diff --git a/.gitignore b/.gitignore index cbbc787a..51b99dab 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,6 @@ target/ # Next.js build output .next/ + +# Vendored reference source (not committed) +claude-code-source/ diff --git a/CHANGELOG.md b/CHANGELOG.md index 5999c2ce..57d7f8ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,23 @@ All notable changes to SkillNote will be documented in this file. Format follows [Keep a Changelog](https://keepachangelog.com/). +## [0.4.0] - 2026-04-27 + +### Added +- **SkillNote × OpenClaw foundation** — living skill registry for OpenClaw agents. The OpenClaw resolver subagent runs in the agent harness with full LLM reasoning over the SkillNote catalog and does the relevance ranking itself; SkillNote ships the universe with rich metadata. New endpoints under `/v1/openclaw/`: + - `POST /v1/openclaw/context-bundle` — returns up to `max_skills` skills (sorted by `usage_count_30d` desc then `rating_avg` desc) plus the full collections list and per-skill staleness/rating/recent-comment metadata. The subagent re-ranks via LLM. Optional `collection_filter` narrows the catalog when the agent has a hint. + - `POST /v1/openclaw/usage` — agents log a usage event after acting. Validates known skill IDs; rejects task summaries > 1000 chars (agents must summarize, not dump raw user messages). + - `GET /v1/openclaw/usage` — list events with `?limit`, `?since`, `?skill_id`, `?before` cursor pagination. Used by Settings → OpenClaw card to detect "connected" status. +- **`skill_usage_events` table** — agent_name, task_summary, collection_id, skill_ids (JSONB), resolver_confidence, risk_level, outcome, channel, metadata_json, created_at. Indexed on created_at + collection_id. +- **Comments extension** — `author_type` (human/agent), `comment_type` (agent_observation, agent_issue, agent_patch_suggestion, agent_success_note, agent_deprecation_warning, ...), `rating` (1-5), `linked_usage_id` FK to skill_usage_events. Backwards-compatible — legacy `{author, body}` POSTs still work. +- **OpenClaw plugin bundle** — 2 skills (`skillnote-awareness`, `skillnote-resolver`) plus `config.template.json`, served as a checksummed ZIP from `GET /v1/openclaw-bundle.zip`. Bash installer at `GET /setup/openclaw` writes everything to `~/.openclaw/` after host substitution. +- **Settings → OpenClaw card** — copy-the-curl install, "connected" indicator wired to `GET /v1/openclaw/usage`, link to the integration docs. + +### Tests +- `+11` integration tests for `/v1/openclaw/context-bundle` (usage+rating ranking, tie-breaking, collection filter, staleness rules, N+1 sentinel, recent-comment truncation). +- `+13` integration tests for `/v1/openclaw/usage` (POST validation, JSONB containment filter, cursor pagination). +- `+10` integration tests for comments extension (legacy compat, agent fields, linked_usage_id existence, PATCH ignores extra fields). + ## [0.3.4] - 2026-04-26 ### Fixed diff --git a/README.md b/README.md index ecac5e28..4f10a90b 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ Marketplace · Reviews · Live Sync · + OpenClaw · Web UI · How It Works

@@ -58,22 +59,135 @@ Your skills. Your servers. Your rules. ## Quick Start +Spin up the registry locally: + ```bash git clone https://github.com/luna-prompts/skillnote.git cd skillnote ./install.sh ``` -The install script builds and starts all containers, waits for health checks, and prints the Claude Code plugin command when ready. +The install script builds and starts all containers, waits for health checks, and prints the connect command when ready. + +Then wire up your AI agent: -Then connect Claude Code: +
+Connect Claude Code + +#### Recommended — one-liner ```bash -curl -sf http://localhost:8082/setup | bash +curl -sf http://localhost:8082/setup/agent | bash -s -- --agent claude-code source ~/.zshrc ``` -Now run `claude` in any project. SkillNote picks up your skills automatically. +Same `setup/agent` endpoint works for any harness — pass `--agent claude-code` or `--agent openclaw`. Run `claude` in any project; SkillNote picks up your skills automatically and the collection picker appears on first launch. + +#### Or — paste this prompt to Claude Code + +If you prefer to let Claude Code install itself (works from a fresh install): + +```text +I want you to install SkillNote on my machine and wire it into this Claude Code session. +SkillNote is a skill registry I'm running at http://localhost:8082. + +Do the full install yourself — don't ask me to run commands. + +1. Check if SkillNote is already installed: + - Look for ~/.claude/plugins/skillnote/ + - If it exists, skip to step 3. + +2. If not installed, run the official installer: + - curl -sf http://localhost:8082/setup | bash + +3. Reload the shell so the plugin is picked up: + - source ~/.zshrc (or ~/.bashrc) + +4. Confirm it works: + - Run: claude --version + - List the installed plugin: ls ~/.claude/plugins/skillnote/ + - Tell me what collection picker options you see when running `claude`. + +Don't ask for confirmation between steps. Just run the commands and report results. +``` + +#### What gets installed + +| Path | Role | +| ---- | ---- | +| `~/.claude/plugins/skillnote/` | The plugin code: hooks, slash commands, status line, collection picker | +| `.skillnote.json` (per project) | Pinned active collection — survives across sessions | + +
+ +
+Connect OpenClaw + +OpenClaw is a chat-first runtime. Four install methods, in order of recommendation: + +#### Method 1 — Copy prompt (recommended, zero terminal) + +The dominant install UX in the OpenClaw ecosystem. Skip all CLI work — paste a one-prompt setup into your agent and it installs everything itself. The Connect page in your SkillNote web UI generates a personalized prompt with your URL pre-baked. To get yours: + +```bash +curl -sf http://localhost:8082/setup/agent-prompt?agent=openclaw +``` + +Or open the web UI's Connect page → OpenClaw tab → "Copy prompt" tab and click copy. Paste the result into a fresh OpenClaw session — the agent verifies the backend is reachable, installs via clawhub, configures the URL, runs the first sync, and reports back. + +#### Method 2 — clawhub + +For users who already use OpenClaw's plugin manager: + +```bash +export SKILLNOTE_BASE_URL="http://localhost:8082" +clawhub install skillnote + +# Make the env var persistent: +echo 'export SKILLNOTE_BASE_URL="http://localhost:8082"' >> ~/.zshrc +``` + +clawhub doesn't accept a host argument, so set `SKILLNOTE_BASE_URL` first — the skill reads it on first load via the layered host resolution (env → file → fail loudly). Auto-handles plugin updates via the daily version check baked into `sync.sh`. + +#### Method 3 — curl one-liner + +```bash +curl -sf http://localhost:8082/setup/agent | bash -s -- --agent openclaw +``` + +Same unified installer as Claude Code (just swap the `--agent` flag). Pre-fills config with your URL and kicks off the first sync. Use when `clawhub` isn't available or you want immediate visible "Synced N skills" feedback. + +#### Method 4 — manual + +```bash +# 1. Download bundle and extract into ~/.openclaw/skills/ +mkdir -p ~/.openclaw/skills ~/.openclaw/skillnote +curl -sf http://localhost:8082/v1/openclaw-bundle.zip -o /tmp/skillnote.zip +unzip -qo /tmp/skillnote.zip -d ~/.openclaw/skills/ +rm /tmp/skillnote.zip + +# 2. Write config with your SkillNote URL +echo '{"host":"http://localhost:8082","user_id":"openclaw-main"}' \ + > ~/.openclaw/skillnote/config.json + +# 3. Make sync.sh executable +chmod +x ~/.openclaw/skills/skillnote/sync.sh + +# 4. Restart OpenClaw to pick up the skill +``` + +For air-gapped environments or when you want full control over each step. + +#### What gets installed + +| Path | Role | +| ---- | ---- | +| `~/.openclaw/skills/skillnote/` | The skill itself + `sync.sh` + `log-watcher.py` | +| `~/.openclaw/skills/sn-*/` | Per-skill mirrors synced from your registry every 60s | +| `~/.openclaw/skillnote/config.json` | Your registry URL and agent ID | +| `~/.openclaw/workspace/AGENTS.md` | Persistent `` block — keeps the registry active across sessions | + +
