@laitszkin/apollo-toolkit 2.7.0 → 2.8.0

package/AGENTS.md

@@ -4,8 +4,8 @@
 
 - This repository is a skill catalog: each top-level skill lives in its own directory and is installable when that directory contains `SKILL.md`.
 - Typical skill layout is lightweight and consistent: `SKILL.md`, `README.md`, `LICENSE`, plus optional `agents/`, `references/`, and `scripts/`.
-- The npm package exposes an `apollo-toolkit` CLI that stages a managed copy under `~/.apollo-toolkit` and links each skill folder into selected target directories.
-- `scripts/install_skills.sh` and `scripts/install_skills.ps1` remain available for local/curl installs and mirror the managed-home linking behavior.
+- The npm package exposes an `apollo-toolkit` CLI that stages a managed copy under `~/.apollo-toolkit` and copies each skill folder into selected target directories.
+- `scripts/install_skills.sh` and `scripts/install_skills.ps1` remain available for local/curl installs and mirror the managed-home copy behavior.
 
 ## Core Business Flow
 
@@ -20,7 +20,7 @@ This repository enables users to install and run a curated set of reusable agent
 - Users can research a topic deeply and produce evidence-based deliverables.
 - Users can research the latest completed market week and produce a PDF watchlist of tradeable instruments for the coming week.
 - Users can turn a marked weekly finance PDF into a concise evidence-based financial event report.
-- Users can install Apollo Toolkit through npm or npx and interactively choose one or more target skill directories to link.
+- Users can install Apollo Toolkit through npm or npx and interactively choose one or more target skill directories to populate with copied skills.
 - Users can design and implement new features through a spec-first workflow.
 - Users can generate shared feature spec, task, and checklist planning artifacts for approval-gated workflows.
 - Users can convert text or documents into audio files with subtitle timelines.
@@ -44,6 +44,7 @@ This repository enables users to install and run a curated set of reusable agent
 - Users can process GitHub pull request review comments and resolve addressed threads.
 - Users can perform repository-wide code reviews and publish confirmed findings as GitHub issues.
 - Users can schedule a bounded project runtime window, stop it automatically, and analyze module health from captured logs.
+- Users can investigate gated or shadow LLM APIs by capturing real client request shapes, replaying verified traffic patterns, and attributing the likely underlying model through black-box fingerprinting.
 - Users can build and maintain Solana programs and Rust clients using official Solana development workflows.
 - Users can add focused observability to opaque workflows through targeted logs, metrics, traces, and tests.
 - Users can build against Jupiter's official Solana swap, token, price, lending, trigger, recurring, and portfolio APIs with an evidence-based development guide.

package/CHANGELOG.md

@@ -4,6 +4,13 @@ All notable changes to this repository are documented in this file.
 
 ## [Unreleased]
 
+## [v2.8.0] - 2026-03-21
+
+### Changed
+- Change the npm installer and local install scripts to copy managed skill directories into selected targets instead of creating symlinks.
+- Replace legacy Apollo Toolkit symlink installs with real copied skill directories during reinstall, while still removing stale skills that no longer ship in the current version.
+- Normalize every repository `LICENSE` file to the MIT template owned by `LaiTszKin`.
+
 ## [v2.7.0] - 2026-03-20
 
 ### Added

package/README.md

@@ -1,6 +1,6 @@
 # Apollo Toolkit Skills
 
-A curated skill catalog for Codex, OpenClaw, and Trae with a managed installer that keeps the toolkit in `~/.apollo-toolkit` and links each skill into the targets you choose.
+A curated skill catalog for Codex, OpenClaw, and Trae with a managed installer that keeps the toolkit in `~/.apollo-toolkit` and copies each skill into the targets you choose.
 
