npm - teamcopilot - Versions diffs - 0.0.1 - Mend

teamcopilot 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

package/dist/workspace_files/.opencode/plugins/findSimilarWorkflow.ts ADDED Viewed

@@ -0,0 +1,173 @@
+import { type Plugin, tool } from "@opencode-ai/plugin"
+import { pipeline } from "@huggingface/transformers"
+function getApiBaseUrl(): string {
+  const port = process.env.TEAMCOPILOT_PORT?.trim()
+  if (!port) {
+    throw new Error("TEAMCOPILOT_PORT must be set.")
+  }
+  return `http://localhost:${port}`
+}
+// ============================================================================
+// Types
+// ============================================================================
+interface WorkflowMatch {
+  path: string
+  similarity: number
+  summary: string
+}
+interface WorkflowSummary {
+  slug: string
+  intent_summary: string
+}
+async function readErrorMessageFromResponse(
+  response: Response,
+  fallbackMessage: string
+): Promise<string> {
+  try {
+    const text = await response.text()
+    if (!text) return fallbackMessage
+    try {
+      const parsed: unknown = JSON.parse(text)
+      if (parsed && typeof parsed === "object" && "message" in parsed) {
+        const msg = (parsed as { message?: unknown }).message
+        if (typeof msg === "string" && msg.trim().length > 0) return msg
+      }
+    } catch {
+      // fall back to plain text
+    }
+    return text.trim().length > 0 ? text : fallbackMessage
+  } catch {
+    return fallbackMessage
+  }
+}
+// ============================================================================
+// Embedding Functions
+// ============================================================================
+// Cache the extractor pipeline
+let extractor: Awaited<ReturnType<typeof pipeline>> | null = null
+/**
+ * Get embedding vector for text using sentence-transformers/all-MiniLM-L6-v2
+ */
+async function getEmbedding(text: string): Promise<number[]> {
+  if (extractor === null) {
+    extractor = await pipeline(
+      "feature-extraction",
+      "sentence-transformers/all-MiniLM-L6-v2",
+      { dtype: "fp32" }
+    )
+  }
+  const output = await extractor(text, { pooling: "mean", normalize: true })
+  return Array.from(output.data as Float32Array)
+}
+/**
+ * Calculate cosine similarity between two vectors
+ */
+function cosineSimilarity(vecA: number[], vecB: number[]): number {
+  const dotProduct = vecA.reduce((sum, a, i) => sum + a * vecB[i], 0)
+  const magnitudeA = Math.sqrt(vecA.reduce((sum, a) => sum + a * a, 0))
+  const magnitudeB = Math.sqrt(vecB.reduce((sum, b) => sum + b * b, 0))
+  return dotProduct / (magnitudeA * magnitudeB)
+}
+// ============================================================================
+// Plugin
+// ============================================================================
+export const FindSimilarWorkflowPlugin: Plugin = async (_ctx) => {
+  return {
+    tool: {
+      findSimilarWorkflow: tool({
+        description:
+          "Query for existing workflows before creating new ones or for searching for a workflow to run. Returns up to N candidate workflows with paths and summaries based on semantic similarity to the provided description. Use this to avoid duplicate work and find workflows that can be reused or adapted.",
+        args: {
+          description: tool.schema
+            .string()
+            .describe(
+              "Natural language description of what you're looking for"
+            ),
+          limit: tool.schema
+            .number()
+            .optional()
+            .default(5)
+            .describe("Maximum number of results to return (default: 5)"),
+        },
+        async execute(args, context) {
+          const { sessionID } = context
+          const { description, limit = 5 } = args
+          const workflowsResponse = await fetch(`${getApiBaseUrl()}/api/workflows`, {
+            headers: {
+              Authorization: `Bearer ${sessionID}`,
+            },
+          })
+          if (!workflowsResponse.ok) {
+            const errorMessage = await readErrorMessageFromResponse(
+              workflowsResponse,
+              `Failed to list workflows (HTTP ${workflowsResponse.status})`
+            )
+            throw new Error(errorMessage)
+          }
+          const workflowsPayload = (await workflowsResponse.json()) as {
+            workflows?: WorkflowSummary[]
+          }
+          const candidateWorkflows = workflowsPayload.workflows ?? []
+          if (candidateWorkflows.length === 0) {
+            return JSON.stringify(
+              {
+                matches: [],
+                message:
+                  "No workflows available for this user with access permissions.",
+              },
+              null,
+              2
+            )
+          }
+          // Get embedding for the query description
+          const queryEmbedding = await getEmbedding(description)
+          const matches: WorkflowMatch[] = []
+          for (const workflow of candidateWorkflows) {
+            const summary = workflow.intent_summary
+            // Get embedding for the workflow's intent_summary
+            const workflowEmbedding = await getEmbedding(summary)
+            // Calculate cosine similarity
+            const similarity = cosineSimilarity(queryEmbedding, workflowEmbedding)
+            matches.push({
+              path: `workflows/${workflow.slug}`,
+              similarity: Math.round(similarity * 100) / 100,
+              summary,
+            })
+          }
+          // Sort by similarity descending and take top N
+          matches.sort((a, b) => b.similarity - a.similarity)
+          const topMatches = matches.slice(0, limit)
+          return JSON.stringify({ matches: topMatches }, null, 2)
+        },
+      }),
+    },
+  }
+}
+export default FindSimilarWorkflowPlugin

