ # FAIL: WRONG: Overly broad permissions
36
+ iam_role:
37
+ permissions:
38
+ - s3:* # All S3 actions
39
+ resources:
40
+ - "*" # All resources
41
+ ```
42
+
43
+ #### Multi-Factor Authentication (MFA)
44
+
45
+ ```bash
46
+ # ALWAYS enable MFA for root/admin accounts
47
+ aws iam enable-mfa-device \
48
+ --user-name admin \
49
+ --serial-number arn:aws:iam::123456789:mfa/admin \
50
+ --authentication-code1 123456 \
51
+ --authentication-code2 789012
52
+ ```
53
+
54
+ #### Verification Steps
55
+
56
+ - [ ] No root account usage in production
57
+ - [ ] MFA enabled for all privileged accounts
58
+ - [ ] Service accounts use roles, not long-lived credentials
59
+ - [ ] IAM policies follow least privilege
60
+ - [ ] Regular access reviews conducted
61
+ - [ ] Unused credentials rotated or removed
62
+
63
+ ### 2. Secrets Management
64
+
65
+ #### Cloud Secrets Managers
66
+
67
+ ```typescript
68
+ // PASS: CORRECT: Use cloud secrets manager
69
+ import { SecretsManager } from '@aws-sdk/client-secrets-manager';
70
+
71
+ const client = new SecretsManager({ region: 'us-east-1' });
72
+ const secret = await client.getSecretValue({ SecretId: 'prod/api-key' });
73
+ const apiKey = JSON.parse(secret.SecretString).key;
74
+
75
+ // FAIL: WRONG: Hardcoded or in environment variables only
76
+ const apiKey = process.env.API_KEY; // Not rotated, not audited
77
+ ```
78
+
79
+ #### Secrets Rotation
80
+
81
+ ```bash
82
+ # Set up automatic rotation for database credentials
83
+ aws secretsmanager rotate-secret \
84
+ --secret-id prod/db-password \
85
+ --rotation-lambda-arn arn:aws:lambda:region:account:function:rotate \
86
+ --rotation-rules AutomaticallyAfterDays=30
87
+ ```
88
+
89
+ #### Verification Steps
90
+
91
+ - [ ] All secrets stored in cloud secrets manager (AWS Secrets Manager, Vercel Secrets)
92
+ - [ ] Automatic rotation enabled for database credentials
93
+ - [ ] API keys rotated at least quarterly
94
+ - [ ] No secrets in code, logs, or error messages
95
+ - [ ] Audit logging enabled for secret access
96
+
97
+ ### 3. Network Security
98
+
99
+ #### VPC and Firewall Configuration
100
+
101
+ ```terraform
102
+ # PASS: CORRECT: Restricted security group
103
+ resource "aws_security_group" "app" {
104
+ name = "app-sg"
105
+
106
+ ingress {
107
+ from_port = 443
108
+ to_port = 443
109
+ protocol = "tcp"
110
+ cidr_blocks = ["10.0.0.0/16"] # Internal VPC only
111
+ }
112
+
113
+ egress {
114
+ from_port = 443
115
+ to_port = 443
116
+ protocol = "tcp"
117
+ cidr_blocks = ["0.0.0.0/0"] # Only HTTPS outbound
118
+ }
119
+ }
120
+
121
+ # FAIL: WRONG: Open to the internet
122
+ resource "aws_security_group" "bad" {
123
+ ingress {
124
+ from_port = 0
125
+ to_port = 65535
126
+ protocol = "tcp"
127
+ cidr_blocks = ["0.0.0.0/0"] # All ports, all IPs!