--- @@ -162,6 +276,38 @@ Your team's knowledge compounds. What one person corrects once becomes a skill e --- +## OpenClaw Integration + +SkillNote ships a native integration for [OpenClaw](https://github.com/openclaw/openclaw), the open-source chat-first AI agent runtime. + +Once installed, your OpenClaw agent automatically: + +- Consults your SkillNote registry before each task and applies the relevant skills +- Logs every skill it uses so you can see real activity in the web UI +- Leaves one-line observations and ratings on skills it found helpful or stale + +No prompts, no collection pickers. The agent picks skills on its own — you're only involved when confidence is low or a skill carries risk. + +### Install + +See the **Connect OpenClaw** section in [Quick Start](#quick-start) above for all four install methods (clawhub, curl, manual, agent prompt). + +The single `skillnote` skill includes: + +- **`SKILL.md`** — always-injected instructions teaching OpenClaw when to consult the registry and how to rate skills +- **`sync.sh`** — fetches the catalog every 60s, writes per-skill mirrors to `~/.openclaw/skills/sn-*/` +- **`log-watcher.py`** — background daemon that parses session JSONL to track which skills the agent actually read + +No subagent or LLM resolver step — OpenClaw reads the synced `sn-*/SKILL.md` files directly via its native skill system. + +### What you see + +- **Settings → OpenClaw**: live connection status. Green dot means the agent can reach your registry. +- **Analytics**: usage events appear here as the agent works. +- **Skill pages → Reviews tab**: agent observations (`agent_observation`, `agent_issue`, `agent_success_note`) appear alongside your human reviews. + +--- + ## The Web UI ### Dashboard & Editor @@ -251,9 +397,9 @@ SkillNote is built for Claude Code today. Native plugins for other agents are on | Agent | Status | | --- | --- | | **Claude Code** | Supported | +| **OpenClaw** | Supported | | **Cursor** | Planned | | **Codex CLI** | Planned | -| **OpenClaw** | Planned | | **Antigravity** | Planned | | **OpenHands** | Planned | diff --git a/backend/alembic/versions/0015_openclaw_foundation.py b/backend/alembic/versions/0015_openclaw_foundation.py new file mode 100644 index 00000000..d2f5375c --- /dev/null +++ b/backend/alembic/versions/0015_openclaw_foundation.py @@ -0,0 +1,119 @@ +"""0015 openclaw foundation — pgvector, skill_usage_events, comments extension + +Adds: +- CREATE EXTENSION vector (pgvector) +- skills.embedding vector(1536) + HNSW cosine index +- skill_usage_events table for openclaw usage logging +- comments table extended with author_type, comment_type, rating, linked_usage_id + +Revision ID: 0015_openclaw_foundation +Revises: 0014_subpath_not_null +Create Date: 2026-04-26 +""" + +from alembic import op +import sqlalchemy as sa +from sqlalchemy.dialects.postgresql import UUID, JSONB + +revision = "0015_openclaw_foundation" +down_revision = "0014_subpath_not_null" +branch_labels = None +depends_on = None + + +def upgrade() -> None: + # a. Enable pgvector extension if available. + # + # This historical migration originally CREATEd the extension + the + # `skills.embedding` column unconditionally. Migration 0016 drops both, + # and the project no longer ships pgvector or the openai/voyage SDK. + # On a fresh DB running on the current `postgres:16` image (which + # doesn't bundle pgvector), a hard `CREATE EXTENSION vector` would + # crash 0015's replay. To keep this migration sequence replay-safe on + # fresh installs while preserving the historical record on dev/staging + # databases that already applied it, we now skip the pgvector parts + # when the extension is unavailable. The matching tear-down in 0016 is + # already guarded with `IF EXISTS`, so this remains symmetric. + bind = op.get_bind() + has_pgvector = bind.execute( + sa.text( + "SELECT 1 FROM pg_available_extensions WHERE name = 'vector'" + ) + ).scalar() is not None + + if has_pgvector: + # pgvector import is lazy: backend pyproject no longer ships the + # package by default. Re-add it (`pip install pgvector`) only if + # you intentionally want to replay this migration with the column. + from pgvector.sqlalchemy import Vector + + op.execute("CREATE EXTENSION IF NOT EXISTS vector") + + # b. Add embedding column to skills + op.add_column('skills', sa.Column('embedding', Vector(1536), nullable=True)) + op.execute( + "CREATE INDEX ix_skills_embedding_hnsw " + "ON skills USING hnsw (embedding vector_cosine_ops)" + ) + + # c. Create skill_usage_events table + op.create_table( + 'skill_usage_events', + sa.Column('id', UUID(as_uuid=True), primary_key=True, server_default=sa.text("gen_random_uuid()")), + sa.Column('agent_name', sa.String(255), nullable=False), + sa.Column('task_summary', sa.Text, nullable=False), + sa.Column( + 'collection_id', + sa.Text, + sa.ForeignKey('collections.name', ondelete='SET NULL'), + nullable=True, + ), + sa.Column('skill_ids', JSONB, nullable=False, server_default=sa.text("'[]'::jsonb")), + sa.Column('resolver_confidence', sa.Float, nullable=True), + sa.Column('risk_level', sa.String(32), nullable=True), + sa.Column('outcome', sa.String(32), nullable=True), + sa.Column('channel', sa.String(64), nullable=True), + sa.Column('metadata_json', JSONB, nullable=True), + sa.Column( + 'created_at', + sa.DateTime(timezone=True), + nullable=False, + server_default=sa.func.now(), + ), + ) + op.create_index('ix_skill_usage_events_created_at', 'skill_usage_events', ['created_at']) + op.create_index('ix_skill_usage_events_collection_id', 'skill_usage_events', ['collection_id']) + + # d. Extend comments table + op.add_column('comments', sa.Column('author_type', sa.String(16), nullable=False, server_default='human')) + # Drop server_default after backfill so future inserts must be explicit + op.alter_column('comments', 'author_type', server_default=None) + op.add_column('comments', sa.Column('comment_type', sa.String(64), nullable=True)) + op.add_column('comments', sa.Column('rating', sa.Integer, nullable=True)) + op.add_column('comments', sa.Column('linked_usage_id', UUID(as_uuid=True), nullable=True)) + op.create_foreign_key( + 'fk_comments_linked_usage_id', + 'comments', + 'skill_usage_events', + ['linked_usage_id'], + ['id'], + ondelete='SET NULL', + ) + + +def downgrade() -> None: + # Exact reverse order + op.drop_constraint('fk_comments_linked_usage_id', 'comments', type_='foreignkey') + op.drop_column('comments', 'linked_usage_id') + op.drop_column('comments', 'rating') + op.drop_column('comments', 'comment_type') + op.drop_column('comments', 'author_type') + + op.drop_index('ix_skill_usage_events_collection_id', table_name='skill_usage_events') + op.drop_index('ix_skill_usage_events_created_at', table_name='skill_usage_events') + op.drop_table('skill_usage_events') + + op.execute("DROP INDEX IF EXISTS ix_skills_embedding_hnsw") + op.drop_column('skills', 'embedding') + + op.execute("DROP EXTENSION IF EXISTS vector") diff --git a/backend/alembic/versions/0016_drop_skill_embedding.py b/backend/alembic/versions/0016_drop_skill_embedding.py new file mode 100644 index 00000000..82453f3d --- /dev/null +++ b/backend/alembic/versions/0016_drop_skill_embedding.py @@ -0,0 +1,55 @@ +"""0016 drop skill embedding — reverse the pgvector parts of 0015 + +The OpenClaw resolver subagent runs in the agent harness with full LLM +reasoning over the skill catalog. It does the relevance picking — SkillNote +just ships the universe. We don't need server-side semantic ranking, so: + +- DROP