package/dist/workspace_files/.opencode/plugins/findSkill.ts ADDED Viewed

@@ -0,0 +1,211 @@
+import { type Plugin, tool } from "@opencode-ai/plugin"
+import { pipeline } from "@huggingface/transformers"
+function getApiBaseUrl(): string {
+  const port = process.env.TEAMCOPILOT_PORT?.trim()
+  if (!port) {
+    throw new Error("TEAMCOPILOT_PORT must be set.")
+  }
+  return `http://localhost:${port}`
+}
+interface SkillSummary {
+  slug: string
+  name: string
+  description: string
+  is_approved: boolean
+  can_edit: boolean
+}
+interface SkillFileContentResponse {
+  kind: "text" | "binary"
+  content?: string
+}
+interface SkillMatch {
+  slug: string
+  name: string
+  description: string
+  similarity: number
+}
+async function readErrorMessageFromResponse(
+  response: Response,
+  fallbackMessage: string
+): Promise<string> {
+  try {
+    const text = await response.text()
+    if (!text) return fallbackMessage
+    try {
+      const parsed: unknown = JSON.parse(text)
+      if (parsed && typeof parsed === "object" && "message" in parsed) {
+        const msg = (parsed as { message?: unknown }).message
+        if (typeof msg === "string" && msg.trim().length > 0) return msg
+      }
+    } catch {
+      // fall back to plain text
+    }
+    return text.trim().length > 0 ? text : fallbackMessage
+  } catch {
+    return fallbackMessage
+  }
+}
+function stripLeadingFrontmatter(markdown: string): string {
+  const trimmedStart = markdown.trimStart()
+  if (!trimmedStart.startsWith("---\n")) {
+    return markdown.trim()
+  }
+  const frontmatterEnd = trimmedStart.indexOf("\n---\n", 4)
+  if (frontmatterEnd < 0) {
+    return markdown.trim()
+  }
+  return trimmedStart.slice(frontmatterEnd + "\n---\n".length).trim()
+}
+let extractor: Awaited<ReturnType<typeof pipeline>> | null = null
+async function getEmbedding(text: string): Promise<number[]> {
+  if (extractor === null) {
+    extractor = await pipeline(
+      "feature-extraction",
+      "sentence-transformers/all-MiniLM-L6-v2",
+      { dtype: "fp32" }
+    )
+  }
+  const output = await extractor(text, { pooling: "mean", normalize: true })
+  return Array.from(output.data as Float32Array)
+}
+function cosineSimilarity(vecA: number[], vecB: number[]): number {
+  const dotProduct = vecA.reduce((sum, a, i) => sum + a * vecB[i], 0)
+  const magnitudeA = Math.sqrt(vecA.reduce((sum, a) => sum + a * a, 0))
+  const magnitudeB = Math.sqrt(vecB.reduce((sum, b) => sum + b * b, 0))
+  return dotProduct / (magnitudeA * magnitudeB)
+}
+async function readSkillMarkdown(
+  sessionID: string,
+  slug: string
+): Promise<string> {
+  const response = await fetch(
+    `${getApiBaseUrl()}/api/skills/${encodeURIComponent(slug)}/files/content?path=${encodeURIComponent("SKILL.md")}`,
+    {
+      headers: {
+        Authorization: `Bearer ${sessionID}`,
+      },
+    }
+  )
+  if (!response.ok) {
+    const errorMessage = await readErrorMessageFromResponse(
+      response,
+      `Failed to read SKILL.md for ${slug} (HTTP ${response.status})`
+    )
+    throw new Error(errorMessage)
+  }
+  const payload = (await response.json()) as SkillFileContentResponse