128
+ }
129
+ }
130
+ ```
131
+
132
+ #### Verification Steps
133
+
134
+ - [ ] Database not publicly accessible
135
+ - [ ] SSH/RDP ports restricted to VPN/bastion only
136
+ - [ ] Security groups follow least privilege
137
+ - [ ] Network ACLs configured
138
+ - [ ] VPC flow logs enabled
139
+
140
+ ### 4. Logging & Monitoring
141
+
142
+ #### CloudWatch/Logging Configuration
143
+
144
+ ```typescript
145
+ // PASS: CORRECT: Comprehensive logging
146
+ import { CloudWatchLogsClient, CreateLogStreamCommand } from '@aws-sdk/client-cloudwatch-logs';
147
+
148
+ const logSecurityEvent = async (event: SecurityEvent) => {
149
+ await cloudwatch.putLogEvents({
150
+ logGroupName: '/aws/security/events',
151
+ logStreamName: 'authentication',
152
+ logEvents: [{
153
+ timestamp: Date.now(),
154
+ message: JSON.stringify({
155
+ type: event.type,
156
+ userId: event.userId,
157
+ ip: event.ip,
158
+ result: event.result,
159
+ // Never log sensitive data
160
+ })
161
+ }]
162
+ });
163
+ };
164
+ ```
165
+
166
+ #### Verification Steps
167
+
168
+ - [ ] CloudWatch/logging enabled for all services
169
+ - [ ] Failed authentication attempts logged
170
+ - [ ] Admin actions audited
171
+ - [ ] Log retention configured (90+ days for compliance)
172
+ - [ ] Alerts configured for suspicious activity
173
+ - [ ] Logs centralized and tamper-proof
174
+
175
+ ### 5. CI/CD Pipeline Security
176
+
177
+ #### Secure Pipeline Configuration
178
+
179
+ ```yaml
180
+ # PASS: CORRECT: Secure GitHub Actions workflow
181
+ name: Deploy
182
+
183
+ on:
184
+ push:
185
+ branches: [main]
186
+
187
+ jobs:
188
+ deploy:
189
+ runs-on: ubuntu-latest
190
+ permissions:
191
+ contents: read # Minimal permissions
192
+
193
+ steps:
194
+ - uses: actions/checkout@v4
195
+
196
+ # Scan for secrets
197
+ - name: Secret scanning
198
+ uses: trufflesecurity/trufflehog@main
199
+
200
+ # Dependency audit
201
+ - name: Audit dependencies
202
+ run: npm audit --audit-level=high
203
+
204
+ # Use OIDC, not long-lived tokens
205
+ - name: Configure AWS credentials
206
+ uses: aws-actions/configure-aws-credentials@v4
207
+ with:
208
+ role-to-assume: arn:aws:iam::123456789:role/GitHubActionsRole
209
+ aws-region: us-east-1
210
+ ```
211
+
212
+ #### Supply Chain Security
213
+
214
+ ```json
215
+ // package.json - Use lock files and integrity checks
216
+ {
217
+ "scripts": {
218
+ "install": "npm ci", // Use ci for reproducible builds
219
+ "audit": "npm audit --audit-level=moderate",
220
+ "check": "npm outdated"
221
+ }
222
+ }
223
+ ```
224
+
225
+ #### Verification Steps
226
+
227
+ - [ ] OIDC used instead of long-lived credentials
228
+ - [ ] Secrets scanning in pipeline
229
+ - [ ] Dependency vulnerability scanning
230
+ - [ ] Container image scanning (if applicable)
231
+ - [ ] Branch protection rules enforced
232
+ - [ ] Code review required before merge
233
+ - [ ] Signed commits enforced
234
+
235
+ ### 6. Cloudflare & CDN Security
236
+
237
+ #### Cloudflare Security Configuration
238
+
239
+ ```typescript
240
+ // PASS: CORRECT: Cloudflare Workers with security headers
241
+ export default {
242
+ async fetch(request: Request): Promise<Response> {
243
+ const response = await fetch(request);
244
+
245
+ // Add security headers
246
+ const headers = new Headers(response.headers);