 ## Included skills
 
@@ -37,6 +37,7 @@ A curated skill catalog for Codex, OpenClaw, and Trae with a managed installer t
 - review-change-set
 - review-codebases
 - scheduled-runtime-health-check
+- shadow-api-model-research
 - solana-development
 - systematic-debug
 - text-to-short-video
@@ -56,8 +57,9 @@ The interactive installer:
 - shows a branded `Apollo Toolkit` terminal welcome screen with a short staged reveal
 - installs a managed copy into `~/.apollo-toolkit`
 - lets you multi-select `codex`, `openclaw`, `trae`, or `all`
-- creates symlinks from `~/.apollo-toolkit/<skill>` into each selected target
-- in the same npm/npx install flow, removes stale linked skills that existed in the previous installed version but no longer exist in the current package skill list
+- copies `~/.apollo-toolkit/<skill>` into each selected target
+- removes stale previously installed skill directories that existed in the previous installed version but no longer exist in the current package skill list
+- replaces legacy symlink-based installs created by older Apollo Toolkit installers with real copied directories
 
 ### Global install
 

package/analyse-app-logs/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Lai Tsz Kin
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/archive-specs/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Lai Tsz Kin
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/commit-and-push/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Lai Tsz Kin
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/develop-new-features/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Lai Tsz Kin
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/docs-to-voice/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 tszkinlai
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/enhance-existing-features/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Lai Tsz Kin
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/feature-propose/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 tszkinlai
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/generate-spec/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Lai Tsz Kin
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/learn-skill-from-conversations/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Yamiyorunoshura
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -19,4 +19,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
-

package/lib/cli.js

@@ -67,8 +67,8 @@ function buildWelcomeScreen({ version, colorEnabled, stage = 4 }) {
       '',
       'This setup will configure:',
       `  ${color('*', '1;33', colorEnabled)} A managed Apollo Toolkit home in ${color('~/.apollo-toolkit', '1', colorEnabled)}`,
-      `  ${color('*', '1;33', colorEnabled)} Symlinked skill folders for your selected targets`,
-      `  ${color('*', '1;33', colorEnabled)} A clean install flow with target-aware linking`,
+      `  ${color('*', '1;33', colorEnabled)} Copied skill folders for your selected targets`,
+      `  ${color('*', '1;33', colorEnabled)} A clean install flow with target-aware replacement`,
     );
   }
 
@@ -178,7 +178,7 @@ function renderSelectionScreen({ output, version, cursor, selected, message, env
 
   clearScreen(output);
   output.write(`${buildBanner({ version, colorEnabled })}\n\n`);
-  output.write('Choose where Apollo Toolkit should create symlinked skills.\n');
+  output.write('Choose where Apollo Toolkit should copy managed skills.\n');
   output.write(`${color('Use Up/Down', '1;33', colorEnabled)} (or ${color('j/k', '1;33', colorEnabled)}) to move, ${color('Space', '1;33', colorEnabled)} to toggle, ${color('Enter', '1;33', colorEnabled)} to continue.\n`);
   output.write(`Press ${color('a', '1;33', colorEnabled)} to toggle all, ${color('q', '1;33', colorEnabled)} to cancel.\n\n`);
 
@@ -329,7 +329,7 @@ function printSummary({ stdout, version, toolkitHome, modes, installResult, env
   stdout.write(color('Installation complete.', '1;32', colorEnabled));
   stdout.write('\n');
   stdout.write(`Apollo Toolkit home: ${toolkitHome}\n`);
-  stdout.write(`Linked skills: ${installResult.skillNames.length}\n`);
+  stdout.write(`Installed skills: ${installResult.skillNames.length}\n`);
   stdout.write(`Targets: ${modes.join(', ')}\n\n`);
 
   for (const target of installResult.targets) {

package/lib/installer.js

@@ -185,18 +185,16 @@ async function ensureDirectory(dirPath) {
   await fsp.mkdir(dirPath, { recursive: true });
 }
 
