@geekbeer/minion 1.6.1 → 2.4.1

package/api.js

@@ -31,7 +31,9 @@ async function request(endpoint, options = {}) {
   const data = await response.json()
 
   if (!response.ok) {
-    throw new Error(data.error || `API request failed: ${response.status}`)
+    const err = new Error(data.error || `API request failed: ${response.status}`)
+    err.statusCode = response.status
+    throw err
   }
 
   return data

package/lib/process-manager.js

@@ -51,7 +51,7 @@ function buildAllowedCommands(procMgr) {
     }
     commands['update-agent'] = {
       description: 'Update @geekbeer/minion to latest version and restart',
-      command: `npm update -g @geekbeer/minion && ${SUDO}systemctl restart minion-agent`,
+      command: `npm install -g @geekbeer/minion@latest && ${SUDO}systemctl restart minion-agent`,
       deferred: true,
     }
     commands['restart-display'] = {
@@ -70,7 +70,7 @@ function buildAllowedCommands(procMgr) {
     }
     commands['update-agent'] = {
       description: 'Update @geekbeer/minion to latest version and restart',
-      command: `npm update -g @geekbeer/minion && ${SUDO}supervisorctl restart minion-agent`,
+      command: `npm install -g @geekbeer/minion@latest && ${SUDO}supervisorctl restart minion-agent`,
       deferred: true,
     }
     commands['restart-display'] = {
@@ -85,7 +85,7 @@ function buildAllowedCommands(procMgr) {
     // Standalone mode: limited commands
     commands['update-agent'] = {
       description: 'Update @geekbeer/minion to latest version',
-      command: 'npm update -g @geekbeer/minion',
+      command: 'npm install -g @geekbeer/minion@latest',
     }
     commands['status-services'] = {
       description: 'Show agent process info',

package/minion-cli.sh

@@ -438,6 +438,16 @@ SUPEOF
     echo "  -> No bundled skills found (this is OK for development)"
   fi
 
+  # Deploy Claude rules (minion self-knowledge for AI)
+  local BUNDLED_RULES_DIR="${NPM_ROOT}/@geekbeer/minion/rules"
+  local CLAUDE_RULES_DIR="${TARGET_HOME}/.claude/rules"
+
+  if [ -d "$BUNDLED_RULES_DIR" ]; then
+    $RUN_AS mkdir -p "$CLAUDE_RULES_DIR"
+    $RUN_AS cp "$BUNDLED_RULES_DIR"/minion.md "$CLAUDE_RULES_DIR"/minion.md
+    echo "  -> Deployed Claude rules: minion.md"
+  fi
+
   # Step 9 (optional): Cloudflare Tunnel setup
   if [ "$SETUP_TUNNEL" = true ]; then
     echo ""
@@ -585,6 +595,50 @@ case "${1:-}" in
     echo "minion-agent restarted ($PROC_MGR)"
     ;;
 
