teamcopilot 0.0.3 → 0.1.1

package/dist/utils/resource-files.js

@@ -11,8 +11,22 @@ const redact_1 = require("./redact");
 function createResourceFileManager(options) {
     const { getResourcePath, resourceLabel, editorLabel } = options;
     const rootLabel = `${resourceLabel} root`;
-    const symlinkRootError = `${editorLabel} editor does not support symlinked ${resourceLabel} directories`;
     const symlinkError = `${editorLabel} editor does not support symlinks`;
+    function getResolvedRootPaths(slug) {
+        const configuredRoot = getResourcePath(slug);
+        try {
+            return {
+                configuredRoot,
+                realRoot: fs_1.default.realpathSync(configuredRoot),
+            };
+        }
+        catch {
+            throw {
+                status: 404,
+                message: `${rootLabel} not found`
+            };
+        }
+    }
     function toEtag(buffer) {
         return crypto_1.default.createHash("sha256").update(buffer).digest("hex");
     }
@@ -64,21 +78,8 @@ function createResourceFileManager(options) {
         }
         return absolute;
     }
-    function assertRootNotSymlink(slug) {
-        const resourceRoot = getResourcePath(slug);
-        if (!fs_1.default.existsSync(resourceRoot)) {
-            return;
-        }
-        const rootLstat = fs_1.default.lstatSync(resourceRoot);
-        if (rootLstat.isSymbolicLink()) {
-            throw {
-                status: 400,
-                message: symlinkRootError
-            };
-        }
-    }
     function assertRealPathWithinRoot(slug, absolutePath) {
-        const realRoot = fs_1.default.realpathSync(getResourcePath(slug));
+        const { realRoot } = getResolvedRootPaths(slug);
         const realTarget = fs_1.default.realpathSync(absolutePath);
         if (realTarget !== realRoot && !realTarget.startsWith(`${realRoot}${path_1.default.sep}`)) {
             throw {
@@ -88,9 +89,14 @@ function createResourceFileManager(options) {
         }
     }
     function assertNoSymlinkInAncestors(slug, absolutePath) {
-        const root = path_1.default.resolve(getResourcePath(slug));
+        const { configuredRoot: rawConfiguredRoot, realRoot: rawRealRoot } = getResolvedRootPaths(slug);
+        const configuredRoot = path_1.default.resolve(rawConfiguredRoot);
+        const realRoot = path_1.default.resolve(rawRealRoot);
         let current = path_1.default.resolve(absolutePath);
         while (true) {
+            if (current === configuredRoot || current === realRoot) {
+                return;
+            }
             const lstat = fs_1.default.lstatSync(current);
             if (lstat.isSymbolicLink()) {
                 throw {
@@ -98,9 +104,6 @@ function createResourceFileManager(options) {
                     message: symlinkError
                 };
             }
-            if (current === root) {
-                return;
-            }
             const parent = path_1.default.dirname(current);
             if (parent === current) {
                 throw {
@@ -112,12 +115,10 @@ function createResourceFileManager(options) {
         }
     }
     function assertExistingPathIsSafe(slug, absolutePath) {
-        assertRootNotSymlink(slug);
         assertRealPathWithinRoot(slug, absolutePath);
         assertNoSymlinkInAncestors(slug, absolutePath);
     }
     function assertParentDirectoryIsSafeForCreate(slug, parentAbsolutePath) {
-        assertRootNotSymlink(slug);
         assertRealPathWithinRoot(slug, parentAbsolutePath);
         assertNoSymlinkInAncestors(slug, parentAbsolutePath);
     }