247
+ headers.set('X-Frame-Options', 'DENY');
248
+ headers.set('X-Content-Type-Options', 'nosniff');
249
+ headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
250
+ headers.set('Permissions-Policy', 'geolocation=(), microphone=()');
251
+
252
+ return new Response(response.body, {
253
+ status: response.status,
254
+ headers
255
+ });
256
+ }
257
+ };
258
+ ```
259
+
260
+ #### WAF Rules
261
+
262
+ ```bash
263
+ # Enable Cloudflare WAF managed rules
264
+ # - OWASP Core Ruleset
265
+ # - Cloudflare Managed Ruleset
266
+ # - Rate limiting rules
267
+ # - Bot protection
268
+ ```
269
+
270
+ #### Verification Steps
271
+
272
+ - [ ] WAF enabled with OWASP rules
273
+ - [ ] Rate limiting configured
274
+ - [ ] Bot protection active
275
+ - [ ] DDoS protection enabled
276
+ - [ ] Security headers configured
277
+ - [ ] SSL/TLS strict mode enabled
278
+
279
+ ### 7. Backup & Disaster Recovery
280
+
281
+ #### Automated Backups
282
+
283
+ ```terraform
284
+ # PASS: CORRECT: Automated RDS backups
285
+ resource "aws_db_instance" "main" {
286
+ allocated_storage = 20
287
+ engine = "postgres"
288
+
289
+ backup_retention_period = 30 # 30 days retention
290
+ backup_window = "03:00-04:00"
291
+ maintenance_window = "mon:04:00-mon:05:00"
292
+
293
+ enabled_cloudwatch_logs_exports = ["postgresql"]
294
+
295
+ deletion_protection = true # Prevent accidental deletion
296
+ }
297
+ ```
298
+
299
+ #### Verification Steps
300
+
301
+ - [ ] Automated daily backups configured
302
+ - [ ] Backup retention meets compliance requirements
303
+ - [ ] Point-in-time recovery enabled
304
+ - [ ] Backup testing performed quarterly
305
+ - [ ] Disaster recovery plan documented
306
+ - [ ] RPO and RTO defined and tested
307
+
308
+ ## Pre-Deployment Cloud Security Checklist
309
+
310
+ Before ANY production cloud deployment:
311
+
312
+ - [ ] **IAM**: Root account not used, MFA enabled, least privilege policies
313
+ - [ ] **Secrets**: All secrets in cloud secrets manager with rotation
314
+ - [ ] **Network**: Security groups restricted, no public databases
315
+ - [ ] **Logging**: CloudWatch/logging enabled with retention
316
+ - [ ] **Monitoring**: Alerts configured for anomalies
317
+ - [ ] **CI/CD**: OIDC auth, secrets scanning, dependency audits
318
+ - [ ] **CDN/WAF**: Cloudflare WAF enabled with OWASP rules
319
+ - [ ] **Encryption**: Data encrypted at rest and in transit
320
+ - [ ] **Backups**: Automated backups with tested recovery
321
+ - [ ] **Compliance**: GDPR/HIPAA requirements met (if applicable)
322
+ - [ ] **Documentation**: Infrastructure documented, runbooks created
323
+ - [ ] **Incident Response**: Security incident plan in place
324
+
325
+ ## Common Cloud Security Misconfigurations
326
+
327
+ ### S3 Bucket Exposure
328
+
329
+ ```bash
330
+ # FAIL: WRONG: Public bucket
331
+ aws s3api put-bucket-acl --bucket my-bucket --acl public-read
332
+
333
+ # PASS: CORRECT: Private bucket with specific access
334
+ aws s3api put-bucket-acl --bucket my-bucket --acl private
335
+ aws s3api put-bucket-policy --bucket my-bucket --policy file://policy.json
336
+ ```
337
+
338
+ ### RDS Public Access
339
+
340
+ ```terraform
341
+ # FAIL: WRONG
342
+ resource "aws_db_instance" "bad" {
343
+ publicly_accessible = true # NEVER do this!