+  skill)
+    shift
+    SKILL_CMD="${1:-}"
+    shift || true
+    case "$SKILL_CMD" in
+      push)
+        SKILL_NAME="${1:-}"
+        if [ -z "$SKILL_NAME" ]; then
+          echo "Usage: minion-cli skill push <skill-name>"
+          exit 1
+        fi
+        curl -s -X POST "$AGENT_URL/api/skills/push/$SKILL_NAME" \
+          -H "Authorization: Bearer $API_TOKEN" | jq .
+        ;;
+      fetch)
+        SKILL_NAME="${1:-}"
+        if [ -z "$SKILL_NAME" ]; then
+          echo "Usage: minion-cli skill fetch <skill-name>"
+          exit 1
+        fi
+        curl -s -X POST "$AGENT_URL/api/skills/fetch/$SKILL_NAME" \
+          -H "Authorization: Bearer $API_TOKEN" | jq .
+        ;;
+      list)
+        FLAG="${1:-}"
+        if [ "$FLAG" = "--local" ]; then
+          curl -s "$AGENT_URL/api/list-skills" \
+            -H "Authorization: Bearer $API_TOKEN" | jq .
+        else
+          curl -s "$AGENT_URL/api/skills/remote" \
+            -H "Authorization: Bearer $API_TOKEN" | jq .
+        fi
+        ;;
+      *)
+        echo "Usage: minion-cli skill <push|fetch|list> [options]"
+        echo ""
+        echo "Commands:"
+        echo "  push <name>     Push local skill to HQ"
+        echo "  fetch <name>    Fetch skill from HQ to local"
+        echo "  list            List skills on HQ (--local for local skills)"
+        ;;
+    esac
+    ;;
+
   *)
     echo "Minion Agent CLI (@geekbeer/minion) v${CLI_VERSION}"
     echo ""
@@ -596,6 +650,7 @@ case "${1:-}" in
     echo "  minion-cli status                         # Get current status"
     echo "  minion-cli health                         # Health check"
     echo "  minion-cli set-status <status> [task]     # Set status and optional task"
+    echo "  minion-cli skill <push|fetch|list>        # Manage skills with HQ"
     echo "  minion-cli --version                      # Show version"
     echo ""
     echo "Setup options:"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geekbeer/minion",
-  "version": "1.6.1",
+  "version": "2.4.1",
   "description": "AI Agent runtime for Minion - manages status and skill deployment on VPS",
   "main": "server.js",
   "bin": {
@@ -17,6 +17,8 @@
     "lib/",
     "routes/",
     "skills/",
+    "rules/",
+    "settings/",
     "minion-cli.sh",
     ".env.example"
   ],