INDEX ix_skills_embedding_hnsw +- DROP COLUMN skills.embedding +- DROP EXTENSION vector + +The other parts 0015 added (skill_usage_events, comments extension) are +KEPT — those still serve usage logging + agent reflections. + +Revision ID: 0016_drop_skill_embedding +Revises: 0015_openclaw_foundation +Create Date: 2026-04-26 +""" + +from alembic import op +import sqlalchemy as sa + + +revision = "0016_drop_skill_embedding" +down_revision = "0015_openclaw_foundation" +branch_labels = None +depends_on = None + + +def upgrade() -> None: + op.execute("DROP INDEX IF EXISTS ix_skills_embedding_hnsw") + # 0015 was made replay-safe — it skips the embedding column on + # postgres images that don't ship pgvector. So the column may or may + # not exist here. Use raw SQL with IF EXISTS instead of + # `op.drop_column`, which doesn't accept that flag. + op.execute("ALTER TABLE skills DROP COLUMN IF EXISTS embedding") + # No other code uses pgvector now — drop the extension too so a fresh + # postgres:16 image (which doesn't bundle pgvector) can host the schema. + op.execute("DROP EXTENSION IF EXISTS vector") + + +def downgrade() -> None: + # Mirror what 0015 did for embedding. Requires pgvector to be available + # in the postgres image (e.g. pgvector/pgvector:pg16); a vanilla + # postgres:16 will fail at CREATE EXTENSION. + from pgvector.sqlalchemy import Vector + + op.execute("CREATE EXTENSION IF NOT EXISTS vector") + op.add_column( + "skills", + sa.Column("embedding", Vector(1536), nullable=True), + ) + op.execute( + "CREATE INDEX ix_skills_embedding_hnsw " + "ON skills USING hnsw (embedding vector_cosine_ops)" + ) diff --git a/backend/app/api/analytics.py b/backend/app/api/analytics.py index 67ab4fb8..30d5dda1 100644 --- a/backend/app/api/analytics.py +++ b/backend/app/api/analytics.py @@ -42,7 +42,7 @@ def _build_params(days: int, agent: str | None, collection: str | None) -> dict[ @router.get("/summary") def get_summary( - days: int = Query(default=7, ge=0), + days: int = Query(default=7, ge=1), agent: str | None = Query(default=None), collection: str | None = Query(default=None), db: Session = Depends(get_db), @@ -104,7 +104,7 @@ def get_summary( @router.get("/skill-calls") def get_skill_calls( - days: int = Query(default=7, ge=0), + days: int = Query(default=7, ge=1), agent: str | None = Query(default=None), collection: str | None = Query(default=None), db: Session = Depends(get_db), @@ -142,7 +142,7 @@ def get_skill_calls( @router.get("/agents") def get_agents( - days: int = Query(default=7, ge=0), + days: int = Query(default=7, ge=1), agent: str | None = Query(default=None), collection: str | None = Query(default=None), db: Session = Depends(get_db), @@ -302,7 +302,7 @@ def get_ratings( return [ { "slug": row["slug"], - "avg_rating": float(row["avg_rating"]), + "avg_rating": float(row["avg_rating"]) if row["avg_rating"] is not None else None, "rating_count": row["rating_count"], } for row in rows @@ -323,7 +323,11 @@ def get_rating_detail( WHERE skill_slug = :slug """), {"slug": skill_slug}, - ).mappings().one() + ).mappings().one_or_none() + + if overall is None or overall["rating_count"] == 0: + from app.core.errors import api_error + raise api_error(404, "SKILL_NOT_RATED", f"No ratings found for skill '{skill_slug}'") versions = db.execute( text(""" @@ -345,7 +349,7 @@ def get_rating_detail( "versions": [ { "version": v["version"], - "avg_rating": float(v["avg_rating"]), + "avg_rating": float(v["avg_rating"]) if v["avg_rating"] is not None else None, "rating_count": v["rating_count"], } for v in versions @@ -355,14 +359,14 @@ def get_rating_detail( @router.get("/top-skills") def get_top_skills( - days: int = Query(default=30, ge=0), + days: int = Query(default=30, ge=1), limit: int = Query(default=10, ge=1, le=50), db: Session = Depends(get_db), ): """Top skills ranked by a composite score: calls + rating quality. - Returns call count, avg rating, rating count, and completion rate - (how often agents rate after using a skill). + Returns call count, avg rating, rating count, and success rate + (% of agent-logged events where outcome = completed). """ date_clause = _date_filter_clause(days) @@ -377,6 +381,17 @@ def get_top_skills( {date_clause} GROUP BY skill_slug ), + outcomes AS ( + SELECT sk.slug, + COUNT(*) AS total, + COUNT(*) FILTER (WHERE sue.outcome = 'completed') AS completed_count + FROM skill_usage_events sue + CROSS JOIN LATERAL jsonb_array_elements_text(sue.skill_ids) AS sid + JOIN skills sk ON sk.id::text = sid + WHERE 1=1 + {_date_filter_clause(days, alias="sue.created_at")} + GROUP BY sk.slug + ), ratings AS ( SELECT skill_slug AS slug, ROUND(AVG(rating)::numeric, 1) AS avg_rating, @@ -391,11 +406,12 @@ def get_top_skills( c.last_called_at, COALESCE(r.avg_rating, 0) AS avg_rating, COALESCE(r.rating_count, 0) AS rating_count, - CASE WHEN c.call_count > 0 - THEN ROUND(COALESCE(r.rating_count, 0)::numeric / c.call_count * 100, 1) - ELSE 0 END AS completion_rate + CASE WHEN COALESCE(o.total, 0) > 0 + THEN ROUND(o.completed_count::numeric / o.total * 100, 1) + ELSE NULL END AS success_rate FROM calls c LEFT JOIN ratings r ON c.slug = r.slug + LEFT JOIN outcomes o ON c.slug = o.slug ORDER BY c.call_count DESC, COALESCE(r.avg_rating, 0) DESC LIMIT :limit """), @@ -409,7 +425,7 @@ def get_top_skills( "last_called_at": row["last_called_at"].isoformat() if row["last_called_at"] else None, "avg_rating": float(row["avg_rating"]) if row["avg_rating"] else None, "rating_count": row["rating_count"], - "completion_rate": float(row["completion_rate"]), + "success_rate": float(row["success_rate"]) if row["success_rate"] is not None else None, } for row in rows ] @@ -417,7 +433,7 @@ def get_top_skills( @router.get("/rating-summary") def get_rating_summary( - days: int = Query(default=30, ge=0), + days: int = Query(default=30, ge=1), db: Session = Depends(get_db), ): """Overall rating stats across all skills.""" @@ -496,7 +512,7 @@ def get_skill_reviews( @router.get("/collections") def get_collections( - days: int = Query(default=7, ge=0), + days: int = Query(default=7, ge=1), agent: str | None = Query(default=None), collection: str | None = Query(default=None), db: Session = Depends(get_db), diff --git a/backend/app/api/comments.py b/backend/app/api/comments.py index 469d4b25..c61ea94c 100644 --- a/backend/app/api/comments.py +++ b/backend/app/api/comments.py @@ -5,8 +5,9 @@ from sqlalchemy.orm import Session from app.core.errors import api_error -from app.db.models import Skill +from app.db.models import Skill, SkillUsageEvent from app.db.models.comment import Comment +from app.db.models.skill_rating import SkillRating from app.db.session import get_db from app.schemas.comment import CommentCreate, CommentOut, CommentUpdate @@ -36,13 +37,68 @@ def create_comment( db: Session = Depends(get_db), ): skill = _get_skill(skill_slug, db) + + # Defense-in-depth: schema's _agent_requires_comment_type validator already + # enforces this at parse time, but we re-check at the handler boundary so + # the contract is guarded even if the schema is later relaxed. + if payload.author_type == "agent" and not payload.comment_type: + raise api_error( + 422, + "AGENT_COMMENT_REQUIRES_TYPE", + "agent comments require comment_type", + ) + + if payload.linked_usage_id is not None: + usage_event = ( + db.query(SkillUsageEvent) + .filter(SkillUsageEvent.id == payload.linked_usage_id) + .first() + ) + if not usage_event: + raise api_error( + 404, + "LINKED_USAGE_NOT_FOUND", + f"Usage event {payload.linked_usage_id} not found", + ) + # For agent comments on events that recorded specific skills, enforce + # that the commented skill was actually in the event — prevents agents + # from accidentally corrupting skill ratings by cross-linking events. + if ( + payload.author_type == "agent" + and usage_event.skill_ids # non-empty list + and str(skill.id) not in usage_event.skill_ids + ): + raise api_error( + 422, + "SKILL_NOT_IN_USAGE_EVENT", + f"Skill {skill.id} is not referenced by usage event {payload.linked_usage_id}", + ) + comment = Comment( id=uuid_lib.uuid4(), skill_id=skill.id, author=payload.author, body=payload.body, + author_type=payload.author_type, + comment_type=payload.comment_type, + rating=payload.rating, + linked_usage_id=payload.linked_usage_id, ) db.add(comment) + + # Fan-out: agent comments with a rating also write to skill_ratings so + # the analytics completion_rate (which reads skill_ratings) reflects + # OpenClaw feedback alongside Claude Code plugin ratings. + if payload.author_type == "agent" and payload.rating is not None: + db.add(SkillRating( + id=uuid_lib.uuid4(), + skill_slug=skill.slug, + skill_version=skill.current_version or 1, + rating=payload.rating, + outcome=None, + agent_name=payload.author, + )) + db.commit() db.refresh(comment) return comment diff --git a/backend/app/api/openclaw.py b/backend/app/api/openclaw.py new file mode 100644 index 00000000..cc297e20 --- /dev/null +++ b/backend/app/api/openclaw.py @@ -0,0 +1,441 @@ +"""OpenClaw integration endpoints. + +Provides the /v1/openclaw/context-bundle endpoint that ships the SkillNote +catalog (capped at max_skills, sorted by usage_count_30d desc then +rating_avg desc) with rich per-skill metadata (usage counts, ratings, +latest comment, deprecation flag) pre-aggregated in a constant number of +queries regardless of result-set size. The OpenClaw resolver subagent +running in the agent harness does the actual relevance picking via LLM +reasoning over this bundle — SkillNote is intentionally NOT the ranker. + +Also provides POST/GET /v1/openclaw/usage for agents to log applied skills +plus task outcomes (the data that powers the context-bundle aggregations). +""" +import uuid as uuid_lib +from datetime import datetime, timedelta, timezone +from pathlib import Path + +from fastapi import APIRouter, Depends, Query +from sqlalchemy import and_, cast, desc, func, or_, select +from sqlalchemy.dialects.postgresql import JSONB +from sqlalchemy.orm import Session + +from app.core.errors import api_error +from app.db.models import AnalyticsEvent, Collection, Comment, Skill, SkillUsageEvent +from app.db.session import get_db +from app.schemas.openclaw import ( + ContextBundleCollection, + ContextBundleRequest, + ContextBundleResponse, + ContextBundleSkill, + UsageEventCreate, + UsageEventOut, +) + +# Keep `uuid` as an alias so the existing context-bundle handler continues to +# reference the module by its original name. +uuid = uuid_lib + +router = APIRouter(prefix="/v1/openclaw", tags=["openclaw"]) + +# Separate router for /v1/openclaw-skill (no /v1/openclaw prefix). +skill_router = APIRouter(prefix="/v1", tags=["openclaw"]) + +# Resolve the canonical SKILL.md location. +# In Docker the plugin-openclaw repo is bind-mounted at /openclaw; locally fall back to the repo path. +_OPENCLAW_DIR = ( + Path("/openclaw") + if Path("/openclaw").is_dir() + else Path(__file__).resolve().parent.parent.parent.parent / "plugin-openclaw" +) +_SKILL_DIR = _OPENCLAW_DIR / "skillnote" + + +@skill_router.get("/openclaw-skill") +def get_openclaw_skill(): + """Return the canonical skillnote SKILL.md + version for the weekly self-update check.""" + version_file = _SKILL_DIR / "VERSION" + skill_file = _SKILL_DIR / "SKILL.md" + if not version_file.exists(): + raise api_error(503, "SKILL_VERSION_NOT_FOUND", f"VERSION file missing at {version_file}") + if not skill_file.exists(): + raise api_error(503, "SKILL_FILE_NOT_FOUND", f"SKILL.md missing at {skill_file}") + return { + "version": version_file.read_text().strip(), + "skill": skill_file.read_text(), + } + + +@skill_router.get("/me/activity") +def get_agent_activity( + period: str = Query(default="7d", pattern=r"^\d+d$"), + db: Session = Depends(get_db), +): + """Agent activity digest — invocation count, top skills, recent agent comments. + + The skillnote SKILL.md instructs agents to call this endpoint when users + ask 'what have you been doing?' or 'what skills did you use?'. + + `period` is a duration string like '7d' or '30d'. Defaults to '7d'. + """ + days = int(period[:-1]) + since = datetime.now(timezone.utc) - timedelta(days=days) + + # Total invocations in the window. + total: int = db.execute( + select(func.count()).where(SkillUsageEvent.created_at >= since) + ).scalar_one() + + # Top 5 skills by usage count, joined to get names. + unnest_subq = ( + select( + func.jsonb_array_elements_text(SkillUsageEvent.skill_ids).label("sid"), + ) + .where(SkillUsageEvent.created_at >= since) + .subquery() + ) + usage_rows = db.execute( + select(unnest_subq.c.sid, func.count().label("cnt")) + .group_by(unnest_subq.c.sid) + .order_by(desc("cnt")) + .limit(5) + ).all() + + top_skill_ids = [row.sid for row in usage_rows] + skill_names: dict[str, str] = {} + if top_skill_ids: + name_rows = db.execute( + select(Skill.id, Skill.slug, Skill.name).where( + Skill.id.in_([uuid_lib.UUID(s) for s in top_skill_ids]) + ) + ).all() + skill_names = {str(r.id): {"slug": r.slug, "name": r.name} for r in name_rows} + + top_skills = [ + { + "slug": skill_names.get(row.sid, {}).get("slug", row.sid), + "name": skill_names.get(row.sid, {}).get("name", row.sid), + "count": row.cnt, + } + for row in usage_rows + if row.sid in skill_names + ] + + # Recent agent comments (last 10). + comment_rows = db.execute( + select(Comment.body, Comment.created_at, Skill.name.label("skill_name")) + .join(Skill, Skill.id == Comment.skill_id) + .where(Comment.author_type == "agent") + .where(Comment.created_at >= since) + .order_by(desc(Comment.created_at)) + .limit(10) + ).all() + + agent_comments = [ + { + "skill_name": r.skill_name, + "body": r.body, + "created_at": r.created_at.isoformat(), + } + for r in comment_rows + ] + + return { + "invocations": total, + "top_skills": top_skills, + "agent_comments": agent_comments, + "window_start": since.isoformat(), + "window_end": datetime.now(timezone.utc).isoformat(), + } + + +@router.post("/context-bundle", response_model=ContextBundleResponse) +def context_bundle( + req: ContextBundleRequest, + db: Session = Depends(get_db), +) -> ContextBundleResponse: + """Return the catalog of skills (with usage / rating / comment / staleness + metadata) that the OpenClaw resolver subagent ranks via LLM reasoning. + + SkillNote does NOT do semantic ranking server-side. The subagent reads + the bundle, scores skills against the task summary using its own LLM + judgment, and picks 1-5. We just over-fetch a bit, sort by a cheap + usage+rating proxy, then truncate to ``max_skills``. + """ + # 1. Pull a generous candidate slice. Over-fetch by 4x so the eventual + # in-memory sort by usage+rating has more to work with than the raw + # insertion order would offer; we still respect req.max_skills below. + stmt = select(Skill) + if req.collection_filter: + # Skill.collections is ARRAY(Text); .any(value) compiles to + # `value = ANY(skills.collections)` which matches membership. + stmt = stmt.where(Skill.collections.any(req.collection_filter)) + # Deterministic ordering ensures LIMIT max_skills*4 always captures the + # same candidate window; without ORDER BY the DB can exclude any row. + stmt = stmt.order_by(Skill.name).limit(req.max_skills * 4) + candidate_skills: list[Skill] = list(db.execute(stmt).scalars().all()) + + # 2. Pull all collections — small set, no ranking needed. + collections = db.query(Collection).all() + + # 3. Early-return when no skills match. We still ship collections — an + # empty skills list doesn't mean an empty registry of collections. + if not candidate_skills: + bundle_collections = [ + ContextBundleCollection(name=c.name, description=c.description) + for c in collections + ] + return ContextBundleResponse(collections=bundle_collections, skills=[]) + + skill_id_uuids = [s.id for s in candidate_skills] + skill_id_strs = [str(s.id) for s in candidate_skills] + + # 4. Pre-aggregate usage_count_30d in ONE query via JSONB array unnesting. + # Subquery isolates the unnest so we can GROUP BY the resulting sid and + # filter with WHERE before grouping (cleaner than HAVING on a SRF). + thirty_days_ago = datetime.now(timezone.utc) - timedelta(days=30) + unnest_subq = ( + select( + func.jsonb_array_elements_text(SkillUsageEvent.skill_ids).label("sid"), + ) + .where(SkillUsageEvent.created_at > thirty_days_ago) + .subquery() + ) + usage_stmt = ( + select(unnest_subq.c.sid, func.count().label("cnt")) + .where(unnest_subq.c.sid.in_(skill_id_strs)) + .group_by(unnest_subq.c.sid) + ) + usage_counts: dict[str, int] = { + row.sid: row.cnt for row in db.execute(usage_stmt).all() + } + + # 5. Pre-aggregate rating_avg in ONE query. + rating_stmt = ( + select(Comment.skill_id, func.avg(Comment.rating).label("avg")) + .where(Comment.skill_id.in_(skill_id_uuids)) + .where(Comment.rating.is_not(None)) + .group_by(Comment.skill_id) + ) + rating_avgs: dict[uuid.UUID, float] = { + row.skill_id: float(row.avg) for row in db.execute(rating_stmt).all() + } + + # 6. Pre-aggregate latest comment per skill via DISTINCT ON. + latest_stmt = ( + select(Comment.skill_id, Comment.body) + .where(Comment.skill_id.in_(skill_id_uuids)) + .order_by(Comment.skill_id, desc(Comment.created_at)) + .distinct(Comment.skill_id) + ) + latest_comments: dict[uuid.UUID, str | None] = { + row.skill_id: row.body[:200] if row.body else None + for row in db.execute(latest_stmt).all() + } + + # 7. Pre-aggregate deprecation flag in ONE query. + dep_stmt = ( + select(Comment.skill_id) + .where(Comment.skill_id.in_(skill_id_uuids)) + .where(Comment.comment_type == "agent_deprecation_warning") + .distinct() + ) + deprecated: set[uuid.UUID] = {row.skill_id for row in db.execute(dep_stmt).all()} + + # 8. Sort by usage+rating proxy and truncate to max_skills. The subagent + # re-ranks via LLM reasoning on top of this — see module docstring. + candidate_skills.sort( + key=lambda s: ( + -int(usage_counts.get(str(s.id), 0)), # higher usage first + -(rating_avgs.get(s.id) or 0.0), # higher rating first + s.name, # alphabetical tiebreak + ) + ) + ranked_skills = candidate_skills[: req.max_skills] + + # 9. Build the response payload. + def _staleness(skill_id, rating: float | None) -> str: + if skill_id in deprecated: + return "needs_review" + if rating is not None and rating < 3.0: + return "needs_review" + return "healthy" + + bundle_skills = [ + ContextBundleSkill( + id=s.id, + slug=s.slug, + name=s.name, + collections=s.collections or [], + description=s.description, + content_md=s.content_md or None, + rating_avg=rating_avgs.get(s.id), + usage_count_30d=int(usage_counts.get(str(s.id), 0)), + staleness_status=_staleness(s.id, rating_avgs.get(s.id)), + recent_comments_summary=latest_comments.get(s.id), + ) + for s in ranked_skills + ] + bundle_collections = [ + ContextBundleCollection(name=c.name, description=c.description) + for c in collections + ] + return ContextBundleResponse(collections=bundle_collections, skills=bundle_skills) + + +@router.post( + "/usage", + response_model=UsageEventOut, + status_code=201, +) +def create_usage_event( + payload: UsageEventCreate, + db: Session = Depends(get_db), +) -> SkillUsageEvent: + """Record a single skill-usage event from an agent. + + Validation order is intentional: cheap string checks before any DB query. + + NOTE on task_summary length: the Pydantic schema caps it at 2000 chars as + an absolute upper bound (defense in depth), but the product policy is + >1000 → 422. Agents must summarize, not dump raw user messages. The + runtime check below enforces the policy ceiling; the schema cap protects + us if the schema or a future migration relaxes the explicit check. + """ + if len(payload.task_summary) > 1000: + raise api_error( + 422, + "TASK_SUMMARY_TOO_LONG", + "task_summary > 1000 chars; agents must summarize, not dump raw user messages", + ) + + # Validate collection_id exists — FK lives on collections.name (Text PK). + # Must check before db.add() or the constraint fires as a 500 instead of 422. + if payload.collection_id is not None: + col_exists = db.execute( + select(Collection.name).where(Collection.name == payload.collection_id) + ).first() + if not col_exists: + raise api_error( + 422, + "UNKNOWN_COLLECTION_ID", + f"Collection '{payload.collection_id}' not found", + ) + + # Pre-aggregate skill_id existence check in ONE query. Compare set sizes + # rather than iterating — cheaper and surfaces the first unknown id below. + if payload.skill_ids: + found_rows = db.execute( + select(Skill.id).where(Skill.id.in_(payload.skill_ids)) + ).all() + found = {row[0] for row in found_rows} + for sid in payload.skill_ids: + if sid not in found: + raise api_error( + 422, + "UNKNOWN_SKILL_ID", + f"Skill {sid} not found", + ) + + # Deduplicate skill_ids preserving order — duplicate entries from a single + # event would inflate usage_count_30d in the context-bundle aggregation. + deduped_skill_ids = list(dict.fromkeys(str(u) for u in payload.skill_ids)) + + event = SkillUsageEvent( + id=uuid_lib.uuid4(), + agent_name=payload.agent_name, + task_summary=payload.task_summary, + collection_id=payload.collection_id, + # JSONB column stores stringified UUIDs so they round-trip cleanly + # to the context-bundle aggregation (which compares against str(s.id)). + skill_ids=deduped_skill_ids, + resolver_confidence=payload.resolver_confidence, + risk_level=payload.risk_level, + outcome=payload.outcome, + channel=payload.channel, + metadata_json=payload.metadata_json, + ) + db.add(event) + + # Fan-out: one skill_call_event per skill so the analytics dashboard + # (which reads skill_call_events) shows OpenClaw activity alongside + # Claude Code plugin activity without any frontend changes. + if deduped_skill_ids: + slugs_by_id: dict[str, str] = { + str(row.id): row.slug + for row in db.execute(select(Skill.id, Skill.slug).where( + Skill.id.in_(payload.skill_ids) + )).all() + } + for sid in deduped_skill_ids: + db.add(AnalyticsEvent( + id=uuid_lib.uuid4(), + skill_slug=slugs_by_id.get(sid), + event_type="called", + agent_name=payload.agent_name, + collection_scope=payload.collection_id, + )) + + db.commit() + db.refresh(event) + return event + + +# NOTE: Used by the Settings → OpenClaw card to detect "connected" status +# (Task 11 will hit this). +@router.get("/usage", response_model=list[UsageEventOut]) +def list_usage_events( + limit: int = Query(default=50, ge=1, le=200), + skill_id: uuid_lib.UUID | None = None, + since: datetime | None = None, + before: str | None = None, + db: Session = Depends(get_db), +) -> list[SkillUsageEvent]: + """List recent skill-usage events. + + Cursor format for `before`: ``"{created_at_iso}:{event_id}"``. Encode this + from the last item of the previous page (e.g. ``f"{e.created_at.isoformat()}:{e.id}"``). + Both halves are required — id is the tiebreak when timestamps collide. + """ + stmt = select(SkillUsageEvent).order_by( + SkillUsageEvent.created_at.desc(), + SkillUsageEvent.id.desc(), + ) + + if since is not None: + stmt = stmt.where(SkillUsageEvent.created_at > since) + + if skill_id is not None: + # JSONB containment: skill_ids @> '[""]'::jsonb + # cast() over a Python list is the most parameterizable form and + # plays nicely with SQLAlchemy 2.x without raw text fragments. + stmt = stmt.where( + SkillUsageEvent.skill_ids.op("@>")(cast([str(skill_id)], JSONB)) + ) + + if before is not None: + # Cursor: split on the LAST ':' since ISO timestamps contain colons. + try: + sep_idx = before.rfind(":") + if sep_idx <= 0: + raise ValueError("missing