344
+ }
345
+
346
+ # PASS: CORRECT
347
+ resource "aws_db_instance" "good" {
348
+ publicly_accessible = false
349
+ vpc_security_group_ids = [aws_security_group.db.id]
350
+ }
351
+ ```
352
+
353
+ ## Resources
354
+
355
+ - [AWS Security Best Practices](https://aws.amazon.com/security/best-practices/)
356
+ - [CIS AWS Foundations Benchmark](https://www.cisecurity.org/benchmark/amazon_web_services)
357
+ - [Cloudflare Security Documentation](https://developers.cloudflare.com/security/)
358
+ - [OWASP Cloud Security](https://owasp.org/www-project-cloud-security/)
359
+ - [Terraform Security Best Practices](https://www.terraform.io/docs/cloud/guides/recommended-practices/)
360
+
361
+ **Remember**: Cloud misconfigurations are the leading cause of data breaches. A single exposed S3 bucket or overly permissive IAM policy can compromise your entire infrastructure. Always follow the principle of least privilege and defense in depth.
package/skills/security-scan/SKILL.md ADDED
@@ -0,0 +1,68 @@
1
+ ---
2
+ name: security-scan
3
+ description: Scan your ThinkPHP 5.0 project for security vulnerabilities, misconfigurations, and injection risks.
4
+ origin: ECC (Adapted for ThinkPHP 5.0)
5
+ ---
6
+
7
+ # Security Scan Skill
8
+
9
+ Audit your ThinkPHP 5.0 project for common security issues.
10
+
11
+ ## When to Activate
12
+
13
+ - Setting up a new ThinkPHP project or environment
14
+ - After modifying `application/config.php` or `application/database.php`
15
+ - Before deploying to production
16
+ - Periodic security hygiene checks
17
+
18
+ ## What It Scans
19
+
20
+ | Area Path | Checks |
21
+ |-----------|--------|
22
+ | `application/config.php` | `app_debug` setting, token configuration, cookie settings |
23
+ | `application/database.php` | Hardcoded database credentials |
24
+ | `application/` | Use of `whereRaw`, `Db::query`, or direct interpolation |
25
+ | `thinkphp/VERSION` | Check for vulnerable ThinkPHP versions (below 5.0.24) |
26
+ | `.env` | Proper environment variable configuration |
27
+ | `public/` | Sensitive file exposure in the web root |
28
+
29
+ ## Usage
30
+
31
+ ### ThinkPHP 5.0 Core Version Check
32
+ Check if the ThinkPHP core is up to date:
33
+ ```bash
34
+ grep "'VERSION'" thinkphp/base.php
35
+ ```
36
+
37
+ ### Config Scan
38
+ Check `app_debug` state:
39
+ ```bash
40
+ grep "'app_debug'" application/config.php
41
+ ```
42
+
43
+ ### Database Credential Check
44
+ Scan for potential hardcoded credentials:
45
+ ```bash
46
+ grep -C 5 "'password'" application/database.php
47
+ ```
48
+
49
+ ### SQL Injection Scan
50
+ Scan for potentially dangerous raw queries:
51
+ ```bash
52
+ grep -r "whereRaw" application/
53
+ grep -r "Db::query" application/
54
+ ```
55
+
56
+ ## Severity Levels
57
+
58
+ | Grade | Meaning |
59
+ |-------|---------|
60
+ | Critical | RCE via vulnerable ThinkPHP version, Hardcoded production DB password |
61
+ | High | Debug mode enabled in production, SQLi through unparameterized raw queries |
62
+ | Medium | Missing CSRF tokens in forms, Weak cookie settings |
63
+ | Info | Missing file upload validation, Predicted filenames |
64
+
65
+ ## Links
66
+
67
+ - **ThinkPHP 5.0 Core Security Patch**: [Official ThinkPHP site](https://www.thinkphp.cn/)
68
+ - **PHP Security Guide**: [OWASP PHP Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/PHP_Configuration_Cheat_Sheet.html)
package/skills/security-scan/scripts/scan-config.ps1 ADDED
@@ -0,0 +1,31 @@
1
+ # Scan ThinkPHP config for security issues
2
+ # Usage: .\scan-config.ps1
3
+
4
+ Write-Host "Scanning application/config.php..." -ForegroundColor Cyan
5
+
6
+ $configPath = "application/config.php"
7
+ if (Test-Path $configPath) {