-async function replaceWithSymlink(sourcePath, targetPath) {
+async function replaceWithCopy(sourcePath, targetPath) {
   await fsp.rm(targetPath, { recursive: true, force: true });
   await ensureDirectory(path.dirname(targetPath));
-
-  const type = process.platform === 'win32' ? 'junction' : 'dir';
-  await fsp.symlink(sourcePath, targetPath, type);
+  await fsp.cp(sourcePath, targetPath, { recursive: true, force: true });
 }
 
 async function installLinks({ toolkitHome, modes, env = process.env, previousSkillNames = [] }) {
   const skillNames = await listSkillNames(toolkitHome);
   const targets = await getTargetRoots(modes, env);
-  const linkedPaths = [];
+  const copiedPaths = [];
   const staleSkillNames = previousSkillNames.filter((skillName) => !skillNames.includes(skillName));
 
   for (const target of targets) {
@@ -207,15 +205,15 @@ async function installLinks({ toolkitHome, modes, env = process.env, previousSki
     for (const skillName of skillNames) {
       const sourcePath = path.join(toolkitHome, skillName);
       const targetPath = path.join(target.root, skillName);
-      await replaceWithSymlink(sourcePath, targetPath);
-      linkedPaths.push({ target: target.label, path: targetPath, skillName });
+      await replaceWithCopy(sourcePath, targetPath);
+      copiedPaths.push({ target: target.label, path: targetPath, skillName });
     }
   }
 
   return {
     skillNames,
     targets,
-    linkedPaths,
+    copiedPaths,
   };
 }
 

package/novel-to-short-video/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Yamiyorunoshura
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/open-github-issue/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Tsz Kin Lai
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/open-source-pr-workflow/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 LTKSunny
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/openai-text-to-image-storyboard/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 tszkinlai
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/openclaw-configuration/SKILL.md

@@ -9,6 +9,7 @@ description: Build, audit, and explain OpenClaw configuration from official docu
 
 - Required: none.
 - Conditional: `answering-questions-with-research` when a request depends on newer OpenClaw docs than the bundled references cover.
+- Conditional: `commit-and-push` when the user explicitly wants OpenClaw workspace changes committed and pushed after validation.
 - Optional: none.
 - Fallback: If the local CLI is unavailable, work from the bundled references and clearly mark any runtime behavior that was not verified on the machine.
 
@@ -33,6 +34,8 @@ Decide whether the user needs:
 - a new starter config
 - a targeted key update
 - skills loading or per-skill env setup
+- workspace persona or memory customization under `~/.openclaw/workspace`
+- browser, exec, or sandbox permission changes
 - secrets or provider wiring
 - validation or repair of a broken config
 
@@ -55,7 +58,9 @@ Assume the canonical config file is `~/.openclaw/openclaw.json` unless the envir
 
 - Prefer `openclaw config set` for one-path edits.
 - Prefer SecretRefs or env substitution over plaintext credentials.
-- For skill-specific setup, use `skills.load.extraDirs`, `skills.entries.<skillKey>`, and per-skill `env` or `apiKey`.
+- For skill-specific setup, prefer the workspace convention `~/.openclaw/workspace/skills`, then wire it through `skills.load.extraDirs`, `skills.entries.<skillKey>`, and per-skill `env` or `apiKey`.
+- When the user is customizing the assistant persona or standing instructions, inspect and edit the matching workspace files such as `AGENTS.md`, `TOOLS.md`, `SOUL.md`, `USER.md`, and `memory/*.md` instead of stuffing everything into `openclaw.json`.
+- When enabling automation or browser workflows, verify the actual permission path for `browser`, `exec`, and sandbox behavior rather than assuming the profile already grants them.
 - Do not invent unknown root keys; OpenClaw rejects schema-invalid config.
 
 ### 5. Validate before finishing
@@ -87,7 +92,30 @@ Summarize the relevant branch and point back to the matching official page rathe
 
