@iletai/nzb 1.1.0

package/dist/update.js

@@ -0,0 +1,72 @@
+import { readFileSync } from "fs";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+import { exec as execCb, execSync } from "child_process";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+function getLocalVersion() {
+    try {
+        const pkg = JSON.parse(readFileSync(join(__dirname, "..", "package.json"), "utf-8"));
+        return pkg.version || "0.0.0";
+    }
+    catch {
+        return "0.0.0";
+    }
+}
+/** Run a command asynchronously and return stdout. */
+function execAsync(cmd, timeoutMs) {
+    return new Promise((resolve, reject) => {
+        execCb(cmd, { encoding: "utf-8", timeout: timeoutMs }, (err, stdout) => {
+            if (err)
+                return reject(err);
+            resolve(stdout.trim());
+        });
+    });
+}
+/** Fetch the latest published version from npm. Returns null on failure. */
+export async function getLatestVersion() {
+    try {
+        const result = await execAsync("npm view nzb version", 10_000);
+        return result || null;
+    }
+    catch {
+        return null;
+    }
+}
+/** Compare two semver strings. Returns true if remote is newer. */
+function isNewer(local, remote) {
+    const parse = (v) => v.split(".").map(Number);
+    const [lMaj, lMin, lPat] = parse(local);
+    const [rMaj, rMin, rPat] = parse(remote);
+    if (rMaj !== lMaj)
+        return rMaj > lMaj;
+    if (rMin !== lMin)
+        return rMin > lMin;
+    return rPat > lPat;
+}
+/** Check whether a newer version is available on npm. */
+export async function checkForUpdate() {
+    const current = getLocalVersion();
+    const latest = await getLatestVersion();
+    return {
+        current,
+        latest,
+        updateAvailable: latest !== null && isNewer(current, latest),
+        checkSucceeded: latest !== null,
+    };
+}
+/** Run `npm install -g nzb@latest` and return success/failure. */
+export async function performUpdate() {
+    try {
+        const output = execSync("npm install -g nzb@latest", {
+            encoding: "utf-8",
+            timeout: 60_000,
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        return { ok: true, output: output.trim() };
+    }
+    catch (err) {
+        const msg = err.stderr?.trim() || err.message || "Unknown error";
+        return { ok: false, output: msg };
+    }
+}
+//# sourceMappingURL=update.js.map

package/package.json

@@ -0,0 +1,64 @@
+{
+	"name": "@iletai/nzb",
+	"version": "1.1.0",
+	"description": "NZB — a personal AI assistant for developers, built on the GitHub Copilot SDK",
+	"bin": {
+		"nzb": "dist/cli.js"
+	},
+	"publishConfig": {
+		"access": "public"
+	},
+	"files": [
+		"dist/**/*.js",
+		"scripts/fix-esm-imports.cjs",
+		"skills/",
+		"README.md"
+	],
+	"scripts": {
+		"build": "tsc",
+		"postinstall": "node scripts/fix-esm-imports.cjs",
+		"daemon": "tsx src/daemon.ts",
+		"tui": "tsx src/tui/index.ts",
+		"dev": "tsx --watch src/daemon.ts",
+		"format": "prettier --write .",
+		"format:check": "prettier --check .",
+		"prepublishOnly": "npm run build"
+	},
+	"engines": {
+		"node": ">=18"
+	},
+	"keywords": [
+		"copilot",
+		"telegram",
+		"orchestrator",
+		"ai",
+		"cli"
+	],
+	"author": "iletai",
+	"license": "MIT",
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/iletai/AI-Agent-Assistant.git"
+	},
+	"homepage": "https://github.com/iletai/AI-Agent-Assistant#readme",
+	"bugs": {
+		"url": "https://github.com/iletai/AI-Agent-Assistant/issues"
+	},
+	"type": "module",
+	"dependencies": {
+		"@github/copilot-sdk": "^0.1.26",
+		"better-sqlite3": "^12.6.2",
+		"dotenv": "^17.3.1",
+		"express": "^5.2.1",
+		"grammy": "^1.40.0",
+		"zod": "^4.3.6"
+	},
+	"devDependencies": {
+		"@types/better-sqlite3": "^7.6.13",
+		"@types/express": "^5.0.6",
+		"@types/node": "^25.3.0",
+		"prettier": "^3.8.1",
+		"tsx": "^4.21.0",
+		"typescript": "^5.9.3"
+	}
+}