package/routes/files.js

@@ -0,0 +1,288 @@
+/**
+ * File management endpoints
+ *
+ * Provides bidirectional file transfer between HQ and minion.
+ * Files are stored in ~/files/ directory.
+ *
+ * Endpoints:
+ * - GET    /api/files      - List files in directory
+ * - GET    /api/files/*    - Download a file
+ * - POST   /api/files/*    - Upload a file
+ * - DELETE  /api/files/*    - Delete a file
+ */
+
+const fs = require('fs').promises
+const fsSync = require('fs')
+const path = require('path')
+const os = require('os')
+
+const { verifyToken } = require('../lib/auth')
+
+/** Base directory for file storage */
+const FILES_DIR = path.join(os.homedir(), 'files')
+
+/** Max upload size: 50MB */
+const MAX_UPLOAD_SIZE = 50 * 1024 * 1024
+
+/**
+ * Resolve a user-provided path safely within the base directory.
+ * Returns null if the path escapes the sandbox.
+ *
+ * @param {string} basedir - Absolute base directory
+ * @param {string} userPath - User-provided relative path
+ * @returns {string|null} Resolved absolute path, or null if traversal detected
+ */
+function safePath(basedir, userPath) {
+  const decoded = decodeURIComponent(userPath)
+  // Reject null bytes
+  if (decoded.includes('\0')) return null
+  const resolved = path.resolve(basedir, decoded)
+  if (resolved === basedir) return resolved
+  if (!resolved.startsWith(basedir + path.sep)) return null
+  return resolved
+}
+
+/**
+ * Register file routes as Fastify plugin
+ * @param {import('fastify').FastifyInstance} fastify
+ */
+async function fileRoutes(fastify) {
+  // Register binary body parser for octet-stream
+  fastify.addContentTypeParser('application/octet-stream', function (request, payload, done) {
+    const chunks = []
+    let totalSize = 0
+    payload.on('data', chunk => {
+      totalSize += chunk.length
+      if (totalSize > MAX_UPLOAD_SIZE) {
+        done(new Error('File too large (max 50MB)'))
+        return
+      }
+      chunks.push(chunk)
+    })
+    payload.on('end', () => done(null, Buffer.concat(chunks)))
+    payload.on('error', done)
+  })
+
+  // GET /api/files - List files in directory
+  fastify.get('/api/files', async (request, reply) => {
+    if (!verifyToken(request)) {
+      reply.code(401)
+      return { success: false, error: 'Unauthorized' }
+    }
+
+    const subPath = request.query.path || ''
+
+    try {
+      let targetDir = FILES_DIR
+      if (subPath) {
+        targetDir = safePath(FILES_DIR, subPath)
+        if (!targetDir) {
+          reply.code(403)
+          return { success: false, error: 'Invalid path' }
+        }
+      }
+
+      // Ensure directory exists
+      await fs.mkdir(targetDir, { recursive: true })
+
+      const entries = await fs.readdir(targetDir, { withFileTypes: true })
+      const files = []
+
+      for (const entry of entries) {
+        const entryPath = path.join(targetDir, entry.name)
+        try {
+          const stat = await fs.lstat(entryPath)
+          // Skip symlinks that point outside FILES_DIR
+          if (stat.isSymbolicLink()) {
+            const realPath = await fs.realpath(entryPath)
+            if (!realPath.startsWith(FILES_DIR)) continue
+          }
+          const relativePath = path.relative(FILES_DIR, entryPath)
+          files.push({
+            name: entry.name,
+            path: relativePath,
+            size: stat.size,
+            modified: stat.mtime.toISOString(),
+            is_directory: entry.isDirectory(),
+          })
+        } catch {
+          // Skip entries we can't stat
+        }
+      }
+
+      // Sort: directories first, then by name
+      files.sort((a, b) => {
+        if (a.is_directory !== b.is_directory) return a.is_directory ? -1 : 1
+        return a.name.localeCompare(b.name)
+      })
+
+      return { success: true, files, current_path: subPath || '' }
+    } catch (error) {
+      console.error(`[Files] List error: ${error.message}`)
+      reply.code(500)
+      return { success: false, error: error.message }
+    }
+  })
+
+  // GET /api/files/* - Download a file
+  fastify.get('/api/files/*', async (request, reply) => {
+    if (!verifyToken(request)) {
+      reply.code(401)
+      return { success: false, error: 'Unauthorized' }
+    }
+
+    const filePath = request.params['*']
+    if (!filePath) {
+      reply.code(400)
+      return { success: false, error: 'File path is required' }
+    }
+
+    const resolved = safePath(FILES_DIR, filePath)
+    if (!resolved) {
+      reply.code(403)
+      return { success: false, error: 'Invalid path' }
+    }
+
+    try {
+      const stat = await fs.lstat(resolved)
+
+      // Don't allow downloading directories
+      if (stat.isDirectory()) {
+        reply.code(400)
+        return { success: false, error: 'Cannot download a directory' }
+      }
+
+      // Check symlink safety
+      if (stat.isSymbolicLink()) {
+        const realPath = await fs.realpath(resolved)
+        if (!realPath.startsWith(FILES_DIR)) {
+          reply.code(403)
+          return { success: false, error: 'Invalid path' }
