@xiaotianxt/skills 0.1.0

package/skills/1password/references/item-management.md

@@ -0,0 +1,80 @@
+# 1Password Item Management
+
+Use this reference before creating, editing, copying, exporting, or deleting 1Password items.
+
+## Creation Principles
+
+- Prefer the 1Password app when the user needs to store a new plaintext secret.
+- Do not ask the user to paste a plaintext secret into chat.
+- Do not put sensitive values in command-line assignment statements. The `op item create --help` text warns that command arguments may be logged in shell history or visible to local processes.
+- For CLI creation with secrets, use a short-lived JSON template or stdin, set restrictive permissions, and delete plaintext temporary files immediately.
+- Use `--dry-run` for shape validation when possible.
+- Use clear item titles and field names that match the service's docs.
+
+## Field Types
+
+Use explicit field types:
+
+```text
+Name[text]=value
+Secret[concealed]=value
+URL[url]=https://example.com
+Old Field[delete]
+```
+
+Only conceal actual secrets: passwords, API keys, bearer tokens, refresh tokens, private keys, recovery codes, and cookies.
+
+Use text or URL fields for usernames, account emails, client IDs, hostnames, ports, redirect URLs, docs links, and other identifiers.
+
+## API Credential Items
+
+For simple API keys in this user's setup, prefer an item category of `API Credential` with the secret in a field named `credential`.
+
+Preferred read reference:
+
+```text
+op://Private/<title-or-id>/credential
+```
+
+Useful non-secret fields:
+
+```text
+Account[text]
+Service[text]
+Documentation[url]
+Developer Portal[url]
+Notes
+```
+
+OAuth-style credentials should distinguish non-secret and secret fields:
+
+```text
+Client ID[text]
+Client Secret[concealed]
+Authorization URL[url]
+Token Request URL[url]
+Redirect URL[text]
+Scopes[text]
+```
+
+## Listing And Searching
+
+Do not list vaults or items for convenience. If discovery is necessary, keep it narrow:
+
+```bash
+op item list --vault Private --categories "API Credential" --format json
+```
+
+When summarizing discovery results, report only item titles, IDs, vault names, categories, and timestamps needed for selection. Do not reveal field values.
+
+## Service Accounts And Automation
+
+Service accounts are production-impacting credentials. Before creating or modifying one, state:
+
+- intended name
+- target vault
+- permissions
+- where the token will be stored
+- how it will be rotated or revoked
+
+Do not print service account tokens in final responses. Store them directly in the intended secret manager when possible.

package/skills/1password/references/op-cli.md

@@ -0,0 +1,107 @@
+# 1Password CLI Patterns
+
+Use this reference for local `op` CLI tasks. Prefer official command help for exact flags:
+
+```bash
+op read --help
+op run --help
+op inject --help
+op item --help
+```
+
+## Auth And Accounts
+
+Check the CLI without touching secrets:
+
+```bash
+op --version
+op whoami
+```
+
+If `op whoami` fails, run:
+
+```bash
+op signin
+```
+
+If the user has multiple accounts, avoid guessing. Use the account explicitly once known:
+
+```bash
+op whoami --account <account>
+OP_ACCOUNT=<account> op whoami
+```
+
+## Secret References
+
+Standard reference:
+
+```text
+op://<vault>/<item>/<field>
+op://<vault>/<item>/<section>/<field>
+```
+
+Common local convention for API Credential items:
+
+```text
+op://Private/<title-or-id>/credential
+```
+
+Use item IDs when the item title is unstable or ambiguous.
+
+## Prefer `op run`
+
+Use `op run` when the target command accepts environment variables. It resolves secret references for the child process and masks secrets in stdout/stderr by default.
+
+```bash
+API_KEY='op://Private/Service API/credential' op run -- ./script-that-reads-env
+```
+
+With an env template:
+
+```bash
+# .env.op contains references, not plaintext values.
+API_KEY=op://Private/Service API/credential
+DATABASE_URL=op://Private/App Database/url
+```
+
+```bash
+op run --env-file .env.op -- npm run dev
+```
+
+Do not use `--no-masking` unless the user explicitly asks to display the secret value.
+
+## Use `op inject` For Config Files
+
+Use `op inject` when a config format needs inline substitution.
+
+```yaml
+# config.yml.tpl
+api_key: "{{ op://Private/Service API/credential }}"
+```
+
+```bash
+op inject -i config.yml.tpl -o config.yml
+```
+
+Delete resolved files once they are no longer needed. Keep template files because they contain references, not secret values.
+
+## Direct `op read`
+
+Use direct reads only for commands that cannot use `op run` or templates. Keep the value inside the pipeline or command invocation, and do not show it in final responses.
+
+```bash
+some-cli login --token "$(op read 'op://Private/Service API/credential')"
+```
+
+Avoid command shapes that expose secrets through process arguments when the command supports stdin or environment variables.
+
+## Sensitive Outputs
+
+Treat these as secret-bearing output:
+
+- `op read`
+- `op item get --reveal`
+- `op run --no-masking`
+- resolved files from `op inject`
+- service account creation output
+- one-time passwords, SSH private keys, cookies, and tokens