package/scripts/fix-esm-imports.cjs

@@ -0,0 +1,25 @@
+// Patch vscode-jsonrpc to add an exports map for Node.js ESM compatibility.
+// The package ships node.js / browser.js entry points but lacks an "exports"
+// field, so `import "vscode-jsonrpc/node"` fails under strict ESM resolution.
+const fs = require("fs");
+
+try {
+	const pkgPath = require.resolve("vscode-jsonrpc/package.json", {
+		paths: [process.cwd()],
+	});
+	const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
+	if (!pkg.exports) {
+		pkg.exports = {
+			".": "./lib/node/main.js",
+			"./node": "./node.js",
+			"./node.js": "./node.js",
+			"./browser": "./browser.js",
+			"./browser.js": "./browser.js",
+			"./lib/*": "./lib/*",
+			"./package.json": "./package.json",
+		};
+		fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, "\t") + "\n");
+	}
+} catch {
+	// Best effort — don't break install if the dep isn't present yet
+}

package/skills/find-skills/SKILL.md

@@ -0,0 +1,161 @@
+---
+name: find-skills
+description: Helps users discover agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. Always ask the user for permission before installing any skill, and flag security risks.
+---
+
+# Find Skills
+
+Discover and install skills from the open agent skills ecosystem at https://skills.sh/.
+
+## When to Use
+
+Use this skill when the user:
+
+- Asks "how do I do X" where X might be a common task with an existing skill
+- Says "find a skill for X" or "is there a skill for X"
+- Asks "can you do X" where X is a specialized capability
+- Expresses interest in extending agent capabilities
+- Wants to search for tools, templates, or workflows
+
+## Search & Present
+
+Do these two steps in a worker session — they can run in parallel:
+
+### 1. Search the API
+
+```bash
+curl -s "https://skills.sh/api/search?q=QUERY"
+```
+
+Replace `QUERY` with a URL-encoded search term (e.g., `react`, `email`, `pr+review`). The response is JSON with skills sorted by installs (most popular first):
+
+```json
+{
+  "skills": [
+    {
+      "id": "vercel-labs/agent-skills/vercel-react-best-practices",
+      "skillId": "vercel-react-best-practices",
+      "name": "vercel-react-best-practices",
+      "installs": 174847,
+      "source": "vercel-labs/agent-skills"
+    }
+  ]
+}
+```
+
+### 2. Fetch Security Audits
+
+**Required — do not skip.** Use the `web_fetch` tool to get the audits page:
+
+```
+web_fetch url="https://skills.sh/audits"
+```
+
+If `web_fetch` fails or returns unexpected content, still present the search results but show "⚠️ Audit unavailable" for all security columns and include a link to https://skills.sh/audits so the user can check manually.
+
+This returns markdown where each skill has a heading (`### skill-name`) followed by its source, then three security scores:
+
+- **Gen Agent Trust Hub**: Safe / Med Risk / Critical
+- **Socket**: Number of alerts (0 is best)
+- **Snyk**: Low Risk / Med Risk / High Risk / Critical
+
+Scan the returned markdown to find scores for each skill from your search results. Match by both **skill name** and **full source** (`owner/repo`) to avoid misattribution — different repos can have skills with the same name.
+
+### 3. Present Combined Results
+
+Cross-reference the search results with the audit data and format as a numbered table. Show the top 6-8 results sorted by installs:
+
+```
+#  Skill                         Publisher      Installs   Gen    Socket  Snyk
+─  ─────────────────────────────  ─────────────  ────────   ─────  ──────  ────────