package/dist/utils/skill.js

@@ -15,7 +15,7 @@ const client_1 = __importDefault(require("../prisma/client"));
 const workspace_sync_1 = require("./workspace-sync");
 const permission_common_1 = require("./permission-common");
 function getSkillsRootPath() {
-    return path_1.default.join((0, workspace_sync_1.getWorkspaceDirFromEnv)(), "custom-skills");
+    return path_1.default.join((0, workspace_sync_1.getWorkspaceDirFromEnv)(), ".agents", "skills");
 }
 function getSkillPath(slug) {
     return path_1.default.join(getSkillsRootPath(), slug);
@@ -66,9 +66,19 @@ function listSkillSlugs() {
     const entries = fs_1.default.readdirSync(skillsDir, { withFileTypes: true });
     const slugs = [];
     for (const entry of entries) {
-        if (!entry.isDirectory())
-            continue;
-        const canonicalManifestPath = path_1.default.join(skillsDir, entry.name, "SKILL.md");
+        const skillEntryPath = path_1.default.join(skillsDir, entry.name);
+        if (!entry.isDirectory()) {
+            if (!entry.isSymbolicLink())
+                continue;
+            try {
+                if (!fs_1.default.statSync(skillEntryPath).isDirectory())
+                    continue;
+            }
+            catch {
+                continue;
+            }
+        }
+        const canonicalManifestPath = path_1.default.join(skillEntryPath, "SKILL.md");
         if (fs_1.default.existsSync(canonicalManifestPath)) {
             slugs.push(entry.name);
         }
@@ -76,12 +86,32 @@ function listSkillSlugs() {
     return slugs;
 }
 function extractFrontmatterValue(frontmatter, key) {
-    const pattern = new RegExp(`^${key}\\s*:\\s*(.+)$`, "m");
-    const match = frontmatter.match(pattern);
-    if (!match) {
-        return null;
+    const lines = frontmatter.split("\n");
+    for (let index = 0; index < lines.length; index += 1) {
+        const line = lines[index];
+        const match = line.match(new RegExp(`^${key}\\s*:\\s*(.*)$`));
+        if (!match) {
+            continue;
+        }
+        const rawValue = match[1]?.trim() ?? "";
+        if (rawValue === "|" || rawValue === ">") {
+            const blockLines = [];
+            for (let blockIndex = index + 1; blockIndex < lines.length; blockIndex += 1) {
+                const blockLine = lines[blockIndex] ?? "";
+                if (blockLine.length === 0) {
+                    blockLines.push("");
+                    continue;
+                }
+                if (!/^\s+/.test(blockLine)) {
+                    break;
+                }
+                blockLines.push(blockLine.replace(/^\s+/, ""));
+            }
+            return blockLines.join(rawValue === ">" ? " " : "\n").trim();
+        }
+        return rawValue.replace(/^["']|["']$/g, "");
     }
-    return match[1]?.trim().replace(/^["']|["']$/g, "") ?? null;
+    return null;
 }
 function readSkillManifest(slug) {
     const skillManifestPath = getSkillManifestPath(slug);

package/dist/utils/workspace-sync.js

@@ -49,13 +49,11 @@ function ensureWorkspaceDatabaseDirectory() {
 function normalizeRelativePath(relativePath) {
     return relativePath.split(path_1.default.sep).join("/");
 }
-const MANAGED_WORKSPACE_DIRECTORIES = new Set([
-    "workflows",
-    "custom-skills",
-]);
 function shouldSkipManagedDirectoryContent(relativePath) {
-    const [topLevelSegment] = relativePath.split("/");
-    if (MANAGED_WORKSPACE_DIRECTORIES.has(topLevelSegment)) {
+    if (relativePath === "workflows" || relativePath.startsWith("workflows/")) {
+        return true;
+    }
+    if (relativePath === ".agents/skills" || relativePath.startsWith(".agents/skills/")) {
         return true;
     }
     if (relativePath === ".opencode/xdg-data" || relativePath.startsWith(".opencode/xdg-data/")) {
@@ -217,7 +215,7 @@ async function initializeWorkspaceDirectory() {
     fs_1.default.mkdirSync(workspaceDir, { recursive: true });
     const workflowsDir = path_1.default.join(workspaceDir, "workflows");
     fs_1.default.mkdirSync(workflowsDir, { recursive: true });
-    const skillsDir = path_1.default.join(workspaceDir, "custom-skills");
+    const skillsDir = path_1.default.join(workspaceDir, ".agents", "skills");
     fs_1.default.mkdirSync(skillsDir, { recursive: true });
     const honeytokenValue = `DO_NOT_EXPOSE:${HONEYTOKEN_UUID}\n`;
     fs_1.default.writeFileSync(path_1.default.join(workflowsDir, HONEYTOKEN_FILE_NAME), honeytokenValue, "utf-8");

