npm - opencode-skills-antigravity - Versions diffs - 0.0.7 → 0.0.9 - Mend

opencode-skills-antigravity 0.0.7 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/bundled-skills/loki-mode/examples/todo-app-generated/frontend/package.json CHANGED Viewed

@@ -15,12 +15,14 @@
     "@types/react": "^19.2.7",
     "@types/react-dom": "^19.2.3",
     "@vitejs/plugin-react": "^4.7.0",
-    "@vitejs/plugin-react-swc": "^3.11.0",
     "typescript": "^5.9.3",
-    "vite": "^6.4.1"
+    "vite": "^7.1.12"
   },
   "dependencies": {
     "react": "^19.2.3",
     "react-dom": "^19.2.3"
+  },
+  "overrides": {
+    "rollup": "^4.59.0"
   }
 }

package/bundled-skills/notebooklm/scripts/auth_manager.py CHANGED Viewed

@@ -18,6 +18,7 @@ import re
 import sys
 from pathlib import Path
 from typing import Optional, Dict, Any
+from urllib.parse import urlparse
 from patchright.sync_api import sync_playwright, BrowserContext
@@ -28,6 +29,19 @@ from config import BROWSER_STATE_DIR, STATE_FILE, AUTH_INFO_FILE, DATA_DIR
 from browser_utils import BrowserFactory
+def _get_hostname(url: str) -> str:
+    """Extract a normalized hostname from a URL."""
+    try:
+        return (urlparse(url).hostname or "").lower()
+    except ValueError:
+        return ""
+def _is_exact_host(url: str, expected_host: str) -> bool:
+    """Return True when the URL hostname exactly matches the expected host."""
+    return _get_hostname(url) == expected_host
 class AuthManager:
     """
     Manages authentication and browser state for NotebookLM
@@ -114,7 +128,7 @@ class AuthManager:
             page.goto("https://notebooklm.google.com", wait_until="domcontentloaded")
             # Check if already authenticated
-            if "notebooklm.google.com" in page.url and "accounts.google.com" not in page.url:
+            if _is_exact_host(page.url, "notebooklm.google.com"):
                 print("  ✅ Already authenticated!")
                 self._save_browser_state(context)
                 return True
@@ -260,7 +274,7 @@ class AuthManager:
             page.goto("https://notebooklm.google.com", wait_until="domcontentloaded", timeout=30000)
             # Check if we can access NotebookLM
-            if "notebooklm.google.com" in page.url and "accounts.google.com" not in page.url:
+            if _is_exact_host(page.url, "notebooklm.google.com"):
                 print("  ✅ Authentication is valid")
                 return True
             else:
@@ -355,4 +369,4 @@ def main():
 if __name__ == "__main__":
-    main()
+    main()

package/bundled-skills/notebooklm/scripts/browser_session.py CHANGED Viewed

@@ -9,6 +9,7 @@ import time
 import sys
 from typing import Any, Dict, Optional
 from pathlib import Path
+from urllib.parse import urlparse
 from patchright.sync_api import BrowserContext, Page
@@ -18,6 +19,14 @@ sys.path.insert(0, str(Path(__file__).parent))
 from browser_utils import StealthUtils
+def _get_hostname(url: str) -> str:
+    """Extract a normalized hostname from a URL."""
+    try:
+        return (urlparse(url).hostname or "").lower()
+    except ValueError:
+        return ""
 class BrowserSession:
     """
     Represents a single persistent browser session for NotebookLM
@@ -61,7 +70,7 @@ class BrowserSession:
             self.page.goto(self.notebook_url, wait_until="domcontentloaded", timeout=30000)
             # Check if login is needed
-            if "accounts.google.com" in self.page.url:
+            if _get_hostname(self.page.url) == "accounts.google.com":
                 raise RuntimeError("Authentication required. Please run auth_manager.py setup first.")
             # Wait for page to be ready
@@ -252,4 +261,4 @@ class BrowserSession:
 if __name__ == "__main__":
     # Example usage
     print("Browser Session Module - Use ask_question.py for main interface")
-    print("This module provides low-level browser session management.")
+    print("This module provides low-level browser session management.")