+1  vercel-react-best-practices   vercel-labs     175.3K    ✅Safe  ✅ 0    ✅Low
+2  web-design-guidelines         vercel-labs     135.8K    ✅Safe  ✅ 0    ⚠️Med
+3  frontend-design               anthropics      122.6K    ✅Safe  ✅ 0    ✅Low
+4  remotion-best-practices       remotion-dev    125.2K    ✅Safe  ✅ 0    ⚠️Med
+5  browser-use                   browser-use      45.0K    ⚠️Med  🔴 1    🔴High
+```
+
+**Formatting:**
+- Sort by installs descending
+- Format counts: 1000+ → "1.0K", 1000000+ → "1.0M"
+- ✅ for Safe / Low Risk / 0 alerts, ⚠️ for Med Risk, 🔴 for High Risk / Critical / 1+ alerts
+- If a skill has no audit data, show "⚠️ N/A" — never leave security blank
+- Publisher = first part of `source` field (before `/`)
+
+After the table:
+
+```
+🔗 Browse all: https://skills.sh/
+
+Pick a number to install (or "none")
+```
+
+## Install
+
+**NEVER install without the user picking a number first.**
+
+When the user picks a skill:
+
+### Security Gate
+
+If ANY of its three audit scores is not green (Safe / 0 alerts / Low Risk), warn before proceeding:
+
+```
+⚠️ "{skill-name}" has security concerns:
+  • Gen Agent Trust Hub: {score}
+  • Socket: {count} alerts
+  • Snyk: {score}
+
+Want to proceed anyway, or pick a different skill?
+```
+
+Wait for explicit confirmation. Do not install if the user says no.
+
+### Fetch & Install
+
+1. **Fetch the SKILL.md** from GitHub. The `source` field is `owner/repo` and `skillId` is the directory:
+
+```bash
+curl -fsSL "https://raw.githubusercontent.com/{source}/main/{skillId}/SKILL.md" || \
+curl -fsSL "https://raw.githubusercontent.com/{source}/master/{skillId}/SKILL.md"
+```
+
+If both fail, tell the user and link to `https://github.com/{source}`.
+
+2. **Validate** the fetched content: it must not be empty and should contain meaningful instructions (more than just a title). If the content is empty, an HTML error page, or clearly not a SKILL.md, do NOT install — tell the user it couldn't be fetched properly.
+
+3. **Install** using the `learn_skill` tool:
+   - `slug`: the `skillId` from the API
+   - `name`: from the SKILL.md frontmatter `name:` field (between `---` markers). If no frontmatter, use `skillId`.
+   - `description`: from the SKILL.md frontmatter `description:` field. If none, use the first sentence.
+   - `instructions`: if frontmatter exists, use the content after the closing `---`. If no frontmatter, use the full fetched content as instructions.
+
+**Always install to ~/.nzb/skills/ via learn_skill. Never install globally.**
+
+## Behavioral Security Review
+
+In addition to audit scores, review the fetched SKILL.md content before installing. Flag concerns if the skill:
+
+- **Runs arbitrary shell commands** or executes code on the user's machine
+- **Accesses sensitive data** — credentials, API keys, SSH keys, personal files
+- **Makes network requests** to external services (data exfiltration risk)
+- **Comes from an unknown or unverified source** with no audit data
+
+If any of these apply, warn the user with specifics even if audit scores are green:
+
+```
+⚠️ Note: "{skill-name}" requests shell access and reads files from your home directory.
+This is common for CLI-integration skills, but worth knowing. Proceed?
+```
+
+## When No Skills Are Found
+
+If the API returns no results:
+
+1. Tell the user no existing skill was found
+2. Offer to help directly with your general capabilities
+3. Suggest building a custom skill if the task is worth automating
+
+## Uninstalling
+
+Use the `uninstall_skill` tool with the skill's slug to remove it from `~/.nzb/skills/`.