package/dist/workspace_files/.opencode/opencode.json

@@ -1,5 +1,8 @@
 {
   "$schema": "https://opencode.ai/config.json",
+  "tools": {
+    "skill": false
+  },
   "mcp": {
     "brave-search": {
       "type": "local",
@@ -14,4 +17,4 @@
       }
     }
   }
-}
+}

package/dist/workspace_files/.opencode/package.json

@@ -10,5 +10,6 @@
   "devDependencies": {
     "@types/node": "^20.0.0",
     "typescript": "^5.0.0"
-  }
+  },
+  "scripts": {}
 }

package/dist/workspace_files/.opencode/plugins/createSkill.ts

@@ -24,6 +24,14 @@ interface PermissionResponse {
   approved: boolean
 }
 
+interface SessionLookupResponse {
+  error?: unknown
+  data?: {
+    id?: string
+    parentID?: string
+  }
+}
+
 async function readErrorMessageFromResponse(
   response: Response,
   fallbackMessage: string
@@ -191,7 +199,29 @@ function buildSkillMarkdown(
   return `---\nname: ${JSON.stringify(slug)}\ndescription: ${JSON.stringify(description)}\n---\n\n${body}\n`
 }
 
-export const CreateSkillPlugin: Plugin = async (_ctx) => {
+export const CreateSkillPlugin: Plugin = async ({ client }) => {
+  async function resolveRootSessionID(sessionID: string): Promise<string> {
+    let currentSessionID = sessionID
+
+    while (true) {
+      const response = (await client.session.get({
+        path: {
+          id: currentSessionID,
+        },
+      })) as SessionLookupResponse
+      if (response.error) {
+        throw new Error(`Failed to resolve root session for ${currentSessionID}`)
+      }
+
+      const parentID = response.data?.parentID
+      if (!parentID) {
+        return currentSessionID
+      }
+
+      currentSessionID = parentID
+    }
+  }
+
   return {
     tool: {
       createSkill: tool({
@@ -210,6 +240,7 @@ export const CreateSkillPlugin: Plugin = async (_ctx) => {
         },
         async execute(args, context) {
           const { directory, sessionID } = context
+          const authSessionID = await resolveRootSessionID(sessionID)
           const slug = args.slug.trim()
           const description = args.description.trim()
           const content = args.content.trim()
@@ -238,7 +269,7 @@ export const CreateSkillPlugin: Plugin = async (_ctx) => {
             throw new Error("Could not determine call id from tool context.")
           }
 
-          const skillsDir = path.join(directory, "custom-skills")
+          const skillsDir = path.join(directory, ".agents", "skills")
           const skillDir = path.join(skillsDir, slug)
 
           if (!isPathInside(skillDir, skillsDir)) {
@@ -250,7 +281,7 @@ export const CreateSkillPlugin: Plugin = async (_ctx) => {
           }
 
           await requestCreationPermission(
-            sessionID,
+            authSessionID,
             messageId,
             callId
           )
@@ -259,7 +290,7 @@ export const CreateSkillPlugin: Plugin = async (_ctx) => {
             method: "POST",
             headers: {
               "Content-Type": "application/json",
-              Authorization: `Bearer ${sessionID}`,
+              Authorization: `Bearer ${authSessionID}`,
             },
             body: JSON.stringify({
               name: slug,
@@ -278,7 +309,7 @@ export const CreateSkillPlugin: Plugin = async (_ctx) => {
             `${getApiBaseUrl()}/api/skills/${encodeURIComponent(slug)}/files/content?path=${encodeURIComponent("SKILL.md")}`,
             {
               headers: {
-                Authorization: `Bearer ${sessionID}`,
+                Authorization: `Bearer ${authSessionID}`,
               },
             }
           )
@@ -302,7 +333,7 @@ export const CreateSkillPlugin: Plugin = async (_ctx) => {
             method: "PUT",
             headers: {
               "Content-Type": "application/json",
-              Authorization: `Bearer ${sessionID}`,
+              Authorization: `Bearer ${authSessionID}`,
             },
             body: JSON.stringify({
               path: "SKILL.md",
@@ -324,7 +355,7 @@ export const CreateSkillPlugin: Plugin = async (_ctx) => {
               skill: {
                 slug,
                 description,
-                file_path: `custom-skills/${slug}/SKILL.md`,
+                file_path: `.agents/skills/${slug}/SKILL.md`,
               },
             },
             null,