 ### Configure skills
 
-Use `skills.load.extraDirs` for additional skill folders and `skills.entries.<skillKey>` for per-skill enablement, env vars, or `apiKey`.
+Use `skills.load.extraDirs` for additional skill folders and `skills.entries.<skillKey>` for per-skill enablement, env vars, or `apiKey`. When the user asks for OpenClaw workspace-local skills, default to `~/.openclaw/workspace/skills` unless the environment proves another convention.
+
+### Customize workspace instructions and persona
+
+When the request is about how the assistant should behave inside OpenClaw, inspect the workspace instruction files first and keep each edit in the narrowest home:
+
+- `AGENTS.md` for workflow rules, completion criteria, and memory discipline
+- `TOOLS.md` for tool usage instructions
+- `SOUL.md` for persona or relationship framing
+- `USER.md` for the user's profile and durable identity details
+- `memory/*.md` for durable corrections, failures, and learned preferences
+
+If the workspace is a git repo and the user explicitly asks to persist those changes remotely, validate first and then hand off to `commit-and-push`.
+
+### Verify tool permissions
+
+When the user says "make sure OpenClaw can use this tool," confirm the exact config path and runtime status for:
+
+- `tools.*` policy entries
+- sandbox mode and workspace access
+- `browser.enabled` and any browser profile settings
+- any profile-level defaults that may still block the tool
+
+Report both the config edit and the runtime verification command; do not assume that a schema-valid config means the tool is actually usable.
 
 ### Wire secrets
 

package/openclaw-configuration/references/best-practices.md

@@ -30,6 +30,7 @@ These rules are distilled from the official OpenClaw docs and adapted into a pra
 
 ## Skills rules
 
+- For OpenClaw workspace-local skills, prefer `~/.openclaw/workspace/skills` as the first extra skill root unless the machine already uses a different proven convention.
 - Put extra skill roots in `skills.load.extraDirs` instead of hard-coding ad hoc discovery logic elsewhere.
 - Use `skills.entries.<skillKey>.enabled` for explicit enable or disable state.
 - Use `skills.entries.<skillKey>.env` for skill-local environment variables.
@@ -37,6 +38,20 @@ These rules are distilled from the official OpenClaw docs and adapted into a pra
 - Leave `skills.load.watch` enabled while iterating on local skills unless file-watch churn becomes a confirmed problem.
 - If you set `skills.install.nodeManager`, remember the official docs still recommend Node as the runtime for the gateway itself.
 
+## Workspace customization rules
+
+- Do not force persona, memory, and workflow instructions into `openclaw.json` when the workspace already has dedicated files.
+- Use `AGENTS.md` for task-completion and memory-management instructions.
+- Use `TOOLS.md` for browser, Playwright, or wrapper command guidance.
+- Use `SOUL.md` for persona framing and `USER.md` for durable user profile facts.
+- When the user asks OpenClaw to remember valuable failures or corrections, store them in the workspace memory files that the current workspace already uses rather than inventing a second memory system.
+
+## Tool permission rules
+
+- Treat browser and sandbox enablement as a two-part check: config policy plus runtime verification.
+- After changing tool policy, verify the effective runtime state with the relevant OpenClaw command instead of trusting config shape alone.
+- If a tool still fails after config edits, inspect whether profile defaults or sandbox policy override the leaf setting.
+
 ## Troubleshooting rules
 
 - If the gateway stops booting after a config change, assume schema breakage first and validate before changing unrelated systems.

package/openclaw-configuration/references/config-reference-map.md

@@ -148,6 +148,28 @@ Notes confirmed by the docs:
 - `skills.entries` keys default to the skill name
 - if a skill defines `metadata.openclaw.skillKey`, use that key instead
 - watcher-driven skill changes are picked up on the next agent turn when watching is enabled
+- for workspace-scoped customization, `~/.openclaw/workspace/skills` is a practical local skill root to wire through `skills.load.extraDirs`
+
+## Workspace files often edited alongside config
+
+These are not all part of the OpenClaw JSON schema, but they are common neighboring files when users ask to customize behavior:
+
+- `~/.openclaw/workspace/AGENTS.md`
+- `~/.openclaw/workspace/TOOLS.md`
+- `~/.openclaw/workspace/SOUL.md`
+- `~/.openclaw/workspace/USER.md`
+- `~/.openclaw/workspace/memory/*.md`
+
+Use them for persona, tool instructions, durable user profile details, and memory-management rules instead of overloading `openclaw.json`.
+
+## Tool and sandbox checks worth remembering
+
+- A valid config does not prove the tool is usable at runtime.
+- When enabling browser automation or sandboxed command execution, verify the effective state after editing:
+  - tool policy
+  - sandbox mode and workspace access
+  - browser enablement and profile selection
+- Profile defaults can still block a tool even when a nearby leaf branch looks permissive, so check the effective runtime path, not only the edited key.
 