package/skills/apple-calendar-event/SKILL.md

@@ -0,0 +1,81 @@
+---
+name: apple-calendar-event
+description: Inspect, create, and verify events in macOS Calendar.app with osascript-backed local automation. Use when Codex needs to audit local Apple Calendar sources/defaults, understand Calendar.sqlitedb cache state, or add an event directly to a specific Apple Calendar calendar on the current Mac. Prefer Google Calendar skills for durable calendar writes unless the user explicitly asks for Apple Calendar.
+---
+
+# Apple Calendar Event
+
+Use this skill for local `Calendar.app` inspection and direct Apple Calendar writes.
+
+## Guardrails
+
+- Prefer Google Calendar (`gws-calendar` / `gws-calendar-insert`) for durable user calendar writes unless the user explicitly asks for Apple Calendar.
+- Treat `Calendar.sqlitedb` as a read-only cache for inspection. Never edit it directly.
+- Do not trust Calendar.app's default calendar for automation. It may be `UseLastSelectedAsDefaultCalendar` or point at an unsuitable source.
+- Do not identify a write target by display name alone when names are duplicated. Audit first, then use the exact calendar name only after confirming it is unambiguous enough for the requested write.
+- Expect Apple Calendar to contain mixed stores: Google, iCloud, school CalDAV, subscribed calendars, Reminders, Siri suggestions, birthdays, and local/system stores.
+
+## Workflow
+
+### Audit local Calendar.app state
+
+Use this before cleanup, migration planning, or any Apple write where the target source is unclear:
+
+```bash
+python3 scripts/calendar_audit.py
+python3 scripts/calendar_audit.py --json
+```
+
+The audit reads `~/Library/Group Containers/group.com.apple.calendar/Calendar.sqlitedb` in read-only mode, maps calendars to their stores/accounts, reports duplicate display names, and maps the Calendar.app default calendar UUID when possible.
+
+### Create an Apple Calendar event
+
+1. Confirm the event title, target calendar name, local date, start time, and end time.
+2. If the target account/source is uncertain, run `scripts/calendar_audit.py` first.
+3. If only the calendar name is uncertain, run `scripts/calendar_event.py list-calendars` and pick the exact calendar name from the output.
+4. Put video links in `--location`. Put meeting numbers, interview notes, and buffer details in `--notes`.
+5. If the user asks to reserve buffer time, reflect that in the final blocked time range before writing the event.
+6. Create the event with `scripts/calendar_event.py create-event ...`.
+7. Verify the write with `scripts/calendar_event.py verify-event ...`.
+
+## Commands
+
+List calendars:
+
+```bash
+python3 scripts/calendar_event.py list-calendars
+```
+
+Audit calendar sources and defaults:
+
+```bash
+python3 scripts/calendar_audit.py
+```
+
+Create an event:
+
+```bash
+python3 scripts/calendar_event.py create-event \
+  --calendar "重要事件" \
+  --title "视频面试" \
+  --start "2026-04-15 11:30" \
+  --end "2026-04-15 12:45" \
+  --location "https://vc.feishu.cn/j/268399244" \
+  --notes $'面试时长：1小时，已额外预留缓冲时间至 12:45\n会议号：268399244'
+```
+
+Verify the event:
+
+```bash
+python3 scripts/calendar_event.py verify-event \
+  --calendar "重要事件" \
+  --title "视频面试" \
+  --start "2026-04-15 11:30"
+```
+
+## Notes
+
+- Expect macOS to prompt for `Calendar` and `Automation` access the first time `osascript` runs.
+- Keep times explicit in local time. Do not rely on phrases like “tomorrow morning” without converting them to exact timestamps first.
+- Prefer editing the title only when the title itself is user-visible. Put operational detail, meeting IDs, and links in `location` and `notes`.
+- Verify after every write. If verification fails, inspect the target calendar name again before retrying.