+        }
+      }
+
+      const filename = path.basename(resolved)
+      reply
+        .type('application/octet-stream')
+        .header('Content-Disposition', `attachment; filename="${encodeURIComponent(filename)}"`)
+        .header('Content-Length', stat.size)
+
+      return reply.send(fsSync.createReadStream(resolved))
+    } catch (error) {
+      if (error.code === 'ENOENT') {
+        reply.code(404)
+        return { success: false, error: 'File not found' }
+      }
+      console.error(`[Files] Download error: ${error.message}`)
+      reply.code(500)
+      return { success: false, error: error.message }
+    }
+  })
+
+  // POST /api/files/* - Upload a file
+  fastify.post('/api/files/*', { bodyLimit: MAX_UPLOAD_SIZE }, async (request, reply) => {
+    if (!verifyToken(request)) {
+      reply.code(401)
+      return { success: false, error: 'Unauthorized' }
+    }
+
+    const filePath = request.params['*']
+    if (!filePath) {
+      reply.code(400)
+      return { success: false, error: 'File path is required' }
+    }
+
+    const resolved = safePath(FILES_DIR, filePath)
+    if (!resolved) {
+      reply.code(403)
+      return { success: false, error: 'Invalid path' }
+    }
+
+    // Don't allow overwriting the base directory itself
+    if (resolved === FILES_DIR) {
+      reply.code(400)
+      return { success: false, error: 'Invalid file path' }
+    }
+
+    try {
+      const body = request.body
+      if (!Buffer.isBuffer(body)) {
+        reply.code(400)
+        return { success: false, error: 'Expected binary body (application/octet-stream)' }
+      }
+
+      // Create parent directories
+      await fs.mkdir(path.dirname(resolved), { recursive: true })
+
+      // Write file
+      await fs.writeFile(resolved, body)
+
+      const stat = await fs.stat(resolved)
+      const relativePath = path.relative(FILES_DIR, resolved)
+
+      console.log(`[Files] Uploaded: ${relativePath} (${stat.size} bytes)`)
+
+      return {
+        success: true,
+        file: {
+          name: path.basename(resolved),
+          path: relativePath,
+          size: stat.size,
+        },
+      }
+    } catch (error) {
+      console.error(`[Files] Upload error: ${error.message}`)
+      reply.code(500)
+      return { success: false, error: error.message }
+    }
+  })
+
+  // DELETE /api/files/* - Delete a file or directory
+  fastify.delete('/api/files/*', async (request, reply) => {
+    if (!verifyToken(request)) {
+      reply.code(401)
+      return { success: false, error: 'Unauthorized' }
+    }
+
+    const filePath = request.params['*']
+    if (!filePath) {
+      reply.code(400)
+      return { success: false, error: 'File path is required' }
+    }
+
+    const resolved = safePath(FILES_DIR, filePath)
+    if (!resolved) {
+      reply.code(403)
+      return { success: false, error: 'Invalid path' }
+    }
+
+    // Don't allow deleting the base directory itself
+    if (resolved === FILES_DIR) {
+      reply.code(400)
+      return { success: false, error: 'Cannot delete root files directory' }
+    }
+
+    try {
+      await fs.access(resolved)
+    } catch {
+      reply.code(404)
+      return { success: false, error: 'File not found' }
+    }
+
+    try {
+      const stat = await fs.lstat(resolved)
+      await fs.rm(resolved, { recursive: stat.isDirectory(), force: true })
+
+      const relativePath = path.relative(FILES_DIR, resolved)
+      console.log(`[Files] Deleted: ${relativePath}`)
+
+      return { success: true, message: `Deleted ${relativePath}` }
+    } catch (error) {
+      console.error(`[Files] Delete error: ${error.message}`)
+      reply.code(500)
+      return { success: false, error: error.message }
+    }
+  })
+}
+
+module.exports = { fileRoutes }

package/routes/index.js

@@ -34,6 +34,12 @@
  *   GET  /api/terminal/capture      - Capture pane content (auth required)
  *   POST /api/terminal/send         - Send keys to session (auth required)
  *   POST /api/terminal/kill         - Kill a session (auth required)
+ *
+ * Files (routes/files.js)
+ *   GET    /api/files               - List files in directory (auth required)
+ *   GET    /api/files/*             - Download a file (auth required)
+ *   POST   /api/files/*             - Upload a file (auth required)
+ *   DELETE /api/files/*             - Delete a file (auth required)
  * ─────────────────────────────────────────────────────────────────────────────
  */
 
@@ -42,6 +48,7 @@ const { commandRoutes, getProcessManager, getAllowedCommands } = require('./comm
 const { skillRoutes } = require('./skills')
 const { workflowRoutes } = require('./workflows')
 const { terminalRoutes } = require('./terminal')
+const { fileRoutes } = require('./files')
 
 /**
  * Register all routes with Fastify instance
@@ -53,6 +60,7 @@ async function registerRoutes(fastify) {
   await fastify.register(skillRoutes)
   await fastify.register(workflowRoutes)
   await fastify.register(terminalRoutes)
+  await fastify.register(fileRoutes)
 }
 
 module.exports = {