 ## Example snippets to adapt
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@laitszkin/apollo-toolkit",
-  "version": "2.7.0",
-  "description": "Apollo Toolkit npm installer for managed skill linking across Codex, OpenClaw, and Trae.",
+  "version": "2.8.0",
+  "description": "Apollo Toolkit npm installer for managed skill copying across Codex, OpenClaw, and Trae.",
   "license": "MIT",
   "author": "LaiTszKin",
   "homepage": "https://github.com/LaiTszKin/apollo-toolkit#readme",

package/review-change-set/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Lai Tsz Kin
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/review-codebases/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Yamiyorunoshura
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/scripts/install_skills.ps1

@@ -12,9 +12,9 @@ Usage:
   ./scripts/install_skills.ps1 [codex|openclaw|trae|all]...
 
 Modes:
-  codex     Install links into ~/.codex/skills
-  openclaw  Install links into ~/.openclaw/workspace*/skills
-  trae      Install links into ~/.trae/skills
+  codex     Copy skills into ~/.codex/skills
+  openclaw  Copy skills into ~/.openclaw/workspace*/skills
+  trae      Copy skills into ~/.trae/skills
   all       Install all supported targets
 
 Optional environment overrides:
@@ -33,7 +33,7 @@ function Show-Banner {
   @"
 +------------------------------------------+
 |              Apollo Toolkit              |
-|      npm installer and skill linker      |
+|      npm installer and skill copier      |
 +------------------------------------------+
 "@
 }
@@ -180,7 +180,7 @@ function Remove-PathForce {
   }
 }
 
-function Link-Skill {
+function Copy-Skill {
   param(
     [string]$Source,
     [string]$TargetRoot
@@ -192,15 +192,8 @@ function Link-Skill {
   New-Item -ItemType Directory -Path $TargetRoot -Force | Out-Null
   Remove-PathForce -Target $target
 
-  try {
-    New-Item -Path $target -ItemType SymbolicLink -Target $Source -Force | Out-Null
-    Write-Host "[linked] $target -> $Source"
-  }
-  catch {
-    # Fallback for environments where symlink permission is restricted.
-    New-Item -Path $target -ItemType Junction -Target $Source -Force | Out-Null
-    Write-Host "[linked-junction] $target -> $Source"
-  }
+  Copy-Item -LiteralPath $Source -Destination $target -Recurse -Force
+  Write-Host "[copied] $Source -> $target"
 }
 
 function Install-Codex {
@@ -215,7 +208,7 @@ function Install-Codex {
 
   Write-Host "Installing to codex: $target"
   foreach ($src in $SkillPaths) {
-    Link-Skill -Source $src -TargetRoot $target
+    Copy-Skill -Source $src -TargetRoot $target
   }
 }
 
@@ -242,7 +235,7 @@ function Install-OpenClaw {
     $skillsDir = Join-Path $workspace.FullName "skills"
     Write-Host "Installing to openclaw workspace: $skillsDir"
     foreach ($src in $SkillPaths) {
-      Link-Skill -Source $src -TargetRoot $skillsDir
+      Copy-Skill -Source $src -TargetRoot $skillsDir
     }
   }
 }
@@ -259,7 +252,7 @@ function Install-Trae {
 
   Write-Host "Installing to trae: $target"
   foreach ($src in $SkillPaths) {
-    Link-Skill -Source $src -TargetRoot $target
+    Copy-Skill -Source $src -TargetRoot $target
   }
 }
 

package/scripts/install_skills.sh

@@ -7,9 +7,9 @@ Usage:
   ./scripts/install_skills.sh [codex|openclaw|trae|all]...
 