+  if (payload.kind !== "text") {
+    throw new Error(`SKILL.md for ${slug} is not a text file.`)
+  }
+  return payload.content ?? ""
+}
+export const FindSkillPlugin: Plugin = async (_ctx) => {
+  return {
+    tool: {
+      findSkill: tool({
+        description:
+          "Find similar custom skills. Searches only approved skills that the current user can edit, using both skill descriptions and SKILL.md body content.",
+        args: {
+          description: tool.schema
+            .string()
+            .describe("Natural language description of the skill you are looking for"),
+          limit: tool.schema
+            .number()
+            .optional()
+            .default(5)
+            .describe("Maximum number of results to return (default: 5)"),
+        },
+        async execute(args, context) {
+          const { sessionID } = context
+          const description = args.description.trim()
+          const limit = args.limit
+          if (!description) {
+            throw new Error("description is required")
+          }
+          const skillsResponse = await fetch(`${getApiBaseUrl()}/api/skills`, {
+            headers: {
+              Authorization: `Bearer ${sessionID}`,
+            },
+          })
+          if (!skillsResponse.ok) {
+            const errorMessage = await readErrorMessageFromResponse(
+              skillsResponse,
+              `Failed to list skills (HTTP ${skillsResponse.status})`
+            )
+            throw new Error(errorMessage)
+          }
+          const skillsPayload = (await skillsResponse.json()) as {
+            skills?: SkillSummary[]
+          }
+          const candidateSkills = (skillsPayload.skills ?? []).filter(
+            (skill) => skill.is_approved
+          )
+          if (candidateSkills.length === 0) {
+            return JSON.stringify(
+              {
+                matches: [],
+                message:
+                  "No approved skills available for this user with edit access.",
+              },
+              null,
+              2
+            )
+          }
+          const queryEmbedding = await getEmbedding(description)
+          const matches: SkillMatch[] = []
+          for (const skill of candidateSkills) {
+            const markdown = await readSkillMarkdown(sessionID, skill.slug)
+            const searchableText = `${skill.description}\n\n${stripLeadingFrontmatter(markdown)}`
+            const skillEmbedding = await getEmbedding(searchableText)
+            const similarity = cosineSimilarity(queryEmbedding, skillEmbedding)
+            matches.push({
+              slug: skill.slug,
+              name: skill.name,
+              description: skill.description,
+              similarity: Math.round(similarity * 100) / 100,
+            })
+          }
+          matches.sort((a, b) => b.similarity - a.similarity)
+          return JSON.stringify(
+            {
+              matches: matches.slice(0, limit),
+            },
+            null,
+            2
+          )
+        },
+      }),
+    },
+  }
+}
+export default FindSkillPlugin