separator") + cursor_dt = datetime.fromisoformat(before[:sep_idx]) + cursor_id = uuid_lib.UUID(before[sep_idx + 1 :]) + except (ValueError, TypeError): + raise api_error( + 422, + "INVALID_CURSOR", + "before must be ':'", + ) + stmt = stmt.where( + or_( + SkillUsageEvent.created_at < cursor_dt, + and_( + SkillUsageEvent.created_at == cursor_dt, + SkillUsageEvent.id < cursor_id, + ), + ) + ) + + stmt = stmt.limit(limit) + return list(db.execute(stmt).scalars().all()) diff --git a/backend/app/api/setup.py b/backend/app/api/setup.py index 589c3763..fe44bf2f 100644 --- a/backend/app/api/setup.py +++ b/backend/app/api/setup.py @@ -4,12 +4,13 @@ from pathlib import Path from datetime import datetime, timezone -from fastapi import APIRouter, Request +from fastapi import APIRouter, HTTPException, Query, Request from fastapi.responses import PlainTextResponse, Response router = APIRouter(tags=["setup"]) _PLUGIN_DIR = Path("/plugin") if Path("/plugin/.claude-plugin").is_dir() else Path(__file__).resolve().parent.parent.parent.parent / "plugin" +_OPENCLAW_DIR = Path("/openclaw") if Path("/openclaw").is_dir() else Path(__file__).resolve().parent.parent.parent.parent / "plugin-openclaw" import re as _re @@ -343,3 +344,383 @@ def get_setup_script(request: Request): .replace("__MCP_URL__", urls["mcp"]) .replace("__WEB_URL__", urls["web"])) return PlainTextResponse(script, media_type="text/plain") + + +@router.get("/v1/openclaw-bundle.zip") +def get_openclaw_bundle_zip(request: Request): + """Serve the plugin-openclaw directory as a ZIP with host URLs baked in.""" + urls = _derive_urls(request) + api_url = urls["api"] + web_url = urls["web"] + + buf = io.BytesIO() + with zipfile.ZipFile(buf, "w", zipfile.ZIP_DEFLATED) as zf: + if _OPENCLAW_DIR.is_dir(): + for fpath in _OPENCLAW_DIR.rglob("*"): + if fpath.is_file() and "__pycache__" not in str(fpath): + rel = fpath.relative_to(_OPENCLAW_DIR) + content = fpath.read_text(errors="replace") + content = (content + .replace("{{HOST}}", api_url) + .replace("{{WEB_URL}}", web_url)) + zf.writestr(str(rel), content) + buf.seek(0) + return Response(content=buf.read(), media_type="application/zip") + + +_OPENCLAW_SETUP_SCRIPT = r'''#!/bin/bash +set -euo pipefail + +API_URL="__API_URL__" +WEB_URL="__WEB_URL__" +OPENCLAW_HOME="$HOME/.openclaw" +SKILLS_DIR="$OPENCLAW_HOME/skills" +SKILLNOTE_DIR="$SKILLS_DIR/skillnote" + +echo "" +echo " S K I L L N O T E → O P E N C L A W" +echo "" + +# ── prerequisites ──────────────────────────────────────────────────────────── +command -v curl &>/dev/null || { echo "Error: curl required."; exit 1; } +command -v unzip &>/dev/null || { echo "Error: unzip required."; exit 1; } +command -v python3 &>/dev/null || { echo "Error: python3 required."; exit 1; } + +# ── consent prompt (interactive only) ───────────────────────────────────────── +if [ -t 0 ]; then + echo " This will install the SkillNote skill into $SKILLS_DIR/skillnote/" + echo " and configure it to talk to $API_URL" + echo "" + read -p " Continue? [y/N] " yn + case "$yn" in + [Yy]*) ;; + *) echo " Aborted."; exit 0 ;; + esac +else + echo " Non-interactive install (no TTY); proceeding." +fi + +# ── idempotent clean install ───────────────────────────────────────────────── +# Stop any running watcher from a previous install before we touch its files +if [ -f "$SKILLNOTE_DIR/.log-watcher.pid" ]; then + OLD_PID=$(cat "$SKILLNOTE_DIR/.log-watcher.pid" 2>/dev/null || true) + [ -n "$OLD_PID" ] && kill "$OLD_PID" 2>/dev/null || true +fi + +# Clean legacy 2-skill layout if present (skillnote-awareness / skillnote-resolver) +rm -rf "$SKILLS_DIR/skillnote-awareness" "$SKILLS_DIR/skillnote-resolver" 2>/dev/null || true + +# Wipe the skillnote skill dir but preserve the user's existing config.json +PRESERVED_CONFIG="" +if [ -f "$SKILLNOTE_DIR/config.json" ]; then + PRESERVED_CONFIG=$(mktemp -t skillnote-config.XXXXXX.json) + cp "$SKILLNOTE_DIR/config.json" "$PRESERVED_CONFIG" +fi +rm -rf "$SKILLNOTE_DIR" + +mkdir -p "$SKILLS_DIR" + +# ── download bundle ────────────────────────────────────────────────────────── +TMP_ZIP=$(mktemp -t skillnote-openclaw.XXXXXX.zip) || { echo "Error: mktemp failed."; exit 1; } +trap 'rm -f "$TMP_ZIP" "$PRESERVED_CONFIG"' EXIT +curl -sf --connect-timeout 10 --max-time 30 "$API_URL/v1/openclaw-bundle.zip" -o "$TMP_ZIP" || { + echo "Error: Could not download $API_URL/v1/openclaw-bundle.zip" + exit 1 +} + +# ── refuse symlink and path-traversal entries ──────────────────────────────── +if unzip -Z "$TMP_ZIP" 2>/dev/null | awk '{print $1}' | grep -q '^l'; then + echo "Error: bundle contains symbolic link entries; refusing to extract." + exit 1 +fi +if unzip -l "$TMP_ZIP" 2>/dev/null | awk 'NR>3 && $1 ~ /^[0-9]+$/ {print $NF}' | grep -qE '^(/|\.\./|.*/\.\./)'; then + echo "Error: bundle contains absolute or parent-directory paths; refusing to extract." + exit 1 +fi + +# ── extract ────────────────────────────────────────────────────────────────── +unzip -qo "$TMP_ZIP" -d "$SKILLS_DIR" + +# ── set up config.json from template (or restore preserved one) ────────────── +if [ -n "$PRESERVED_CONFIG" ] && [ -f "$PRESERVED_CONFIG" ]; then + cp "$PRESERVED_CONFIG" "$SKILLNOTE_DIR/config.json" + echo " Preserved existing config.json" +else + # Bundle ships config.template.json inside the skillnote/ dir. + # Materialize it into a real config.json with the host pre-filled. + if [ -f "$SKILLNOTE_DIR/config.template.json" ]; then + python3 - "$API_URL" "$SKILLNOTE_DIR/config.template.json" "$SKILLNOTE_DIR/config.json" << 'PYEOF' +import json, sys +api_url, src, dst = sys.argv[1], sys.argv[2], sys.argv[3] +try: + cfg = json.load(open(src)) +except Exception: + cfg = {} +cfg["host"] = api_url.rstrip("/") +cfg.setdefault("user_id", "openclaw-main") +json.dump(cfg, open(dst, "w"), indent=2) +PYEOF + else + # Fallback: write a minimal config so sync.sh works on first run + cat > "$SKILLNOTE_DIR/config.json" </dev/null; then + SKILL_COUNT=$(ls "$SKILLS_DIR" 2>/dev/null | grep -c "^sn-" || echo 0) + echo " Synced $SKILL_COUNT skills into $SKILLS_DIR/sn-*/" +else + echo " First sync did not complete (will retry on next OpenClaw session)." +fi + +echo "" +echo " Installed:" +echo " $SKILLNOTE_DIR/SKILL.md (always-loaded skill)" +echo " $SKILLNOTE_DIR/sync.sh (runs every 60s)" +echo " $SKILLNOTE_DIR/log-watcher.py (analytics daemon)" +echo " $SKILLNOTE_DIR/config.json (host: ${API_URL%/})" +echo "" +echo " Restart your OpenClaw session to pick up the new skill." +echo " Web: $WEB_URL" +echo "" +''' + + +@router.get("/setup/openclaw") +def get_openclaw_setup_script(request: Request): + urls = _derive_urls(request) + script = (_OPENCLAW_SETUP_SCRIPT + .replace("__API_URL__", urls["api"]) + .replace("__WEB_URL__", urls["web"])) + return PlainTextResponse(script, media_type="text/plain") + + +# Unified entry point: parses --agent from $@ and delegates to the +# right per-agent installer. Keeps each installer's logic isolated (they +# touch different home dirs, ship different bundles) while giving users one +# command to remember: +# +# curl -sf /setup/agent | bash -s -- --agent openclaw +# curl -sf /setup/agent | bash -s -- --agent claude-code +_AGENT_DISPATCH_SCRIPT = r'''#!