teamcopilot 0.0.1

package/dist/workspace_files/.opencode/opencode.json

@@ -0,0 +1,17 @@
+{
+  "$schema": "https://opencode.ai/config.json",
+  "mcp": {
+    "brave-search": {
+      "type": "local",
+      "command": [
+        "npx",
+        "-y",
+        "@brave/brave-search-mcp-server"
+      ],
+      "enabled": false,
+      "environment": {
+        "BRAVE_API_KEY": "YOUR_API_KEY_HERE"
+      }
+    }
+  }
+}

package/dist/workspace_files/.opencode/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "flowpal-opencode-plugins",
+  "version": "1.0.0",
+  "description": "OpenCode plugins for FlowPal workflow management",
+  "type": "module",
+  "dependencies": {
+    "@huggingface/transformers": "^3.0.0",
+    "@opencode-ai/plugin": "1.1.65"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "typescript": "^5.0.0"
+  }
+}

package/dist/workspace_files/.opencode/plugins/createSkill.ts

@@ -0,0 +1,339 @@
+import { type Plugin, tool } from "@opencode-ai/plugin"
+import * as fs from "fs/promises"
+import * as path from "path"
+
+function getApiBaseUrl(): string {
+  const port = process.env.TEAMCOPILOT_PORT?.trim()
+  if (!port) {
+    throw new Error("TEAMCOPILOT_PORT must be set.")
+  }
+  return `http://localhost:${port}`
+}
+
+
+const SLUG_REGEX = /^[a-z0-9]+(?:-[a-z0-9]+)*$/
+
+interface SkillFileContentResponse {
+  path: string
+  kind: "text" | "binary"
+  content?: string
+  etag: string
+}
+
+interface PermissionResponse {
+  approved: boolean
+}
+
+async function readErrorMessageFromResponse(
+  response: Response,
+  fallbackMessage: string
+): Promise<string> {
+  try {
+    const text = await response.text()
+    if (!text) return fallbackMessage
+    try {
+      const parsed: unknown = JSON.parse(text)
+      if (parsed && typeof parsed === "object" && "message" in parsed) {
+        const msg = (parsed as { message?: unknown }).message
+        if (typeof msg === "string" && msg.trim().length > 0) return msg
+      }
+    } catch {
+      // fall back to plain text
+    }
+    return text.trim().length > 0 ? text : fallbackMessage
+  } catch {
+    return fallbackMessage
+  }
+}
+
+function extractMessageId(context: unknown): string | null {
+  if (!context || typeof context !== "object") {
+    return null
+  }
+
+  const candidate = (context as { messageID?: unknown; messageId?: unknown; message_id?: unknown })
+  const raw = candidate.messageID ?? candidate.messageId ?? candidate.message_id
+  if (typeof raw === "string" && raw.trim().length > 0) {
+    return raw
+  }
+  if (typeof raw === "number" && Number.isFinite(raw)) {
+    return String(raw)
+  }
+  return null
+}
+
+function extractCallId(context: unknown): string | null {
+  if (!context || typeof context !== "object") {
+    return null
+  }
+
+  const candidate = (context as { callID?: unknown; callId?: unknown; call_id?: unknown })
+  const raw = candidate.callID ?? candidate.callId ?? candidate.call_id
+  if (typeof raw === "string" && raw.trim().length > 0) {
+    return raw
+  }
+  return null
+}
+
+async function pathExists(p: string): Promise<boolean> {
+  try {
+    await fs.access(p)
+    return true
+  } catch {
+    return false
+  }
+}
+
+function isPathInside(childPath: string, parentPath: string): boolean {
+  const parent = path.resolve(parentPath) + path.sep
+  const child = path.resolve(childPath) + path.sep
+  return child.startsWith(parent)
+}
+
+async function rejectCreationPermission(
+  sessionID: string,
+  permissionId: string
+): Promise<void> {
+  await fetch(`${getApiBaseUrl()}/api/workflows/permission-reject/${permissionId}`, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${sessionID}`,
+    },
+  })
+}
+
+async function requestCreationPermission(
+  sessionID: string,
+  messageID: string,
+  callID: string
+): Promise<void> {
+  const response = await fetch(`${getApiBaseUrl()}/api/workflows/request-permission`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${sessionID}`,
+    },
+    body: JSON.stringify({
+      opencode_session_id: sessionID,
+      message_id: messageID,
+      call_id: callID,
+    }),
+  })
+
+  if (!response.ok) {
+    const message = await readErrorMessageFromResponse(
+      response,
+      `Failed to request permission (HTTP ${response.status})`
+    )
+    throw new Error(message)
+  }
+
+  const data = (await response.json()) as { permission_id: string }
+  const permissionId = data.permission_id
+
+  const maxAttempts = 300
+  for (let attempt = 0; attempt < maxAttempts; attempt++) {
+    await new Promise((resolve) => setTimeout(resolve, 1000))
+
+    const statusResponse = await fetch(
+      `${getApiBaseUrl()}/api/workflows/permission-status/${permissionId}`,
+      {
+        headers: {
+          Authorization: `Bearer ${sessionID}`,
+        },
+      }
+    )
+
+    if (!statusResponse.ok) {
+      continue
+    }
+
+    const statusData = (await statusResponse.json()) as PermissionResponse & {
+      status: string
+    }
+
+    if (statusData.status === "approved") {
+      return
+    }
+    if (statusData.status === "rejected") {
+      throw new Error("User denied permission to create this skill.")