package/dist/workspace_files/.opencode/plugins/getSkillContent.ts ADDED Viewed

@@ -0,0 +1,135 @@
+import { type Plugin, tool } from "@opencode-ai/plugin"
+function getApiBaseUrl(): string {
+  const port = process.env.TEAMCOPILOT_PORT?.trim()
+  if (!port) {
+    throw new Error("TEAMCOPILOT_PORT must be set.")
+  }
+  return `http://localhost:${port}`
+}
+const SLUG_REGEX = /^[a-z0-9]+(?:-[a-z0-9]+)*$/
+interface SkillFileContentResponse {
+  path: string
+  kind: "text" | "binary"
+  content?: string
+}
+interface SkillDetailsResponse {
+  skill?: {
+    is_approved?: boolean
+  }
+}
+async function readErrorMessageFromResponse(
+  response: Response,
+  fallbackMessage: string
+): Promise<string> {
+  try {
+    const text = await response.text()
+    if (!text) return fallbackMessage
+    try {
+      const parsed: unknown = JSON.parse(text)
+      if (parsed && typeof parsed === "object" && "message" in parsed) {
+        const msg = (parsed as { message?: unknown }).message
+        if (typeof msg === "string" && msg.trim().length > 0) return msg
+      }
+    } catch {
+      // fall back to plain text
+    }
+    return text.trim().length > 0 ? text : fallbackMessage
+  } catch {
+    return fallbackMessage
+  }
+}
+export const GetSkillContentPlugin: Plugin = async (_ctx) => {
+  return {
+    tool: {
+      getSkillContent: tool({
+        description:
+          "Get the contents of a skill by slug. Uses backend auth and permission checks; returns SKILL.md content only if the current user has access.",
+        args: {
+          slug: tool.schema
+            .string()
+            .describe("Skill slug (lowercase letters/numbers with hyphens)"),
+        },
+        async execute(args, context) {
+          const { sessionID } = context
+          const slug = args.slug.trim()
+          if (!SLUG_REGEX.test(slug)) {
+            throw new Error(
+              `Invalid slug format: "${slug}". Slug must be lowercase alphanumeric with hyphens (e.g., "my-skill-name").`
+            )
+          }
+          const skillDetailsResponse = await fetch(
+            `${getApiBaseUrl()}/api/skills/${encodeURIComponent(slug)}`,
+            {
+              headers: {
+                Authorization: `Bearer ${sessionID}`,
+              },
+            }
+          )
+          if (!skillDetailsResponse.ok) {
+            const errorMessage = await readErrorMessageFromResponse(
+              skillDetailsResponse,
+              `Failed to fetch skill metadata for ${slug} (HTTP ${skillDetailsResponse.status})`
+            )
+            throw new Error(errorMessage)
+          }
+          const skillDetailsPayload =
+            (await skillDetailsResponse.json()) as SkillDetailsResponse
+          const isApproved = skillDetailsPayload.skill?.is_approved === true
+          if (!isApproved) {
+            throw new Error(
+              `Skill \"${slug}\" is not approved yet. Only approved skills can be read through getSkillContent.`
+            )
+          }
+          const response = await fetch(
+            `${getApiBaseUrl()}/api/skills/${encodeURIComponent(slug)}/files/content?path=${encodeURIComponent("SKILL.md")}`,
+            {
+              headers: {
+                Authorization: `Bearer ${sessionID}`,
+              },
+            }
+          )
+          if (!response.ok) {
+            const errorMessage = await readErrorMessageFromResponse(
+              response,
+              `Failed to get skill content for ${slug} (HTTP ${response.status})`
+            )
+            throw new Error(errorMessage)
+          }
+          const payload = (await response.json()) as SkillFileContentResponse
+          if (payload.kind !== "text") {
+            throw new Error(`SKILL.md for ${slug} is not a text file.`)
+          }
+          return JSON.stringify(
+            {
+              skill: {
+                slug,
+                path: payload.path,
+                content: payload.content ?? "",
+              },
+            },
+            null,
+            2
+          )
+        },
+      }),
+    },
+  }
+}
+export default GetSkillContentPlugin