 Modes:
-  codex     Install symlinks into ~/.codex/skills
-  openclaw  Install symlinks into ~/.openclaw/workspace*/skills
-  trae      Install symlinks into ~/.trae/skills
+  codex     Copy skills into ~/.codex/skills
+  openclaw  Copy skills into ~/.openclaw/workspace*/skills
+  trae      Copy skills into ~/.trae/skills
   all       Install all supported targets
 
 Optional environment overrides:
@@ -29,7 +29,7 @@ show_banner() {
   cat <<'BANNER'
 +------------------------------------------+
 |              Apollo Toolkit              |
-|      npm installer and skill linker      |
+|      npm installer and skill copier      |
 +------------------------------------------+
 BANNER
 }
@@ -74,7 +74,7 @@ collect_skills() {
   fi
 }
 
-replace_with_symlink() {
+replace_with_copy() {
   local src="$1"
   local target_root="$2"
   local name target
@@ -86,8 +86,8 @@ replace_with_symlink() {
   if [[ -e "$target" || -L "$target" ]]; then
     rm -rf "$target"
   fi
-  ln -s "$src" "$target"
-  echo "[linked] $target -> $src"
+  cp -R "$src" "$target"
+  echo "[copied] $src -> $target"
 }
 
 install_codex() {
@@ -96,7 +96,7 @@ install_codex() {
 
   echo "Installing to codex: $codex_skills_dir"
   for src in "${SKILL_PATHS[@]}"; do
-    replace_with_symlink "$src" "$codex_skills_dir"
+    replace_with_copy "$src" "$codex_skills_dir"
   done
 }
 
@@ -120,7 +120,7 @@ install_openclaw() {
     skills_dir="$workspace/skills"
     echo "Installing to openclaw workspace: $skills_dir"
     for src in "${SKILL_PATHS[@]}"; do
-      replace_with_symlink "$src" "$skills_dir"
+      replace_with_copy "$src" "$skills_dir"
     done
   done
 }
@@ -131,7 +131,7 @@ install_trae() {
 
   echo "Installing to trae: $trae_skills_dir"
   for src in "${SKILL_PATHS[@]}"; do
-    replace_with_symlink "$src" "$trae_skills_dir"
+    replace_with_copy "$src" "$trae_skills_dir"
   done
 }
 