package/skills/apple-calendar-event/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "Apple Calendar Event"
+  short_description: "Audit, create, and verify macOS Calendar.app events."
+  default_prompt: "Use this skill to audit local Calendar.app sources/defaults or create and verify an Apple Calendar event in a specific calendar. Prefer Google Calendar for durable writes unless Apple Calendar is explicitly requested."

package/skills/apple-calendar-event/scripts/calendar_audit.py

@@ -0,0 +1,201 @@
+#!/usr/bin/env python3
+
+import argparse
+import json
+import os
+import plistlib
+import sqlite3
+import subprocess
+import sys
+from collections import Counter
+from pathlib import Path
+from typing import Any
+
+
+DEFAULT_DB = (
+    Path.home()
+    / "Library"
+    / "Group Containers"
+    / "group.com.apple.calendar"
+    / "Calendar.sqlitedb"
+)
+
+STORE_TYPES = {
+    0: "local/default",
+    2: "caldav/account",
+    4: "subscribed",
+    5: "other/system",
+    6: "reminders",
+}
+
+
+def run_command(command: list[str]) -> str | None:
+    result = subprocess.run(command, capture_output=True, text=True)
+    if result.returncode != 0:
+        return None
+    return result.stdout
+
+
+def load_ical_defaults() -> dict[str, Any]:
+    output = run_command(["defaults", "export", "com.apple.iCal", "-"])
+    if not output:
+        return {}
+    try:
+        return plistlib.loads(output.encode())
+    except Exception:
+        return {}
+
+
+def load_writable_names() -> dict[str, list[bool]]:
+    script = [
+        'tell application "Calendar"',
+        "set rows to {}",
+        "repeat with c in calendars",
+        "set end of rows to ((name of c as text) & tab & (writable of c as text))",
+        "end repeat",
+        "set AppleScript's text item delimiters to linefeed",
+        "return rows as text",
+        "end tell",
+    ]
+    command: list[str] = ["osascript"]
+    for line in script:
+        command.extend(["-e", line])
+    output = run_command(command)
+    writable: dict[str, list[bool]] = {}
+    if not output:
+        return writable
+    for line in output.splitlines():
+        if not line.strip():
+            continue
+        try:
+            name, value = line.rsplit("\t", 1)
+        except ValueError:
+            continue
+        writable.setdefault(name, []).append(value.lower() == "true")
+    return writable
+
+
+def query_calendars(db_path: Path) -> list[dict[str, Any]]:
+    if not db_path.exists():
+        raise SystemExit(f"Calendar database not found: {db_path}")
+
+    uri = f"file:{db_path}?mode=ro"
+    query = """
+        select
+            c.ROWID as calendar_rowid,
+            c.UUID as calendar_uuid,
+            c.title as calendar_title,
+            c.external_id as calendar_external_id,
+            c.type as calendar_type,
+            c.self_identity_email,
+            c.owner_identity_email,
+            c.shared_owner_address,
+            c.subcal_url,
+            s.ROWID as store_rowid,
+            s.name as store_name,
+            s.owner_name as store_owner,
+            s.type as store_type,
+            s.external_id as store_external_id,
+            s.persistent_id as store_persistent_id
+        from Calendar c
+        left join Store s on c.store_id = s.ROWID
+        order by s.name, c.display_order, c.title
+    """
+    with sqlite3.connect(uri, uri=True) as conn:
+        conn.row_factory = sqlite3.Row
+        rows = [dict(row) for row in conn.execute(query)]