package/dist/workspace_files/.opencode/plugins/createWorkflow.ts

@@ -37,6 +37,14 @@ interface PermissionResponse {
   approved: boolean
 }
 
+interface SessionLookupResponse {
+  error?: unknown
+  data?: {
+    id?: string
+    parentID?: string
+  }
+}
+
 // ============================================================================
 // Constants
 // ============================================================================
@@ -195,7 +203,29 @@ async function requestWorkflowPermission(
 // Plugin
 // ============================================================================
 
-export const CreateWorkflowPlugin: Plugin = async (_ctx) => {
+export const CreateWorkflowPlugin: Plugin = async ({ client }) => {
+  async function resolveRootSessionID(sessionID: string): Promise<string> {
+    let currentSessionID = sessionID
+
+    while (true) {
+      const response = (await client.session.get({
+        path: {
+          id: currentSessionID,
+        },
+      })) as SessionLookupResponse
+      if (response.error) {
+        throw new Error(`Failed to resolve root session for ${currentSessionID}`)
+      }
+
+      const parentID = response.data?.parentID
+      if (!parentID) {
+        return currentSessionID
+      }
+
+      currentSessionID = parentID
+    }
+  }
+
   return {
     tool: {
       createWorkflow: tool({
@@ -237,6 +267,7 @@ export const CreateWorkflowPlugin: Plugin = async (_ctx) => {
         },
         async execute(args, context) {
           const { directory, sessionID } = context
+          const authSessionID = await resolveRootSessionID(sessionID)
           const { slug, intent_summary, inputs = {}, timeout_seconds = 300 } = args
           const messageId = extractMessageId(context)
           const callId = extractCallId(context)
@@ -278,7 +309,7 @@ export const CreateWorkflowPlugin: Plugin = async (_ctx) => {
 
           // Request permission after basic validation and existence checks pass.
           await requestWorkflowPermission(
-            sessionID,
+            authSessionID,
             messageId,
             callId
           )
@@ -316,7 +347,7 @@ export const CreateWorkflowPlugin: Plugin = async (_ctx) => {
               method: "POST",
               headers: {
                 "Content-Type": "application/json",
-                Authorization: `Bearer ${sessionID}`,
+                Authorization: `Bearer ${authSessionID}`,
               },
             }
           )

package/dist/workspace_files/.opencode/plugins/findSimilarWorkflow.ts

@@ -26,6 +26,14 @@ interface WorkflowSummary {
   intent_summary: string
 }
 
+interface SessionLookupResponse {
+  error?: unknown
+  data?: {
+    id?: string
+    parentID?: string
+  }
+}
+
 async function readErrorMessageFromResponse(
   response: Response,
   fallbackMessage: string
@@ -85,7 +93,29 @@ function cosineSimilarity(vecA: number[], vecB: number[]): number {
 // Plugin
 // ============================================================================
 
-export const FindSimilarWorkflowPlugin: Plugin = async (_ctx) => {
+export const FindSimilarWorkflowPlugin: Plugin = async ({ client }) => {
+  async function resolveRootSessionID(sessionID: string): Promise<string> {
+    let currentSessionID = sessionID
+
+    while (true) {
+      const response = (await client.session.get({
+        path: {
+          id: currentSessionID,
+        },
+      })) as SessionLookupResponse
+      if (response.error) {
+        throw new Error(`Failed to resolve root session for ${currentSessionID}`)
+      }
+
+      const parentID = response.data?.parentID
+      if (!parentID) {
+        return currentSessionID
+      }
+
+      currentSessionID = parentID
+    }
+  }
+
   return {
     tool: {
       findSimilarWorkflow: tool({
@@ -105,11 +135,12 @@ export const FindSimilarWorkflowPlugin: Plugin = async (_ctx) => {
         },
         async execute(args, context) {
           const { sessionID } = context
+          const authSessionID = await resolveRootSessionID(sessionID)
           const { description, limit = 5 } = args
 