package/shadow-api-model-research/SKILL.md

@@ -0,0 +1,114 @@
+---
+name: shadow-api-model-research
+description: Investigate gated or shadow LLM APIs by capturing real client request shapes, separating request-shape gating from auth/entitlement checks, replaying verified traffic patterns, and attributing the likely underlying model with black-box fingerprinting. Use when users ask how Codex/OpenClaw/custom-provider traffic works, want a capture proxy or replay harness, need LLMMAP-style model comparison, or want a research report on which model a restricted endpoint likely wraps.
+---
+
+# Shadow API Model Research
+
+## Dependencies
+
+- Required: `answering-questions-with-research` for primary-source web verification and code-backed explanations.
+- Conditional: `openclaw-configuration` when the capture path uses OpenClaw custom providers or workspace config edits; `deep-research-topics` when the user wants a formal report, especially PDF output.
+- Optional: none.
+- Fallback: If you cannot inspect either the real client code path or authorized live traffic, stop and report the missing evidence instead of guessing from headers or marketing copy.
+
+## Standards
+
+- Evidence: Base conclusions on actual client code, captured traffic, official docs, and controlled replay results; do not infer protocol details from memory alone.
+- Execution: Split the job into request-shape capture, replay validation, and model-attribution analysis; treat each as a separate hypothesis gate.
+- Quality: Distinguish request-shape compatibility, auth or entitlement requirements, system-prompt wrapping, and underlying-model behavior; never collapse them into one claim.
+- Output: Return the tested providers, exact capture or replay setup, prompt set or scoring rubric, observed differences, and an explicit confidence statement plus caveats.
+
+## Goal
+
+Help another agent run lawful, evidence-based shadow-API research without drifting into guesswork about what a gated endpoint checks or which model it wraps.
+
+## Workflow
+
+### 1. Classify the research ask
+
+Decide which of these the user actually needs:
+
+- capture the true request shape from a known client
+- configure OpenClaw or another client to hit a controlled endpoint
+- build a replay harness from observed traffic
+- compare the endpoint against known providers with black-box prompts
+- package findings into a concise report
+
+If the user is mixing all of them, still execute in that order: capture first, replay second, attribution third.
+
+### 2. Verify the real client path before writing any script
+
+- Inspect the local client code and active config first.
+- For OpenClaw, load the relevant official docs or local source through `answering-questions-with-research`, and use `openclaw-configuration` if you need to rewire a custom provider for capture.
+- When Codex or another official client is involved, verify current behavior from primary sources and the local installed code when available.
+- Do not claim that a request shape is "Codex-compatible" or "OpenClaw-compatible" until you have either:
+  - captured it from the client, or
+  - confirmed it from the current implementation and docs.
+
+### 3. Capture the true request shape
+
+- Read `references/request-shape-checklist.md` before touching the network path.
+- Prefer routing the real client to a capture proxy or controlled upstream you own.
+- Record, at minimum:
+  - method
+  - path
+  - query parameters
+  - headers
+  - body schema
+  - streaming or SSE frame shape
+  - retries, timeouts, and backoff behavior
+  - any client-added metadata that changes between providers or models
+- Treat aborted turns or partially applied config edits as tainted state; re-check the active config before trusting a capture.
+
+### 4. Separate request gating from auth or entitlement
+
+- Build explicit hypotheses for what the endpoint may be checking:
+  - plain OpenAI-compatible schema only
+  - static headers or user-agent shape
+  - transport details such as SSE formatting
+  - token claims, workspace identity, or other entitlement state
+- Do not tell the user that replaying the request shape is sufficient unless the replay actually works.
+- If the evidence shows the endpoint still rejects cloned traffic, report that the barrier is likely beyond the visible request shape.
+
+### 5. Build the replay harness only from observed facts
+
+- Read `references/fingerprinting-playbook.md` before implementing the replay phase.
+- Use `.env` or equivalent env-backed config for base URLs, API keys, and provider labels.
+- Mirror only the fields that were actually observed from the client.
+- Keep capture and replay scripts separate unless there is a strong reason to combine them.
+- Preserve the observed stream mode; do not silently downgrade SSE to non-streaming or vice versa.
+
+### 6. Run black-box fingerprinting
+
+- Compare the target endpoint against one or more control providers with known or documented models.
+- Use a prompt matrix that spans:
+  - coding or tool-use style
+  - factual knowledge questions with externally verified answers
+  - refusal and policy behavior
+  - instruction-following edge cases
+  - long-context or truncation behavior when relevant
+- When building factual question sets, verify the answer key from primary sources or fresh web research instead of relying on memory.
+- If the user wants LLMMAP-style comparison, keep the benchmark inputs fixed across providers and score each response on the same rubric.
+
+### 7. Report with confidence and caveats
+
+- Summarize:
+  - what was captured
+  - what replayed successfully
+  - which differences were protocol-level versus model-level
+  - the most likely underlying model family
+  - the confidence level and why
+- If system prompts or provider-side wrappers likely distort the output, say so explicitly and lower confidence accordingly.
+- If the user wants a report artifact, hand off to `deep-research-topics` after the evidence has been collected.
+
+## References
+
+- `references/request-shape-checklist.md` for the capture and replay evidence checklist.
+- `references/fingerprinting-playbook.md` for comparison design, scoring dimensions, and report structure.
+
+## Guardrails
+
+- Keep the work on systems the user is authorized to inspect or test.
+- Do not present speculation about hidden auth checks as established fact.
+- Do not over-index on one response; model attribution needs repeated prompts and multiple signal types.

package/shadow-api-model-research/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "Shadow API Model Research"
+  short_description: "Capture gated client traffic and attribute likely model families"
+  default_prompt: "Use $shadow-api-model-research when the task is to inspect Codex/OpenClaw/custom-provider request shapes, build a capture or replay workflow, compare a restricted endpoint against control providers, or estimate the likely underlying model with black-box fingerprinting."