+    for row in rows:
+        row["store_type_label"] = STORE_TYPES.get(row.get("store_type"), "unknown")
+    return rows
+
+
+def build_report(db_path: Path) -> dict[str, Any]:
+    calendars = query_calendars(db_path)
+    writable_names = load_writable_names()
+    defaults = load_ical_defaults()
+
+    by_uuid = {row["calendar_uuid"]: row for row in calendars if row.get("calendar_uuid")}
+    default_uuid = defaults.get("defaultCalendarID")
+    default_calendar = by_uuid.get(default_uuid) if default_uuid else None
+
+    for row in calendars:
+        values = writable_names.get(row["calendar_title"], [])
+        if not values:
+            row["applescript_writable_by_name"] = None
+        elif len(values) == 1:
+            row["applescript_writable_by_name"] = values[0]
+        else:
+            row["applescript_writable_by_name"] = "ambiguous"
+
+    counts = Counter(row["calendar_title"] for row in calendars)
+    duplicates = sorted(name for name, count in counts.items() if count > 1)
+
+    return {
+        "database": str(db_path),
+        "default_policy": defaults.get("CalDefaultCalendar"),
+        "default_calendar_id": default_uuid,
+        "default_calendar": default_calendar,
+        "duplicate_display_names": duplicates,
+        "calendars": calendars,
+    }
+
+
+def print_text(report: dict[str, Any]) -> None:
+    print(f"Database: {report['database']}")
+    print(f"Default policy: {report.get('default_policy') or '(unknown)'}")
+    default_calendar = report.get("default_calendar")
+    if default_calendar:
+        print(
+            "Default calendar: "
+            f"{default_calendar['calendar_title']} "
+            f"[store={default_calendar.get('store_name') or ''}, "
+            f"uuid={default_calendar.get('calendar_uuid') or ''}]"
+        )
+    elif report.get("default_calendar_id"):
+        print(f"Default calendar UUID: {report['default_calendar_id']} (not found)")
+    else:
+        print("Default calendar: (unknown)")
+
+    duplicates = report.get("duplicate_display_names") or []
+    if duplicates:
+        print("Duplicate display names: " + ", ".join(duplicates))
+    else:
+        print("Duplicate display names: none")
+
+    print()
+    print(
+        "Calendar\tStore\tStore type\tStore owner\tSelf identity\tOwner identity\tWritable by name\tUUID"
+    )
+    for row in report["calendars"]:
+        values = [
+            row.get("calendar_title") or "",
+            row.get("store_name") or "",
+            row.get("store_type_label") or "",
+            row.get("store_owner") or "",
+            row.get("self_identity_email") or "",
+            row.get("owner_identity_email") or "",
+            str(row.get("applescript_writable_by_name")),
+            row.get("calendar_uuid") or "",
+        ]
+        print("\t".join(values))
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(
+        description="Read-only audit of macOS Calendar.app sources and default calendar."
+    )
+    parser.add_argument("--db", default=str(DEFAULT_DB), help="Calendar.sqlitedb path.")
+    parser.add_argument("--json", action="store_true", help="Print machine-readable JSON.")
+    args = parser.parse_args()
+
+    db_path = Path(os.path.expanduser(args.db)).resolve()
+    report = build_report(db_path)
+    if args.json:
+        print(json.dumps(report, indent=2, ensure_ascii=False, default=str))
+    else:
+        print_text(report)
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