           const workflowsResponse = await fetch(`${getApiBaseUrl()}/api/workflows`, {
             headers: {
-              Authorization: `Bearer ${sessionID}`,
+              Authorization: `Bearer ${authSessionID}`,
             },
           })
 

package/dist/workspace_files/.opencode/plugins/findSkill.ts

@@ -31,6 +31,14 @@ interface SkillMatch {
   similarity: number
 }
 
+interface SessionLookupResponse {
+  error?: unknown
+  data?: {
+    id?: string
+    parentID?: string
+  }
+}
+
 async function readErrorMessageFromResponse(
   response: Response,
   fallbackMessage: string
@@ -90,14 +98,14 @@ function cosineSimilarity(vecA: number[], vecB: number[]): number {
 }
 
 async function readSkillMarkdown(
-  sessionID: string,
+  authSessionID: string,
   slug: string
 ): Promise<string> {
   const response = await fetch(
     `${getApiBaseUrl()}/api/skills/${encodeURIComponent(slug)}/files/content?path=${encodeURIComponent("SKILL.md")}`,
     {
       headers: {
-        Authorization: `Bearer ${sessionID}`,
+        Authorization: `Bearer ${authSessionID}`,
       },
     }
   )
@@ -118,7 +126,29 @@ async function readSkillMarkdown(
   return payload.content ?? ""
 }
 
-export const FindSkillPlugin: Plugin = async (_ctx) => {
+export const FindSkillPlugin: Plugin = async ({ client, directory }) => {
+  async function resolveRootSessionID(sessionID: string): Promise<string> {
+    let currentSessionID = sessionID
+
+    while (true) {
+      const response = (await client.session.get({
+        path: {
+          id: currentSessionID,
+        },
+      })) as SessionLookupResponse
+      if (response.error) {
+        throw new Error(`Failed to resolve root session for ${currentSessionID}`)
+      }
+
+      const parentID = response.data?.parentID
+      if (!parentID) {
+        return currentSessionID
+      }
+
+      currentSessionID = parentID
+    }
+  }
+
   return {
     tool: {
       findSkill: tool({
@@ -143,9 +173,10 @@ export const FindSkillPlugin: Plugin = async (_ctx) => {
             throw new Error("description is required")
           }
 
+          const authSessionID = await resolveRootSessionID(sessionID)
           const skillsResponse = await fetch(`${getApiBaseUrl()}/api/skills`, {
             headers: {
-              Authorization: `Bearer ${sessionID}`,
+              Authorization: `Bearer ${authSessionID}`,
             },
           })
 
@@ -180,7 +211,7 @@ export const FindSkillPlugin: Plugin = async (_ctx) => {
           const matches: SkillMatch[] = []
 
           for (const skill of candidateSkills) {
-            const markdown = await readSkillMarkdown(sessionID, skill.slug)
+            const markdown = await readSkillMarkdown(authSessionID, skill.slug)
             const searchableText = `${skill.description}\n\n${stripLeadingFrontmatter(markdown)}`
             const skillEmbedding = await getEmbedding(searchableText)
             const similarity = cosineSimilarity(queryEmbedding, skillEmbedding)

package/dist/workspace_files/.opencode/plugins/getSkillContent.ts

@@ -23,6 +23,14 @@ interface SkillDetailsResponse {
   }
 }
 
+interface SessionLookupResponse {
+  error?: unknown
+  data?: {
+    id?: string
+    parentID?: string
+  }
+}
+
 async function readErrorMessageFromResponse(
   response: Response,
   fallbackMessage: string
@@ -45,7 +53,29 @@ async function readErrorMessageFromResponse(
   }
 }
 