package/skills/find-skills/_meta.json

@@ -0,0 +1,4 @@
+{
+	"slug": "find-skills",
+	"version": "1.0.0"
+}

package/skills/gogcli/SKILL.md

@@ -0,0 +1,168 @@
+---
+name: Google (gogcli)
+description: Access Gmail, Google Calendar, Drive, Contacts, Tasks, Sheets, Docs, and more via the gog CLI. Use when the user asks about email, calendar, files, contacts, or any Google service.
+---
+
+# Google CLI (gogcli)
+
+NZB can interact with Google services using the `gog` CLI tool. This covers Gmail, Calendar, Drive, Contacts, Tasks, Sheets, Docs, Slides, Forms, and more.
+
+## Prerequisites
+
+- `gog` must be installed: `brew install steipete/tap/gogcli`
+- OAuth credentials must be stored: `gog auth credentials ~/path/to/client_secret.json`
+- User must be authenticated: `gog auth add user@gmail.com`
+- Check auth status: `gog auth status`
+
+If `gog` is not installed or not authenticated, guide the user through setup.
+
+## Important Flags
+
+Always use these flags when running `gog` commands programmatically:
+
+- `--json` or `-j` — JSON output (best for parsing results)
+- `--plain` or `-p` — stable TSV output (good for simple lists)
+- `--no-input` — never prompt for input (prevents hanging)
+- `--force` or `-y` — skip confirmations for destructive commands
+- `-a email@example.com` — specify which Google account to use
+
+## Gmail
+
+```bash
+# Search emails (Gmail query syntax)
+gog gmail search "is:unread" --json
+gog gmail search "from:someone@example.com" --json
+gog gmail search "subject:meeting is:unread newer_than:1d" --json
+
+# Read a specific message
+gog gmail get <messageId> --json
+
+# Send an email
+gog send --to "recipient@example.com" --subject "Hello" --body "Message body"
+gog send --to "a@example.com" --cc "b@example.com" --subject "Hi" --body "Hello" --html
+
+# Reply to a thread
+gog gmail messages reply <messageId> --body "Reply text"
+
+# List labels
+gog gmail labels list --json
+
+# Manage threads
+gog gmail thread get <threadId> --json
+gog gmail thread modify <threadId> --add-labels "STARRED"
+gog gmail thread modify <threadId> --remove-labels "UNREAD"
+
+# Drafts
+gog gmail drafts list --json
+gog gmail drafts create --to "user@example.com" --subject "Draft" --body "Content"
+```
+
+## Calendar
+
+```bash
+# List today's events
+gog calendar events --json
+
+# List events in a date range
+gog calendar events --from "2025-01-01" --to "2025-01-31" --json
+
+# List all calendars
+gog calendar calendars --json
+
+# Create an event
+gog calendar create <calendarId> --summary "Meeting" --start "2025-01-15T10:00:00" --end "2025-01-15T11:00:00"
+
+# Search events
+gog calendar search "standup" --json
+
+# Find conflicts
+gog calendar conflicts --json
+
+# RSVP to an event
+gog calendar respond <calendarId> <eventId> --status accepted
+
+# Free/busy check
+gog calendar freebusy "user@example.com" --from "2025-01-15" --to "2025-01-16" --json
+```
+
+For calendar IDs: use `primary` for the user's main calendar, or the calendar's email address.
+
+## Drive
+
+```bash
+# List files in root
+gog ls --json
+
+# List files in a folder
+gog ls --parent <folderId> --json
+
+# Search files
+gog search "quarterly report" --json
+
+# Download a file
+gog download <fileId>
+gog download <fileId> --output /path/to/save
+
+# Upload a file
+gog upload /path/to/file
+gog upload /path/to/file --parent <folderId>
+
+# Create a folder
+gog drive mkdir "New Folder"
+gog drive mkdir "Subfolder" --parent <folderId>
+
+# Share a file
+gog drive share <fileId> --email "user@example.com" --role writer
+
+# Get file info
+gog drive get <fileId> --json
+```
+
+## Contacts
+
+```bash
+# Search contacts
+gog contacts search "John" --json
+
+# List all contacts
+gog contacts list --json
+
+# Create a contact
+gog contacts create --given-name "John" --family-name "Doe" --email "john@example.com"
+```
+
+## Tasks
+
+```bash
+# List task lists
+gog tasks lists list --json
+
+# List tasks in a list
+gog tasks list <tasklistId> --json
+
+# Add a task
+gog tasks add <tasklistId> --title "Buy groceries"
+
+# Complete a task
+gog tasks done <tasklistId> <taskId>
+```
+
+## Sheets
+
+```bash
+# Read a sheet
+gog sheets get <spreadsheetId> --json
+gog sheets values <spreadsheetId> "Sheet1!A1:D10" --json
+
+# Update cells
+gog sheets update <spreadsheetId> "Sheet1!A1" --values '[["Hello","World"]]'
+```
+
+## Tips
+
+- Use `gog whoami` to check which account is active
+- The `--json` flag is your friend — always use it when you need to parse output
+- Gmail search uses standard Gmail query syntax (same as the Gmail search bar)
+- For calendar, `primary` is the default calendar ID
+- Most list commands support `--limit` to control how many results to return
+- Use `gog open <fileId>` to get a browser URL for any Google resource

package/skills/gogcli/_meta.json

@@ -0,0 +1,4 @@
+{
+	"slug": "gogcli",
+	"version": "1.0.0"
+}

package/skills/skills-lock.json

@@ -0,0 +1,10 @@
+{
+  "version": 1,
+  "skills": {
+    "telegram-bot-builder": {
+      "source": "sickn33/antigravity-awesome-skills",
+      "sourceType": "github",
+      "computedHash": "694c116eb5cbf333afb35cec50e34a53c4e51f3dc1258300ec2b4fdcdd827ed2"
+    }
+  }
+}