8
+ $debugMode = Select-String -Path $configPath -Pattern "'app_debug'\s*=>\s*true"
9
+ if ($debugMode) {
10
+ Write-Host "[WARNING] app_debug is set to true. Ensure this is NOT production." -ForegroundColor Yellow
11
+ $debugMode
12
+ } else {
13
+ Write-Host "[OK] app_debug is not true." -ForegroundColor Green
14
+ }
15
+ } else {
16
+ Write-Host "[ERROR] application/config.php not found." -ForegroundColor Red
17
+ }
18
+
19
+ Write-Host "`nScanning application/database.php for hardcoded passwords..." -ForegroundColor Cyan
20
+ $dbPath = "application/database.php"
21
+ if (Test-Path $dbPath) {
22
+ $passwords = Select-String -Path $dbPath -Pattern "'password'\s*=>\s*'[^']+'"
23
+ if ($passwords) {
24
+ Write-Host "[WARNING] Potential hardcoded passwords found in database.php." -ForegroundColor Yellow
25
+ $passwords
26
+ } else {
27
+ Write-Host "[OK] No obvious hardcoded passwords found." -ForegroundColor Green
28
+ }
29
+ } else {
30
+ Write-Host "[ERROR] application/database.php not found." -ForegroundColor Red
31
+ }
package/skills/security-scan/scripts/scan-sqli.ps1 ADDED
@@ -0,0 +1,21 @@
1
+ # Scan ThinkPHP application for potential SQLi vectors
2
+ # Usage: .\scan-sqli.ps1
3
+
4
+ Write-Host "Scanning application/ for potential SQL Injection vectors..." -ForegroundColor Cyan
5
+
6
+ $rootPath = "application"
7
+ $patterns = @("whereRaw", "Db::query", "->query\(", "->execute\(")
8
+
9
+ foreach ($pattern in $patterns) {
10
+ Write-Host "Checking for: $pattern" -ForegroundColor Gray
11
+ $results = Get-ChildItem -Path $rootPath -Recurse -Filter "*.php" | Select-String -Pattern $pattern
12
+ if ($results) {
13
+ Write-Host "[WARNING] Potential raw queries found using: $pattern" -ForegroundColor Yellow
14
+ $results | ForEach-Object {
15
+ Write-Host "$($_.Path):$($_.LineNumber) - $($_.Line.Trim())"
16
+ }
17
+ } else {
18
+ Write-Host "[OK] No usage of $pattern found." -ForegroundColor Green
19
+ }
20
+ Write-Host ""
21
+ }
package/skills/skill-stocktake/SKILL.md ADDED
@@ -0,0 +1,193 @@
1
+ ---
2
+ description: "Use when auditing Claude skills and commands for quality. Supports Quick Scan (changed skills only) and Full Stocktake modes with sequential subagent batch evaluation."
3
+ origin: ECC
4
+ ---
5
+
6
+ # skill-stocktake
7
+
8
+ Slash command (`/skill-stocktake`) that audits all Claude skills and commands using a quality checklist + AI holistic judgment. Supports two modes: Quick Scan for recently changed skills, and Full Stocktake for a complete review.
9
+
10
+ ## Scope
11
+
12
+ The command targets the following paths **relative to the directory where it is invoked**:
13
+
14
+ | Path | Description |
15
+ |------|-------------|
16
+ | `~/.claude/skills/` | Global skills (all projects) |
17
+ | `{cwd}/.claude/skills/` | Project-level skills (if the directory exists) |
18
+
19
+ **At the start of Phase 1, the command explicitly lists which paths were found and scanned.**
20
+
21
+ ### Targeting a specific project
22
+
23
+ To include project-level skills, run from that project's root directory:
24
+
25
+ ```bash
26
+ cd ~/path/to/my-project
27
+ /skill-stocktake
28
+ ```
29
+
30
+ If the project has no `.claude/skills/` directory, only global skills and commands are evaluated.
31
+
32
+ ## Modes
33
+
34
+ | Mode | Trigger | Duration |
35
+ |------|---------|---------|
36
+ | Quick Scan | `results.json` exists (default) | 5–10 min |
37
+ | Full Stocktake | `results.json` absent, or `/skill-stocktake full` | 20–30 min |
38
+
39
+ **Results cache:** `~/.claude/skills/skill-stocktake/results.json`
40
+
41
+ ## Quick Scan Flow
42
+
43
+ Re-evaluate only skills that have changed since the last run (5–10 min).