+    }
+  }
+
+  try {
+    await rejectCreationPermission(sessionID, permissionId)
+  } catch {
+    // Best-effort cleanup only; preserve the timeout error below.
+  }
+  throw new Error("Permission request timed out")
+}
+
+function stripLeadingFrontmatter(markdown: string): string {
+  const trimmedStart = markdown.trimStart()
+  if (!trimmedStart.startsWith("---\n")) {
+    return markdown.trim()
+  }
+
+  const frontmatterEnd = trimmedStart.indexOf("\n---\n", 4)
+  if (frontmatterEnd < 0) {
+    return markdown.trim()
+  }
+
+  return trimmedStart.slice(frontmatterEnd + "\n---\n".length).trim()
+}
+
+function buildSkillMarkdown(
+  slug: string,
+  description: string,
+  markdownContent: string
+): string {
+  const body = stripLeadingFrontmatter(markdownContent)
+  return `---\nname: ${JSON.stringify(slug)}\ndescription: ${JSON.stringify(description)}\n---\n\n${body}\n`
+}
+
+export const CreateSkillPlugin: Plugin = async (_ctx) => {
+  return {
+    tool: {
+      createSkill: tool({
+        description:
+          "Create a new custom skill. Creates the skill directory, updates database metadata, and writes SKILL.md with provided description and markdown content.",
+        args: {
+          slug: tool.schema
+            .string()
+            .describe("Skill slug (lowercase letters/numbers with hyphens)"),
+          description: tool.schema
+            .string()
+            .describe("Short description of what this skill does"),
+          content: tool.schema
+            .string()
+            .describe("Markdown content to store in SKILL.md"),
+        },
+        async execute(args, context) {
+          const { directory, sessionID } = context
+          const slug = args.slug.trim()
+          const description = args.description.trim()
+          const content = args.content.trim()
+          const messageId = extractMessageId(context)
+          const callId = extractCallId(context)
+
+          if (!SLUG_REGEX.test(slug)) {
+            throw new Error(
+              `Invalid slug format: "${slug}". Slug must be lowercase alphanumeric with hyphens (e.g., "my-skill-name").`
+            )
+          }
+
+          if (!description) {
+            throw new Error("description is required")
+          }
+
+          if (!content) {
+            throw new Error("content is required")
+          }
+
+          if (!messageId) {
+            throw new Error("Could not determine message id from tool context.")
+          }
+
+          if (!callId) {
+            throw new Error("Could not determine call id from tool context.")
+          }
+
+          const skillsDir = path.join(directory, "custom-skills")
+          const skillDir = path.join(skillsDir, slug)
+
+          if (!isPathInside(skillDir, skillsDir)) {
+            throw new Error("Path traversal detected. Invalid slug.")