package/dist/workspace_files/.opencode/plugins/honeytoken-protection.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import type { Plugin } from "@opencode-ai/plugin"
+import * as fs from "fs/promises"
+import * as path from "path"
+const HONEYTOKEN_UUID = "1f9f0b72-5f9f-4c9b-aef1-2fb2e0f6d8c4"
+const HONEYTOKEN_FILE_NAME = `honeytoken-${HONEYTOKEN_UUID}.txt`
+const HONEYTOKEN_MARKER = `DO_NOT_EXPOSE:${HONEYTOKEN_UUID}`
+let isHoneytokenReady = false
+async function ensureHoneytokenFile(workspaceDirectory: string): Promise<void> {
+    if (isHoneytokenReady) {
+        return
+    }
+    const honeytokenValue = `DO_NOT_EXPOSE:${HONEYTOKEN_UUID}\n`
+    const workflowsDirectory = path.join(workspaceDirectory, "workflows")
+    await fs.mkdir(workflowsDirectory, { recursive: true })
+    const workflowsHoneytokenPath = path.join(workflowsDirectory, HONEYTOKEN_FILE_NAME)
+    await fs.writeFile(workflowsHoneytokenPath, honeytokenValue, "utf-8")
+    const skillsDirectory = path.join(workspaceDirectory, "custom-skills")
+    await fs.mkdir(skillsDirectory, { recursive: true })
+    const honeytokenPath = path.join(skillsDirectory, HONEYTOKEN_FILE_NAME)
+    await fs.writeFile(honeytokenPath, honeytokenValue, "utf-8")
+    isHoneytokenReady = true
+}
+function includesHoneytoken(value: unknown): boolean {
+    if (value === undefined) {
+        return false
+    }
+    const text =
+        typeof value === "string"
+            ? value
+            : JSON.stringify(value)
+    if (!text) {
+        return false
+    }
+    return text.includes(HONEYTOKEN_UUID) || text.includes(HONEYTOKEN_FILE_NAME) || text.includes(HONEYTOKEN_MARKER)
+}
+export const HoneytokenProtection: Plugin = async ({ directory }) => {
+    return {
+        "tool.execute.before": async () => {
+            await ensureHoneytokenFile(directory)
+        },
+        "tool.execute.after": async (input, output) => {
+            if (
+                includesHoneytoken(output.output) ||
+                includesHoneytoken(output.metadata) ||
+                includesHoneytoken(output.title) ||
+                includesHoneytoken(output) ||
+                includesHoneytoken(input.args)
+            ) {
+                throw new Error(`Tool output matched a protected workspace honeytoken and was blocked. To list all skills or workflows, use the listAvailableSkills or listAvailableWorkflows tools.`)
+            }
+        },
+    }
+}
+export default HoneytokenProtection

package/dist/workspace_files/.opencode/plugins/listAvailableSkills.ts ADDED Viewed

@@ -0,0 +1,93 @@
+import { type Plugin, tool } from "@opencode-ai/plugin"
+function getApiBaseUrl(): string {
+  const port = process.env.TEAMCOPILOT_PORT?.trim()
+  if (!port) {
+    throw new Error("TEAMCOPILOT_PORT must be set.")
+  }
+  return `http://localhost:${port}`
+}
+interface SkillSummary {
+  slug: string
+  name: string
+  description: string
+  is_approved: boolean
+  can_edit: boolean
+}
+async function readErrorMessageFromResponse(
+  response: Response,
+  fallbackMessage: string
+): Promise<string> {
+  try {
+    const text = await response.text()
+    if (!text) return fallbackMessage
+    try {
+      const parsed: unknown = JSON.parse(text)
+      if (parsed && typeof parsed === "object" && "message" in parsed) {
+        const msg = (parsed as { message?: unknown }).message
+        if (typeof msg === "string" && msg.trim().length > 0) return msg
+      }
+    } catch {
+      // fall back to plain text
+    }
+    return text.trim().length > 0 ? text : fallbackMessage
+  } catch {
+    return fallbackMessage
+  }
+}
+export const ListAvailableSkillsPlugin: Plugin = async (_ctx) => {
+  return {
+    tool: {
+      listAvailableSkills: tool({
+        description:
+          "List custom skills that are available for this user to use. Returns only approved skills that the current user has permission to run.",
+        args: {},
+        async execute(_args, context) {
+          const { sessionID } = context
+          const response = await fetch(`${getApiBaseUrl()}/api/skills`, {
+            headers: {
+              Authorization: `Bearer ${sessionID}`,
+            },
+          })
+          if (!response.ok) {
+            const errorMessage = await readErrorMessageFromResponse(
+              response,
+              `Failed to list skills (HTTP ${response.status})`
+            )
+            throw new Error(errorMessage)
+          }
+          const payload = (await response.json()) as {
+            skills?: SkillSummary[]
+          }
+          const availableSkills = (payload.skills ?? [])
+            .filter((skill) => skill.is_approved)
+            .map((skill) => ({
+              slug: skill.slug,
+              name: skill.name,
+              description: skill.description,
+            }))
+          return JSON.stringify(
+            {
+              skills: availableSkills,
+              total: availableSkills.length,
+            },
+            null,
+            2
+          )
+        },
+      }),
+    },
+  }
+}
+export default ListAvailableSkillsPlugin