package/skills/apple-calendar-event/scripts/calendar_event.py

@@ -0,0 +1,164 @@
+#!/usr/bin/env python3
+
+import argparse
+import datetime as dt
+import subprocess
+import sys
+
+
+MONTH_NAMES = {
+    1: "january",
+    2: "february",
+    3: "march",
+    4: "april",
+    5: "may",
+    6: "june",
+    7: "july",
+    8: "august",
+    9: "september",
+    10: "october",
+    11: "november",
+    12: "december",
+}
+
+
+def parse_local_timestamp(value: str) -> dt.datetime:
+    try:
+        return dt.datetime.strptime(value, "%Y-%m-%d %H:%M")
+    except ValueError as exc:
+        raise SystemExit(f"Invalid timestamp '{value}'. Use 'YYYY-MM-DD HH:MM'.") from exc
+
+
+def run_osascript(lines: list[str], args: list[str] | None = None) -> str:
+    command = ["osascript"]
+    for line in lines:
+        command.extend(["-e", line])
+    if args:
+        command.extend(args)
+
+    result = subprocess.run(command, capture_output=True, text=True)
+    if result.returncode != 0:
+        message = result.stderr.strip() or result.stdout.strip() or "osascript failed"
+        raise SystemExit(message)
+    return result.stdout.strip()
+
+
+def applescript_date(var_name: str, value: dt.datetime) -> list[str]:
+    return [
+        f"set {var_name} to (current date)",
+        f"set year of {var_name} to {value.year}",
+        f"set month of {var_name} to {MONTH_NAMES[value.month]}",
+        f"set day of {var_name} to {value.day}",
+        f"set time of {var_name} to ({value.hour} * hours + {value.minute} * minutes + {value.second})",
+    ]
+
+
+def cmd_list_calendars(_: argparse.Namespace) -> int:
+    output = run_osascript(
+        [
+            'tell application "Calendar"',
+            "set calendarNames to name of every calendar",
+            "set AppleScript's text item delimiters to linefeed",
+            "return calendarNames as text",
+            "end tell",
+        ]
+    )
+    if output:
+        print(output)
+    return 0
+
+
+def cmd_create_event(args: argparse.Namespace) -> int:
+    start = parse_local_timestamp(args.start)
+    end = parse_local_timestamp(args.end)
+    if end <= start:
+        raise SystemExit("--end must be later than --start.")
+
+    output = run_osascript(
+        [
+            "on run argv",
+            "set calendarName to item 1 of argv",
+            "set eventTitle to item 2 of argv",
+            "set eventLocation to item 3 of argv",
+            "set eventNotes to item 4 of argv",
+            *applescript_date("startDate", start),
+            *applescript_date("endDate", end),
+            'tell application "Calendar"',
+            "set matchingCalendars to every calendar whose name is calendarName",
+            'if (count of matchingCalendars) is 0 then error "Calendar not found: " & calendarName',
+            "set targetCalendar to first item of matchingCalendars",
+            "tell targetCalendar",
+            "set newEvent to make new event with properties {summary:eventTitle, start date:startDate, end date:endDate, location:eventLocation, description:eventNotes}",
+            'return (summary of newEvent as text) & " | " & (start date of newEvent as text) & " | " & (end date of newEvent as text)',
+            "end tell",
+            "end tell",
+            "end run",
+        ],
+        [args.calendar, args.title, args.location or "", args.notes or ""],
+    )
+    print(output)
+    return 0
+
+
+def cmd_verify_event(args: argparse.Namespace) -> int:
+    start = parse_local_timestamp(args.start)
+    output = run_osascript(
+        [
+            "on run argv",
+            "set calendarName to item 1 of argv",
+            "set eventTitle to item 2 of argv",
+            *applescript_date("targetStart", start),
+            'tell application "Calendar"',
+            "set matchingCalendars to every calendar whose name is calendarName",
+            'if (count of matchingCalendars) is 0 then error "Calendar not found: " & calendarName',
+            "set targetCalendar to first item of matchingCalendars",
+            "tell targetCalendar",
+            "set matchingEvents to every event whose summary is eventTitle and start date is targetStart",
+            'if (count of matchingEvents) is 0 then error "Event not found"',
+            "set foundEvent to first item of matchingEvents",
+            'return (summary of foundEvent as text) & " | " & (start date of foundEvent as text) & " | " & (end date of foundEvent as text) & " | " & (location of foundEvent as text)',
+            "end tell",
+            "end tell",
+            "end run",
+        ],
+        [args.calendar, args.title],
+    )
+    print(output)
+    return 0
+
+
+def build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        description="List, create, and verify events in macOS Calendar.app."
+    )
+    subparsers = parser.add_subparsers(dest="command", required=True)
+
+    list_parser = subparsers.add_parser("list-calendars", help="Print all calendar names.")
+    list_parser.set_defaults(func=cmd_list_calendars)
+
+    create_parser = subparsers.add_parser("create-event", help="Create a calendar event.")
+    create_parser.add_argument("--calendar", required=True, help="Target calendar name.")
+    create_parser.add_argument("--title", required=True, help="Event title.")
+    create_parser.add_argument("--start", required=True, help="Local start time in 'YYYY-MM-DD HH:MM'.")
+    create_parser.add_argument("--end", required=True, help="Local end time in 'YYYY-MM-DD HH:MM'.")
+    create_parser.add_argument("--location", default="", help="Event location or meeting URL.")
+    create_parser.add_argument("--notes", default="", help="Event notes.")
+    create_parser.set_defaults(func=cmd_create_event)
+
+    verify_parser = subparsers.add_parser("verify-event", help="Verify an event exists.")
+    verify_parser.add_argument("--calendar", required=True, help="Target calendar name.")
+    verify_parser.add_argument("--title", required=True, help="Event title.")
+    verify_parser.add_argument("--start", required=True, help="Local start time in 'YYYY-MM-DD HH:MM'.")
+    verify_parser.set_defaults(func=cmd_verify_event)
+
+    return parser
+
+
+def main() -> int:
+    parser = build_parser()
+    args = parser.parse_args()
+    return args.func(args)
+
+
+if __name__ == "__main__":
+    sys.exit(main())