package/bundled-skills/radix-ui-design-system/examples/README.md CHANGED Viewed

@@ -59,5 +59,5 @@ These examples use CSS classes. You can:
 ## Learn More
 - [Main SKILL.md](../SKILL.md) - Complete guide
-- [Component Template](../templates/component-template.tsx) - Boilerplate
+- [Component Template](../templates/component-template.tsx.template) - Boilerplate
 - [Radix UI Docs](https://www.radix-ui.com/primitives)

package/bundled-skills/whatsapp-cloud-api/assets/boilerplate/nodejs/src/webhook-handler.ts CHANGED Viewed

@@ -2,6 +2,8 @@ import crypto from 'crypto';
 import { Request, Response, NextFunction } from 'express';
 import { WebhookPayload, IncomingMessage, StatusUpdate } from './types';
+const SAFE_CHALLENGE_RE = /^[A-Za-z0-9._-]{1,200}$/;
 /**
  * Middleware para validar assinatura HMAC-SHA256 dos webhooks do WhatsApp.
  *
@@ -66,12 +68,12 @@ export function handleWebhookVerification(verifyToken: string) {
     const token = req.query['hub.verify_token'] as string;
     const challenge = req.query['hub.challenge'] as string;
-    if (mode === 'subscribe' && token === verifyToken) {
+    if (mode === 'subscribe' && token === verifyToken && SAFE_CHALLENGE_RE.test(challenge)) {
       console.log('Webhook verified successfully');
-      res.status(200).send(challenge);
+      res.type('text/plain').status(200).send(challenge);
     } else {
       console.warn('Webhook verification failed: invalid token');
-      res.sendStatus(403);
+      res.status(mode === 'subscribe' && token === verifyToken ? 400 : 403).send();
     }
   };
 }

package/bundled-skills/whatsapp-cloud-api/assets/boilerplate/python/app.py CHANGED Viewed

@@ -1,6 +1,7 @@
 """WhatsApp Cloud API - Flask Application with Webhook Handler."""
 import asyncio
+import logging
 import os
 from dotenv import load_dotenv
@@ -17,11 +18,17 @@ from webhook_handler import (
 load_dotenv()
 app = Flask(__name__)
+logger = logging.getLogger(__name__)
 # Initialize WhatsApp client
 whatsapp = WhatsAppClient()
+def _is_debug_enabled() -> bool:
+    """Allow debug only when explicitly enabled for local development."""
+    return os.environ.get("FLASK_DEBUG", "").lower() in {"1", "true", "yes", "on"}
 # === Webhook Routes ===
@@ -60,25 +67,24 @@ async def handle_incoming_message(message: dict) -> None:
     from_number = message["from"]
     content = extract_message_content(message)
-    print(f"Message from {from_number}: [{content['type']}] {content.get('text', '')}")
+    logger.info("Received WhatsApp message")
     # Mark as read
     await whatsapp.mark_as_read(message["id"])
-    # TODO: Implement your message handling logic here
-    # Example: Echo back the message
+    # Example responses intentionally avoid reflecting user-provided content.
     match content["type"]:
         case "text":
-            await whatsapp.send_text(from_number, f"Recebi sua mensagem: \"{content['text']}\"")
+            await whatsapp.send_text(from_number, "Recebi sua mensagem. Como posso ajudar?")
         case "button":
-            await whatsapp.send_text(from_number, f"Voce selecionou: {content['text']}")
+            await whatsapp.send_text(from_number, "Recebi sua selecao com sucesso.")
         case "list":
-            await whatsapp.send_text(from_number, f"Voce escolheu: {content['text']}")
+            await whatsapp.send_text(from_number, "Recebi sua escolha com sucesso.")
         case "image" | "document" | "video" | "audio":
-            await whatsapp.send_text(from_number, f"Recebi sua midia ({content['type']}).")
+            await whatsapp.send_text(from_number, "Recebi sua midia com sucesso.")
         case _:
             await whatsapp.send_text(from_number, "Desculpe, nao entendi. Como posso ajudar?")
@@ -89,11 +95,11 @@ async def handle_incoming_message(message: dict) -> None:
 def handle_status_update(status: dict) -> None:
     """Process a message status update."""
-    print(f"Status update: {status['id']} -> {status['status']}")
+    logger.info("WhatsApp status update id=%s status=%s", status["id"], status["status"])
     if status["status"] == "failed":
         errors = status.get("errors", [])
-        print(f"Message delivery failed: {errors}")
+        logger.warning("WhatsApp message delivery failed with %d error(s)", len(errors))
 # === Health Check ===
@@ -109,7 +115,9 @@ def health():
 if __name__ == "__main__":
     port = int(os.environ.get("PORT", 3000))
-    print(f"WhatsApp webhook server running on port {port}")
-    print(f"Webhook URL: http://localhost:{port}/webhook")
-    print(f"Health check: http://localhost:{port}/health")
-    app.run(host="0.0.0.0", port=port, debug=True)
+    logging.basicConfig(level=os.environ.get("LOG_LEVEL", "INFO"))
+    logger.info("WhatsApp webhook server running on port %s", port)
+    logger.info("Webhook URL: http://localhost:%s/webhook", port)
+    logger.info("Health check: http://localhost:%s/health", port)
+    # Keep debug disabled by default so the boilerplate is safe in shared environments.
+    app.run(host="0.0.0.0", port=port, debug=_is_debug_enabled())