+          }
+
+          if (await pathExists(skillDir)) {
+            throw new Error(`Skill "${slug}" already exists at ${skillDir}`)
+          }
+
+          await requestCreationPermission(
+            sessionID,
+            messageId,
+            callId
+          )
+
+          const createResponse = await fetch(`${getApiBaseUrl()}/api/skills`, {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+              Authorization: `Bearer ${sessionID}`,
+            },
+            body: JSON.stringify({
+              name: slug,
+            }),
+          })
+
+          if (!createResponse.ok) {
+            const errorMessage = await readErrorMessageFromResponse(
+              createResponse,
+              `Failed to create skill (HTTP ${createResponse.status})`
+            )
+            throw new Error(errorMessage)
+          }
+
+          const readResponse = await fetch(
+            `${getApiBaseUrl()}/api/skills/${encodeURIComponent(slug)}/files/content?path=${encodeURIComponent("SKILL.md")}`,
+            {
+              headers: {
+                Authorization: `Bearer ${sessionID}`,
+              },
+            }
+          )
+
+          if (!readResponse.ok) {
+            const errorMessage = await readErrorMessageFromResponse(
+              readResponse,
+              `Failed to load SKILL.md for ${slug} (HTTP ${readResponse.status})`
+            )
+            throw new Error(errorMessage)
+          }
+
+          const filePayload = (await readResponse.json()) as SkillFileContentResponse
+          if (filePayload.kind !== "text") {
+            throw new Error(`SKILL.md for ${slug} is not a text file.`)
+          }
+
+          const nextContent = buildSkillMarkdown(slug, description, content)
+
+          const saveResponse = await fetch(`${getApiBaseUrl()}/api/skills/${encodeURIComponent(slug)}/files/content`, {
+            method: "PUT",
+            headers: {
+              "Content-Type": "application/json",
+              Authorization: `Bearer ${sessionID}`,
+            },
+            body: JSON.stringify({
+              path: "SKILL.md",
+              content: nextContent,
+              base_etag: filePayload.etag,
+            }),
+          })
+
+          if (!saveResponse.ok) {
+            const errorMessage = await readErrorMessageFromResponse(
+              saveResponse,
+              `Failed to save SKILL.md for ${slug} (HTTP ${saveResponse.status})`
+            )
+            throw new Error(errorMessage)
+          }
+
+          return JSON.stringify(
+            {
+              skill: {
+                slug,
+                description,
+                file_path: `custom-skills/${slug}/SKILL.md`,
+              },
+            },
+            null,
+            2
+          )
+        },
+      }),
+    },
+  }
+}
+
+export default CreateSkillPlugin

package/dist/workspace_files/.opencode/plugins/createWorkflow.ts

@@ -0,0 +1,345 @@
+import { type Plugin, tool } from "@opencode-ai/plugin"
+import * as fs from "fs/promises"
+import * as path from "path"
+
+function getApiBaseUrl(): string {
+  const port = process.env.TEAMCOPILOT_PORT?.trim()
+  if (!port) {
+    throw new Error("TEAMCOPILOT_PORT must be set.")
+  }
+  return `http://localhost:${port}`
+}
+
+
+// ============================================================================
+// Types
+// ============================================================================
+
+interface WorkflowInput {
+  type: "string" | "number" | "boolean"
+  required?: boolean
+  default?: string | number | boolean
+  description?: string
+}
+
+interface WorkflowManifest {
+  intent_summary: string
+  inputs?: Record<string, WorkflowInput>
+  triggers?: {
+    manual?: boolean
+  }
+  runtime?: {
+    timeout_seconds?: number
+  }
+}
+
+interface PermissionResponse {
+  approved: boolean
+}
+
+// ============================================================================
+// Constants
+// ============================================================================
+
+const SLUG_REGEX = /^[a-z0-9]+(?:-[a-z0-9]+)*$/
+
+// ============================================================================
+// Helper Functions
+// ============================================================================
+
+async function pathExists(p: string): Promise<boolean> {
+  try {
+    await fs.access(p)
+    return true
+  } catch {
+    return false;
+  }
+}
+
+function isPathInside(childPath: string, parentPath: string): boolean {
+  const parent = path.resolve(parentPath) + path.sep
+  const child = path.resolve(childPath) + path.sep
+  return child.startsWith(parent)
+}
+
+async function readErrorMessageFromResponse(
+  response: Response,
+  fallbackMessage: string
+): Promise<string> {
+  try {
+    const text = await response.text()
+    if (!text) return fallbackMessage
+    try {
+      const parsed: unknown = JSON.parse(text)
+      if (parsed && typeof parsed === "object" && "message" in parsed) {
+        const msg = (parsed as { message?: unknown }).message
+        if (typeof msg === "string" && msg.trim().length > 0) return msg
+      }
+    } catch {
+      // Non-JSON body, fall back to plain text below.