44
+
45
+ 1. Read `~/.claude/skills/skill-stocktake/results.json`
46
+ 2. Run: `bash ~/.claude/skills/skill-stocktake/scripts/quick-diff.sh \
47
+ ~/.claude/skills/skill-stocktake/results.json`
48
+ (Project dir is auto-detected from `$PWD/.claude/skills`; pass it explicitly only if needed)
49
+ 3. If output is `[]`: report "No changes since last run." and stop
50
+ 4. Re-evaluate only those changed files using the same Phase 2 criteria
51
+ 5. Carry forward unchanged skills from previous results
52
+ 6. Output only the diff
53
+ 7. Run: `bash ~/.claude/skills/skill-stocktake/scripts/save-results.sh \
54
+ ~/.claude/skills/skill-stocktake/results.json <<< "$EVAL_RESULTS"`
55
+
56
+ ## Full Stocktake Flow
57
+
58
+ ### Phase 1 — Inventory
59
+
60
+ Run: `bash ~/.claude/skills/skill-stocktake/scripts/scan.sh`
61
+
62
+ The script enumerates skill files, extracts frontmatter, and collects UTC mtimes.
63
+ Project dir is auto-detected from `$PWD/.claude/skills`; pass it explicitly only if needed.
64
+ Present the scan summary and inventory table from the script output:
65
+
66
+ ```
67
+ Scanning:
68
+ ✓ ~/.claude/skills/ (17 files)
69
+ ✗ {cwd}/.claude/skills/ (not found — global skills only)
70
+ ```
71
+
72
+ | Skill | 7d use | 30d use | Description |
73
+ |-------|--------|---------|-------------|
74
+
75
+ ### Phase 2 — Quality Evaluation
76
+
77
+ Launch an Agent tool subagent (**general-purpose agent**) with the full inventory and checklist:
78
+
79
+ ```text
80
+ Agent(
81
+ subagent_type="general-purpose",
82
+ prompt="
83
+ Evaluate the following skill inventory against the checklist.
84
+
85
+ [INVENTORY]
86
+
87
+ [CHECKLIST]
88
+
89
+ Return JSON for each skill:
90
+ { \"verdict\": \"Keep\"|\"Improve\"|\"Update\"|\"Retire\"|\"Merge into [X]\", \"reason\": \"...\" }
91
+ "
92
+ )
93
+ ```
94
+
95
+ The subagent reads each skill, applies the checklist, and returns per-skill JSON:
96
+
97
+ `{ "verdict": "Keep"|"Improve"|"Update"|"Retire"|"Merge into [X]", "reason": "..." }`
98
+
99
+ **Chunk guidance:** Process ~20 skills per subagent invocation to keep context manageable. Save intermediate results to `results.json` (`status: "in_progress"`) after each chunk.
100
+
101
+ After all skills are evaluated: set `status: "completed"`, proceed to Phase 3.
102
+
103
+ **Resume detection:** If `status: "in_progress"` is found on startup, resume from the first unevaluated skill.