package/bundled-skills/whatsapp-cloud-api/assets/boilerplate/python/webhook_handler.py CHANGED Viewed

@@ -3,10 +3,14 @@
 import hashlib
 import hmac
 import os
+import re
 from functools import wraps
 from typing import Any
-from flask import Request, abort, request
+from flask import Response, abort, request
+_SAFE_CHALLENGE_RE = re.compile(r"^[A-Za-z0-9._-]{1,200}$")
 def validate_hmac_signature(app_secret: str | None = None):
@@ -52,11 +56,14 @@ def verify_webhook(verify_token: str | None = None):
     req_token = request.args.get("hub.verify_token")
     challenge = request.args.get("hub.challenge")
-    if mode == "subscribe" and req_token == token:
-        return challenge, 200
-    else:
+    if mode != "subscribe" or req_token != token:
         abort(403, "Verification failed")
+    if not challenge or not _SAFE_CHALLENGE_RE.fullmatch(challenge):
+        abort(400, "Invalid challenge")
+    return Response(challenge, status=200, mimetype="text/plain")
 def parse_webhook_payload(data: dict[str, Any]) -> dict[str, list]:
     """

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "opencode-skills-antigravity",
-  "version": "0.0.7",
+  "version": "0.0.9",
   "description": "OpenCode CLI plugin that automatically downloads and keeps Antigravity Awesome Skills up to date.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/bundled-skills/loki-mode/examples/todo-app-generated/backend/src/db/db.ts DELETED Viewed

@@ -1,35 +0,0 @@
-import sqlite3 from 'sqlite3';
-import path from 'path';
-const dbPath = path.join(__dirname, '../../todos.db');
-const db = new sqlite3.Database(dbPath, (err: Error | null) => {
-  if (err) {
-    console.error('Database connection error:', err);
-  } else {
-    console.log('Connected to SQLite database');
-  }
-});
-// Initialize database schema
-export const initDatabase = (): Promise<void> => {
-  return new Promise((resolve, reject) => {
-    db.run(`
-      CREATE TABLE IF NOT EXISTS todos (
-        id INTEGER PRIMARY KEY AUTOINCREMENT,
-        title TEXT NOT NULL,
-        completed BOOLEAN DEFAULT 0,
-        createdAt TEXT DEFAULT CURRENT_TIMESTAMP
-      )
-    `, (err: Error | null) => {
-      if (err) {
-        reject(err);
-      } else {
-        console.log('Database schema initialized');
-        resolve();
-      }
-    });
-  });
-};
-export default db;

/package/bundled-skills/dotnet-backend-patterns/assets/{repository-template.cs → repository-template.cs.template} RENAMED Viewed

File without changes

/package/bundled-skills/dotnet-backend-patterns/assets/{service-template.cs → service-template.cs.template} RENAMED Viewed

File without changes

/package/bundled-skills/radix-ui-design-system/templates/{component-template.tsx → component-template.tsx.template} RENAMED Viewed

File without changes