+    }
+    return text.trim().length > 0 ? text : fallbackMessage
+  } catch {
+    return fallbackMessage
+  }
+}
+
+function extractMessageId(context: unknown): string | null {
+  if (!context || typeof context !== "object") {
+    return null
+  }
+
+  const candidate = (context as { messageID?: unknown; messageId?: unknown; message_id?: unknown })
+  const raw = candidate.messageID ?? candidate.messageId ?? candidate.message_id
+  if (typeof raw === "string" && raw.trim().length > 0) {
+    return raw
+  }
+  if (typeof raw === "number" && Number.isFinite(raw)) {
+    return String(raw)
+  }
+  return null
+}
+
+function extractCallId(context: unknown): string | null {
+  if (!context || typeof context !== "object") {
+    return null
+  }
+
+  const candidate = (context as { callID?: unknown; callId?: unknown; call_id?: unknown })
+  const raw = candidate.callID ?? candidate.callId ?? candidate.call_id
+  if (typeof raw === "string" && raw.trim().length > 0) {
+    return raw
+  }
+  return null
+}
+
+async function rejectWorkflowPermission(
+  sessionID: string,
+  permissionId: string
+): Promise<void> {
+  await fetch(`${getApiBaseUrl()}/api/workflows/permission-reject/${permissionId}`, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${sessionID}`,
+    },
+  })
+}
+
+async function requestWorkflowPermission(
+  sessionID: string,
+  messageID: string,
+  callID: string
+): Promise<void> {
+  const response = await fetch(`${getApiBaseUrl()}/api/workflows/request-permission`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${sessionID}`,
+    },
+    body: JSON.stringify({
+      opencode_session_id: sessionID,
+      message_id: messageID,
+      call_id: callID,
+    }),
+  })
+
+  if (!response.ok) {
+    const message = await readErrorMessageFromResponse(
+      response,
+      `Failed to request permission (HTTP ${response.status})`
+    )
+    throw new Error(message)
+  }
+
+  const data = (await response.json()) as { permission_id: string }
+  const permissionId = data.permission_id
+
+  const maxAttempts = 300
+  for (let attempt = 0; attempt < maxAttempts; attempt++) {
+    await new Promise((resolve) => setTimeout(resolve, 1000))
+
+    const statusResponse = await fetch(
+      `${getApiBaseUrl()}/api/workflows/permission-status/${permissionId}`,
+      {
+        headers: {
+          Authorization: `Bearer ${sessionID}`,
+        },
+      }
+    )
+
+    if (!statusResponse.ok) {
+      continue
+    }
+
+    const statusData = (await statusResponse.json()) as PermissionResponse & {
+      status: string
+    }
+
+    if (statusData.status === "approved") {
+      return
+    }
+    if (statusData.status === "rejected") {
+      throw new Error("User denied permission to create this workflow.")
+    }
+  }
+
+  try {
+    await rejectWorkflowPermission(sessionID, permissionId)
+  } catch {
+    // Best-effort cleanup only; preserve the timeout error below.
+  }
+  throw new Error("Permission request timed out")
+}
+
+// ============================================================================
+// Plugin
+// ============================================================================
+
+export const CreateWorkflowPlugin: Plugin = async (_ctx) => {
+  return {
+    tool: {
+      createWorkflow: tool({
+        description:
+          "Create a new workflow with the specified slug and configuration. Creates the workflow folder with all required files (workflow.json, run.py, requirements.txt, etc.). The workflow will need admin approval before it can be executed.",
+        args: {
+          slug: tool.schema
+            .string()
+            .describe(
+              "The workflow slug (lowercase letters/numbers with hyphens, e.g., 'failed-stripe-payments')"
+            ),
+          intent_summary: tool.schema
+            .string()
+            .describe(
+              "Human-readable description of what this workflow does"
+            ),
+          inputs: tool.schema
+            .record(
+              tool.schema.string(),
+              tool.schema.object({
+                type: tool.schema.enum(["string", "number", "boolean"]),
+                required: tool.schema.boolean().optional(),
+                default: tool.schema.unknown().optional(),
+                description: tool.schema.string().optional(),
+              })
+            )
+            .optional()
+            .default({})
+            .describe(
+              "Input parameter schema defining the workflow's expected inputs"
+            ),
+          timeout_seconds: tool.schema
+            .number()
+            .optional()
+            .default(300)
+            .describe(
+              "Maximum execution time in seconds (1-86400, default: 300)"
+            ),
+        },
+        async execute(args, context) {
+          const { directory, sessionID } = context
+          const { slug, intent_summary, inputs = {}, timeout_seconds = 300 } = args
+          const messageId = extractMessageId(context)
+          const callId = extractCallId(context)
+
+          if (!messageId) {
+            throw new Error("Could not determine message id from tool context.")