/bin/bash +set -euo pipefail + +API_URL="__API_URL__" + +# ── parse --agent flag ─────────────────────────────────────────────────────── +AGENT="" +while [ $# -gt 0 ]; do + case "$1" in + --agent) + AGENT="${2:-}" + shift 2 + ;; + --agent=*) + AGENT="${1#--agent=}" + shift + ;; + -h|--help) + cat < + +Supported agents: + claude-code Install the SkillNote plugin for Claude Code + openclaw Install the SkillNote skill for OpenClaw + +Example: + curl -sf $API_URL/setup/agent | bash -s -- --agent openclaw +EOF + exit 0 + ;; + *) + echo "Error: unknown argument '$1'" + echo "Run with --help for usage." + exit 1 + ;; + esac +done + +# ── validate ───────────────────────────────────────────────────────────────── +if [ -z "$AGENT" ]; then + echo "Error: --agent flag is required." + echo "" + echo "Usage:" + echo " curl -sf $API_URL/setup/agent | bash -s -- --agent " + echo "" + echo "Supported agents:" + echo " claude-code Install the SkillNote plugin for Claude Code" + echo " openclaw Install the SkillNote skill for OpenClaw" + exit 2 +fi + +case "$AGENT" in + claude-code|claude_code|claude|cc) + TARGET_PATH="/setup" + AGENT_LABEL="Claude Code" + ;; + openclaw|open-claw|oc) + TARGET_PATH="/setup/openclaw" + AGENT_LABEL="OpenClaw" + ;; + *) + echo "Error: unknown agent '$AGENT'." + echo "" + echo "Supported agents: claude-code, openclaw" + exit 2 + ;; +esac + +# ── delegate ───────────────────────────────────────────────────────────────── +echo " Installing SkillNote for $AGENT_LABEL..." +echo " Source: $API_URL$TARGET_PATH" +echo "" + +# Download the agent-specific installer to a tempfile and exec it. We avoid +# `curl ... | bash` here because piping while also redirecting stdin from +# /dev/null causes curl to abort early (exit 23, broken pipe). The tempfile +# detour gives the installer a clean stdin (so its TTY check picks the +# non-interactive branch) without losing any output. +TMP_INSTALLER=$(mktemp -t skillnote-installer.XXXXXX.sh) +trap 'rm -f "$TMP_INSTALLER"' EXIT + +if ! curl -sf --connect-timeout 10 --max-time 60 \ + "$API_URL$TARGET_PATH" -o "$TMP_INSTALLER"; then + echo "Error: failed to download installer from $API_URL$TARGET_PATH" + exit 3 +fi + +bash "$TMP_INSTALLER" < /dev/null +''' + + +@router.get("/setup/agent") +def get_agent_dispatch_script(request: Request): + """Unified curl entry point that delegates to the per-agent installer.""" + urls = _derive_urls(request) + script = _AGENT_DISPATCH_SCRIPT.replace("__API_URL__", urls["api"]) + return PlainTextResponse(script, media_type="text/plain") + + +# ─── Personalized agent install prompts ────────────────────────────────────── +# Returns a markdown copy-prompt with the user's actual SkillNote URL baked in. +# The Connect page renders this with a "Copy as Markdown" button so that the +# user can paste it into a fresh OpenClaw / Claude Code session and the agent +# installs everything itself. +# +# Modeled on api2cli's "One-Prompt Setup" pattern, which is the dominant +# install UX in the OpenClaw ecosystem today. + +_OPENCLAW_AGENT_PROMPT = """Set up SkillNote for me end-to-end. The skill is published on clawhub and I want you to handle everything: backend, plugin, configuration, verification. + +Please do the full install yourself — don't ask me to run commands. + +1. **Install the SkillNote skill from clawhub:** + ```bash + command -v clawhub || npm i -g clawhub + clawhub install skillnote + ``` + (If `clawhub install skillnote` fails because the registry isn't reachable, fall back to the bundle installer: `curl -sf __API_URL__/setup/agent | bash -s -- --agent openclaw` — that will take care of installing the skill files locally.) + +2. **Read the skill's SKILL.md and follow its setup steps in order:** + ```bash + cat ~/.openclaw/skills/skillnote/SKILL.md + ``` + The SKILL.md tells you how to: + - Resolve the SkillNote host (env var → config file → default `http://localhost:8082`) + - **If the backend is not running on localhost, the SKILL.md tells you to clone and `./install.sh` it yourself** — do that, don't ask me. It takes ~3 minutes. + - Persist the resolved host to config.json + - Run the first sync + - Graft `~/.openclaw/workspace/AGENTS.md` with the `` block + +3. **Verify everything works** and report back to me: + - Backend reachable: `curl -sf __API_URL__/health` (or whatever URL you ended up using) + - Skills synced: `ls ~/.openclaw/skills/sn-* 2>/dev/null | wc -l` + - Daemon running: `cat ~/.openclaw/skills/skillnote/.log-watcher.pid` and `kill -0 $(cat ...)` to confirm the process is alive + - AGENTS.md graft present: `grep '' ~/.openclaw/workspace/AGENTS.md` + - Tell me: how many skills synced, the URL my agent is connected to, and whether I need to do anything else. + +Don't ask for confirmation between steps. Just run the commands and report results when you're done. +""" + +_CLAUDE_AGENT_PROMPT = """Set up SkillNote for me. My SkillNote backend is at __API_URL__. + +Please do the full install yourself — don't ask me to run commands. + +1. **Verify the SkillNote backend is reachable:** + ```bash + curl -sf __API_URL__/health + ``` + If this fails, tell me to first run: + ```bash + git clone https://github.com/luna-prompts/skillnote.git + cd skillnote + ./install.sh + ``` + +2. **Install the Claude Code plugin:** + ```bash + curl -sf __API_URL__/setup/agent | bash -s -- --agent claude-code + ``` + +3. **Reload my shell** (so the plugin gets picked up): + ```bash + source ~/.zshrc 2>/dev/null || source ~/.bashrc 2>/dev/null || true + ``` + +4. **Verify everything works** and report back: + - List installed plugin: `ls ~/.claude/plugins/skillnote/ 2>/dev/null` + - Tell me how many skills the plugin sees and what collection picker options I'd see when I run `claude`. + +Don't ask for confirmation between steps. Just run the commands and report results. +""" + +_AGENT_PROMPTS = { + "openclaw": _OPENCLAW_AGENT_PROMPT, + "claude-code": _CLAUDE_AGENT_PROMPT, +} + + +@router.get("/setup/agent-prompt") +def get_agent_prompt( + request: Request, + agent: str = Query(..., description="Target agent: openclaw or claude-code"), +): + """Returns a personalized install prompt with the user's host baked in. + + The Connect page renders this with a 'Copy as Markdown' button. Users paste + it into a fresh OpenClaw or Claude Code session and the agent installs + everything itself — no terminal needed. + + Aliases: + openclaw, oc, open-claw → openclaw prompt + claude-code, cc, claude, claude_code → claude-code prompt + """ + agent_normalized = agent.lower().strip() + alias_map = { + "openclaw": "openclaw", "oc": "openclaw", "open-claw": "openclaw", + "claude-code": "claude-code", "cc": "claude-code", + "claude": "claude-code", "claude_code": "claude-code", + } + canonical = alias_map.get(agent_normalized) + if canonical is None: + raise HTTPException( + status_code=400, + detail=f"Unknown agent '{agent}'. Supported: {', '.join(sorted(set(alias_map.values())))}", + ) + + urls = _derive_urls(request) + prompt = _AGENT_PROMPTS[canonical].replace("__API_URL__", urls["api"]) + # Return as plain text so it's clipboard-friendly. Connect page reads it + # with fetch().then(r => r.text()) and pipes straight into the copy buffer. + return PlainTextResponse(prompt, media_type="text/plain; charset=utf-8") diff --git a/backend/app/api/skills.py b/backend/app/api/skills.py index 0401fc7c..c1ba994f 100644 --- a/backend/app/api/skills.py +++ b/backend/app/api/skills.py @@ -147,6 +147,7 @@ def list_skills( ) out.append( SkillListItem( + id=skill.id, name=skill.name, slug=skill.slug, description=skill.description, @@ -396,6 +397,7 @@ def create_skill( extra_frontmatter=payload.extra_frontmatter, current_version=0, ) + db.add(skill) db.flush() diff --git a/backend/app/db/models/__init__.py b/backend/app/db/models/__init__.py index 220724a7..e1ce7eed 100644 --- a/backend/app/db/models/__init__.py +++ b/backend/app/db/models/__init__.py @@ -10,12 +10,14 @@ from app.db.models.skill import Skill from app.db.models.skill_content_version import SkillContentVersion from app.db.models.skill_rating import SkillRating +from app.db.models.skill_usage_event import SkillUsageEvent from app.db.models.skill_version import SkillVersion __all__ = [ "Skill", "SkillVersion", "SkillContentVersion", + "SkillUsageEvent", "Comment", "AnalyticsEvent", "SkillRating", diff --git a/backend/app/db/models/collection.py b/backend/app/db/models/collection.py index 