package/shadow-api-model-research/references/fingerprinting-playbook.md

@@ -0,0 +1,69 @@
+# Fingerprinting Playbook
+
+Use this playbook after you have trustworthy captured traffic or a validated replay harness.
+
+## Comparison design
+
+- Keep prompts, temperature-like settings, and stream mode fixed across providers.
+- Prefer at least one documented control provider with a known model family.
+- Run multiple prompt categories; one category is not enough for attribution.
+
+## Recommended prompt categories
+
+### 1. Factual knowledge
+
+- Use questions with fresh, externally verifiable answers.
+- Build the answer key from current primary sources or credible web verification.
+- Score for correctness, completeness, and unsupported claims.
+
+### 2. Coding style
+
+- Use short implementation tasks and bug-fix prompts.
+- Compare code structure, caution level, and explanation style.
+
+### 3. Instruction following
+
+- Use prompts with explicit formatting or ranking constraints.
+- Compare compliance, stability, and unnecessary extra content.
+
+### 4. Refusal and policy behavior
+
+- Use borderline prompts that should trigger a recognizable refusal or safe alternative.
+- Compare refusal style, redirect wording, and partial compliance behavior.
+
+### 5. Long-context behavior
+
+- Only run this when the target is expected to support larger contexts.
+- Compare truncation, summarization drift, and consistency across later references.
+
+## Scoring dimensions
+
+Score each response on a fixed rubric, for example:
+
+- factual accuracy
+- completeness
+- instruction compliance
+- reasoning clarity
+- code quality
+- refusal consistency
+- verbosity control
+- latency or throughput when that matters
+
+Use the same rubric for every provider and every prompt.
+
+## Confidence discipline
+
+- High confidence needs multiple converging signals across categories.
+- Medium confidence fits cases where the target tracks one family strongly but wrappers may distort style.
+- Low confidence fits cases where the protocol was captured but output signals remain mixed.
+
+## Suggested report structure
+
+1. Research objective
+2. Capture setup
+3. Replay validation status
+4. Prompt matrix and controls
+5. Scoring rubric
+6. Comparative findings
+7. Most likely model family
+8. Caveats, including wrappers and system prompts

package/shadow-api-model-research/references/request-shape-checklist.md

@@ -0,0 +1,44 @@
+# Request Shape Checklist
+
+Use this checklist before claiming you understand how a gated endpoint is called.
+
+## 1. Capture setup
+
+- Confirm which client will generate the traffic.
+- Confirm the exact provider or model config that client is using.
+- Route the client to a capture proxy, reverse proxy, or controlled upstream you can inspect.
+- Freeze other moving parts when possible: same model, same prompt, same stream mode, same tool settings.
+
+## 2. What to record
+
+- HTTP method
+- URL path
+- query string
+- request headers
+- body payload shape
+- stream or SSE response framing
+- request or response ids
+- retries, reconnects, timeout handling, rebroadcast logic
+- any provider-specific or model-specific metadata fields
+
+## 3. Environment and config evidence
+
+- Save the effective client config that produced the capture.
+- Save the exact env vars used for base URL, API key, and provider selection.
+- When OpenClaw is involved, note the relevant `openclaw.json` keys and whether validation passed.
+
+## 4. Replay readiness gate
+
+Do not write the replay script until you can answer all of these:
+
+- Which fields are constant across repeated requests?
+- Which fields change per request?
+- Which fields come from auth or session state?
+- Is the target using streaming?
+- Is the target expecting OpenAI-compatible JSON or a client-specific variant?
+
+## 5. Replay result interpretation
+
+- Success with cloned shape does not prove the model identity.
+- Failure with cloned shape does not prove the headers are wrong; it may indicate entitlement or hidden session checks.
+- If only some requests replay, compare stream mode, auth tokens, and subtle metadata differences before drawing conclusions.

package/systematic-debug/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Lai Tsz Kin
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/text-to-short-video/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 tszkinlai
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/version-release/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2026 Lai Tsz Kin
+Copyright (c) 2026 LaiTszKin
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/video-production/LICENSE

@@ -1,18 +1,21 @@
 MIT License
 
-Copyright (c) 2026 Yamiyorunoshura
+Copyright (c) 2026 LaiTszKin
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
-associated documentation files (the "Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
-following conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in all copies or substantial
-portions of the Software.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
-LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
-EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
-USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.