104
+
105
+ Each skill is evaluated against this checklist:
106
+
107
+ ```
108
+ - [ ] Content overlap with other skills checked
109
+ - [ ] Overlap with MEMORY.md / CLAUDE.md checked
110
+ - [ ] Freshness of technical references verified (use WebSearch if tool names / CLI flags / APIs are present)
111
+ - [ ] Usage frequency considered
112
+ ```
113
+
114
+ Verdict criteria:
115
+
116
+ | Verdict | Meaning |
117
+ |---------|---------|
118
+ | Keep | Useful and current |
119
+ | Improve | Worth keeping, but specific improvements needed |
120
+ | Update | Referenced technology is outdated (verify with WebSearch) |
121
+ | Retire | Low quality, stale, or cost-asymmetric |
122
+ | Merge into [X] | Substantial overlap with another skill; name the merge target |
123
+
124
+ Evaluation is **holistic AI judgment** — not a numeric rubric. Guiding dimensions:
125
+ - **Actionability**: code examples, commands, or steps that let you act immediately
126
+ - **Scope fit**: name, trigger, and content are aligned; not too broad or narrow
127
+ - **Uniqueness**: value not replaceable by MEMORY.md / CLAUDE.md / another skill
128
+ - **Currency**: technical references work in the current environment
129
+
130
+ **Reason quality requirements** — the `reason` field must be self-contained and decision-enabling:
131
+ - Do NOT write "unchanged" alone — always restate the core evidence
132
+ - For **Retire**: state (1) what specific defect was found, (2) what covers the same need instead
133
+ - Bad: `"Superseded"`
134
+ - Good: `"disable-model-invocation: true already set; superseded by continuous-learning-v2 which covers all the same patterns plus confidence scoring. No unique content remains."`
135
+ - For **Merge**: name the target and describe what content to integrate
136
+ - Bad: `"Overlaps with X"`
137
+ - Good: `"42-line thin content; Step 4 of chatlog-to-article already covers the same workflow. Integrate the 'article angle' tip as a note in that skill."`
138
+ - For **Improve**: describe the specific change needed (what section, what action, target size if relevant)
139
+ - Bad: `"Too long"`
140
+ - Good: `"276 lines; Section 'Framework Comparison' (L80–140) duplicates ai-era-architecture-principles; delete it to reach ~150 lines."`
141
+ - For **Keep** (mtime-only change in Quick Scan): restate the original verdict rationale, do not write "unchanged"
142
+ - Bad: `"Unchanged"`
143
+ - Good: `"mtime updated but content unchanged. Unique Python reference explicitly imported by rules/python/; no overlap found."`
144
+
145
+ ### Phase 3 — Summary Table
146
+
147
+ | Skill | 7d use | Verdict | Reason |
148
+ |-------|--------|---------|--------|
149
+
150
+ ### Phase 4 — Consolidation
151
+
152
+ 1. **Retire / Merge**: present detailed justification per file before confirming with user:
153
+ - What specific problem was found (overlap, staleness, broken references, etc.)
154
+ - What alternative covers the same functionality (for Retire: which existing skill/rule; for Merge: the target file and what content to integrate)
155
+ - Impact of removal (any dependent skills, MEMORY.md references, or workflows affected)
156
+ 2. **Improve**: present specific improvement suggestions with rationale:
157
+ - What to change and why (e.g., "trim 430→200 lines because sections X/Y duplicate python-patterns")
158
+ - User decides whether to act
159
+ 3. **Update**: present updated content with sources checked
160
+ 4. Check MEMORY.md line count; propose compression if >100 lines
161
+
162
+ ## Results File Schema
163
+
164
+ `~/.claude/skills/skill-stocktake/results.json`:
165
+
166
+ **`evaluated_at`**: Must be set to the actual UTC time of evaluation completion.
167
+ Obtain via Bash: `date -u +%Y-%m-%dT%H:%M:%SZ`. Never use a date-only approximation like `T00:00:00Z`.
168
+
169
+ ```json
170
+ {
171
+ "evaluated_at": "2026-02-21T10:00:00Z",
172
+ "mode": "full",
173
+ "batch_progress": {
174
+ "total": 80,
175
+ "evaluated": 80,
176
+ "status": "completed"
177
+ },
178
+ "skills": {
179
+ "skill-name": {
180
+ "path": "~/.claude/skills/skill-name/SKILL.md",
181
+ "verdict": "Keep",
182
+ "reason": "Concrete, actionable, unique value for X workflow",
183
+ "mtime": "2026-01-15T08:30:00Z"
184
+ }
185
+ }
186
+ }
187
+ ```
188
+
189
+ ## Notes
190
+
191
+ - Evaluation is blind: the same checklist applies to all skills regardless of origin (ECC, self-authored, auto-extracted)
192
+ - Archive / delete operations always require explicit user confirmation
193
+ - No verdict branching by skill origin