+          }
+
+          if (!callId) {
+            throw new Error("Could not determine call id from tool context.")
+          }
+
+          // Validate slug format
+          if (!SLUG_REGEX.test(slug)) {
+            throw new Error(
+              `Invalid slug format: "${slug}". Slug must be lowercase, alphanumeric with hyphens (e.g., "my-workflow-name").`
+            )
+          }
+
+          // Validate timeout
+          if (timeout_seconds < 1 || timeout_seconds > 86400) {
+            throw new Error(
+              `Invalid timeout: ${timeout_seconds}. Must be between 1 and 86400 seconds.`
+            )
+          }
+
+          // Path traversal protection
+          const workflowsDir = path.join(directory, "workflows")
+          const workflowDir = path.join(workflowsDir, slug)
+
+          if (!isPathInside(workflowDir, workflowsDir)) {
+            throw new Error("Path traversal detected. Invalid slug.")
+          }
+
+          // Check if workflow already exists
+          if (await pathExists(workflowDir)) {
+            throw new Error(`Workflow "${slug}" already exists at ${workflowDir}`)
+          }
+
+          // Request permission after basic validation and existence checks pass.
+          await requestWorkflowPermission(
+            sessionID,
+            messageId,
+            callId
+          )
+
+          // Ensure workflows directory exists
+          await fs.mkdir(workflowsDir, { recursive: true })
+
+          // Create workflow directory
+          await fs.mkdir(workflowDir, { recursive: true })
+
+          // Create workflow.json
+          const workflowJson: WorkflowManifest = {
+            intent_summary,
+            inputs: inputs as Record<string, WorkflowInput>,
+            triggers: { manual: true },
+            runtime: { timeout_seconds },
+          }
+          await fs.writeFile(
+            path.join(workflowDir, "workflow.json"),
+            JSON.stringify(workflowJson, null, 2),
+            "utf-8"
+          )
+
+          // Create empty files
+          await fs.writeFile(path.join(workflowDir, "run.py"), "", "utf-8")
+          await fs.writeFile(path.join(workflowDir, "requirements.txt"), "", "utf-8")
+          await fs.writeFile(path.join(workflowDir, "requirements.lock.txt"), "", "utf-8")
+          await fs.writeFile(path.join(workflowDir, ".env"), "", "utf-8")
+          await fs.writeFile(path.join(workflowDir, ".env.example"), "", "utf-8")
+          await fs.writeFile(path.join(workflowDir, "README.md"), "", "utf-8")
+
+          const creatorResponse = await fetch(
+            `${getApiBaseUrl()}/api/workflows/${encodeURIComponent(slug)}/creator`,
+            {
+              method: "POST",
+              headers: {
+                "Content-Type": "application/json",
+                Authorization: `Bearer ${sessionID}`,
+              },
+            }
+          )
+
+          if (!creatorResponse.ok) {
+            const message = await readErrorMessageFromResponse(
+              creatorResponse,
+              `Failed to set workflow creator (HTTP ${creatorResponse.status})`
+            )
+            throw new Error(
+              `Workflow "${slug}" was created, but saving creator metadata failed: ${message}`
+            )
+          }
+
+          return JSON.stringify({
+            success: true,
+            message: `Workflow "${slug}" created successfully. Remember: this workflow needs admin approval before it can be executed.`,
+            workflow_path: path.relative(directory, workflowDir),
+          })
+        },
+      }),
+    },
+  }
+}
+
+export default CreateWorkflowPlugin