-export const GetSkillContentPlugin: Plugin = async (_ctx) => {
+export const GetSkillContentPlugin: Plugin = async ({ client }) => {
+  async function resolveRootSessionID(sessionID: string): Promise<string> {
+    let currentSessionID = sessionID
+
+    while (true) {
+      const response = (await client.session.get({
+        path: {
+          id: currentSessionID,
+        },
+      })) as SessionLookupResponse
+      if (response.error) {
+        throw new Error(`Failed to resolve root session for ${currentSessionID}`)
+      }
+
+      const parentID = response.data?.parentID
+      if (!parentID) {
+        return currentSessionID
+      }
+
+      currentSessionID = parentID
+    }
+  }
+
   return {
     tool: {
       getSkillContent: tool({
@@ -59,6 +89,7 @@ export const GetSkillContentPlugin: Plugin = async (_ctx) => {
         async execute(args, context) {
           const { sessionID } = context
           const slug = args.slug.trim()
+          const authSessionID = await resolveRootSessionID(sessionID)
 
           if (!SLUG_REGEX.test(slug)) {
             throw new Error(
@@ -70,7 +101,7 @@ export const GetSkillContentPlugin: Plugin = async (_ctx) => {
             `${getApiBaseUrl()}/api/skills/${encodeURIComponent(slug)}`,
             {
               headers: {
-                Authorization: `Bearer ${sessionID}`,
+                Authorization: `Bearer ${authSessionID}`,
               },
             }
           )
@@ -97,7 +128,7 @@ export const GetSkillContentPlugin: Plugin = async (_ctx) => {
             `${getApiBaseUrl()}/api/skills/${encodeURIComponent(slug)}/files/content?path=${encodeURIComponent("SKILL.md")}`,
             {
               headers: {
-                Authorization: `Bearer ${sessionID}`,
+                Authorization: `Bearer ${authSessionID}`,
               },
             }
           )

package/dist/workspace_files/.opencode/plugins/honeytoken-protection.ts

@@ -18,7 +18,7 @@ async function ensureHoneytokenFile(workspaceDirectory: string): Promise<void> {
     const workflowsHoneytokenPath = path.join(workflowsDirectory, HONEYTOKEN_FILE_NAME)
     await fs.writeFile(workflowsHoneytokenPath, honeytokenValue, "utf-8")
 
-    const skillsDirectory = path.join(workspaceDirectory, "custom-skills")
+    const skillsDirectory = path.join(workspaceDirectory, ".agents", "skills")
     await fs.mkdir(skillsDirectory, { recursive: true })
     const honeytokenPath = path.join(skillsDirectory, HONEYTOKEN_FILE_NAME)
     await fs.writeFile(honeytokenPath, honeytokenValue, "utf-8")

package/dist/workspace_files/.opencode/plugins/listAvailableSkills.ts

@@ -18,6 +18,14 @@ interface SkillSummary {
   can_edit: boolean
 }
 
+interface SessionLookupResponse {
+  error?: unknown
+  data?: {
+    id?: string
+    parentID?: string
+  }
+}
+
 async function readErrorMessageFromResponse(
   response: Response,
   fallbackMessage: string
@@ -40,7 +48,29 @@ async function readErrorMessageFromResponse(
   }
 }
 
-export const ListAvailableSkillsPlugin: Plugin = async (_ctx) => {
+export const ListAvailableSkillsPlugin: Plugin = async ({ client }) => {
+  async function resolveRootSessionID(sessionID: string): Promise<string> {
+    let currentSessionID = sessionID
+
+    while (true) {
+      const response = (await client.session.get({
+        path: {
+          id: currentSessionID,
+        },
+      })) as SessionLookupResponse
+      if (response.error) {
+        throw new Error(`Failed to resolve root session for ${currentSessionID}`)
+      }
+
+      const parentID = response.data?.parentID
+      if (!parentID) {
+        return currentSessionID
+      }
+
+      currentSessionID = parentID
+    }
+  }
+
   return {
     tool: {
       listAvailableSkills: tool({
@@ -49,10 +79,11 @@ export const ListAvailableSkillsPlugin: Plugin = async (_ctx) => {
         args: {},
         async execute(_args, context) {
           const { sessionID } = context
+          const authSessionID = await resolveRootSessionID(sessionID)
 
           const response = await fetch(`${getApiBaseUrl()}/api/skills`, {
             headers: {
-              Authorization: `Bearer ${sessionID}`,
+              Authorization: `Bearer ${authSessionID}`,
             },
           })