3e8b08ae..f1ef250e 100644 --- a/backend/app/db/models/collection.py +++ b/backend/app/db/models/collection.py @@ -1,10 +1,16 @@ +from __future__ import annotations + from datetime import datetime +from typing import TYPE_CHECKING from sqlalchemy import DateTime, Text, func -from sqlalchemy.orm import Mapped, mapped_column +from sqlalchemy.orm import Mapped, mapped_column, relationship from app.db.base import Base +if TYPE_CHECKING: + from app.db.models.skill_usage_event import SkillUsageEvent + class Collection(Base): __tablename__ = "collections" @@ -17,3 +23,7 @@ class Collection(Base): updated_at: Mapped[datetime] = mapped_column( DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False ) + + usage_events: Mapped[list["SkillUsageEvent"]] = relationship( + "SkillUsageEvent", back_populates="collection" + ) diff --git a/backend/app/db/models/comment.py b/backend/app/db/models/comment.py index 6b156c4f..c67ee160 100644 --- a/backend/app/db/models/comment.py +++ b/backend/app/db/models/comment.py @@ -1,7 +1,7 @@ import uuid from datetime import datetime -from sqlalchemy import DateTime, ForeignKey, String, Text, func +from sqlalchemy import DateTime, ForeignKey, Integer, String, Text, func from sqlalchemy.dialects.postgresql import UUID from sqlalchemy.orm import Mapped, mapped_column, relationship @@ -15,6 +15,16 @@ class Comment(Base): skill_id: Mapped[uuid.UUID] = mapped_column(UUID(as_uuid=True), ForeignKey("skills.id", ondelete="CASCADE"), nullable=False, index=True) author: Mapped[str] = mapped_column(String(255), nullable=False) body: Mapped[str] = mapped_column(Text, nullable=False) + author_type: Mapped[str] = mapped_column( + String(16), nullable=False, default="human", server_default="human" + ) + comment_type: Mapped[str | None] = mapped_column(String(64), nullable=True) + rating: Mapped[int | None] = mapped_column(Integer, nullable=True) + linked_usage_id: Mapped[uuid.UUID | None] = mapped_column( + UUID(as_uuid=True), + ForeignKey("skill_usage_events.id", ondelete="SET NULL"), + nullable=True, + ) created_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now(), nullable=False) updated_at: Mapped[datetime] = mapped_column(DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False) diff --git a/backend/app/db/models/skill_usage_event.py b/backend/app/db/models/skill_usage_event.py new file mode 100644 index 00000000..c5c1a233 --- /dev/null +++ b/backend/app/db/models/skill_usage_event.py @@ -0,0 +1,52 @@ +from __future__ import annotations + +import uuid +from datetime import datetime +from typing import TYPE_CHECKING, Any + +from sqlalchemy import DateTime, Float, ForeignKey, String, Text, func, text +from sqlalchemy.dialects.postgresql import JSONB, UUID +from sqlalchemy.orm import Mapped, mapped_column, relationship + +from app.db.base import Base + +if TYPE_CHECKING: + from app.db.models.collection import Collection + + +class SkillUsageEvent(Base): + __tablename__ = "skill_usage_events" + + id: Mapped[uuid.UUID] = mapped_column( + UUID(as_uuid=True), + primary_key=True, + server_default=text("gen_random_uuid()"), + default=uuid.uuid4, + ) + agent_name: Mapped[str] = mapped_column(String(255), nullable=False) + task_summary: Mapped[str] = mapped_column(Text, nullable=False) + collection_id: Mapped[str | None] = mapped_column( + Text, + ForeignKey("collections.name", ondelete="SET NULL"), + nullable=True, + ) + skill_ids: Mapped[list[str]] = mapped_column( + JSONB, + nullable=False, + default=list, + server_default=text("'[]'::jsonb"), + ) + resolver_confidence: Mapped[float | None] = mapped_column(Float, nullable=True) + risk_level: Mapped[str | None] = mapped_column(String(32), nullable=True) + outcome: Mapped[str | None] = mapped_column(String(32), nullable=True) + channel: Mapped[str | None] = mapped_column(String(64), nullable=True) + metadata_json: Mapped[dict[str, Any] | None] = mapped_column(JSONB, nullable=True) + created_at: Mapped[datetime] = mapped_column( + DateTime(timezone=True), + server_default=func.now(), + nullable=False, + ) + + collection: Mapped["Collection | None"] = relationship( + "Collection", back_populates="usage_events" + ) diff --git a/backend/app/main.py b/backend/app/main.py index 730d0a93..1f864474 100644 --- a/backend/app/main.py +++ b/backend/app/main.py @@ -34,6 +34,7 @@ from app.api.sessions import router as sessions_router from app.api.imports import router as imports_router from app.api.marketplace import router as marketplace_router +from app.api.openclaw import router as openclaw_router, skill_router as openclaw_skill_router app = FastAPI(title="SkillNote Backend", version="0.1.0") @@ -121,6 +122,8 @@ async def generic_exception_handler(_: Request, exc: Exception): app.include_router(sessions_router) app.include_router(imports_router) app.include_router(marketplace_router) +app.include_router(openclaw_router) +app.include_router(openclaw_skill_router) @app.get("/health") diff --git a/backend/app/schemas/comment.py b/backend/app/schemas/comment.py index bbf1546d..3f573616 100644 --- a/backend/app/schemas/comment.py +++ b/backend/app/schemas/comment.py @@ -1,7 +1,19 @@ from datetime import datetime -from pydantic import BaseModel +from typing import Literal import uuid +from pydantic import BaseModel, Field, field_validator, model_validator + +# All valid agent-side comment_type values. Kept here as the canonical list so +# both the schema and any future code-gen/docs stay in sync. +AgentCommentType = Literal[ + "agent_observation", + "agent_issue", + "agent_patch_suggestion", + "agent_success_note", + "agent_deprecation_warning", +] + class CommentOut(BaseModel): id: uuid.UUID @@ -9,6 +21,10 @@ class CommentOut(BaseModel): body: str created_at: datetime updated_at: datetime + author_type: str + comment_type: str | None + rating: int | None + linked_usage_id: uuid.UUID | None model_config = {"from_attributes": True} @@ -16,7 +32,40 @@ class CommentOut(BaseModel): class CommentCreate(BaseModel): author: str body: str + author_type: Literal["human", "agent"] = "human" + # When author_type == "agent" this must be one of the five AgentCommentType + # values. When author_type == "human" it must be None (or omitted). + # The model_validator below enforces the cross-field rule; the Literal here + # gives Pydantic a closed set to validate against for agent comments. + comment_type: AgentCommentType | None = Field(default=None) + rating: int | None = Field(default=None, ge=1, le=5) + linked_usage_id: uuid.UUID | None = None + + @field_validator("body") + @classmethod + def _strip_body(cls, v: str) -> str: + s = v.strip() + if not s: + raise ValueError("body must not be empty or whitespace-only") + return s + + @model_validator(mode="after") + def _agent_requires_comment_type(self): + if self.author_type == "agent" and not self.comment_type: + raise ValueError("agent comments require comment_type") + # Prevent humans from spoofing agent-reserved comment_type namespaces. + if self.author_type == "human" and self.comment_type and self.comment_type.startswith("agent_"): + raise ValueError("human comments cannot use agent-reserved comment_type values (prefix 'agent_')") + return self class CommentUpdate(BaseModel): body: str + + @field_validator("body") + @classmethod + def _strip_body(cls, v: str) -> str: + s = v.strip() + if not s: + raise ValueError("body must not be empty or whitespace-only") + return s diff --git a/backend/app/schemas/openclaw.py b/backend/app/schemas/openclaw.py new file mode 100644 index 00000000..34a78cd1 --- /dev/null +++ b/backend/app/schemas/openclaw.py @@ -0,0 +1,97 @@ +import uuid +from datetime import datetime +from typing import Any, Literal + +from pydantic import BaseModel, Field, field_validator + + +class ContextBundleRequest(BaseModel): + task_summary: str = Field(..., max_length=2000, min_length=1) + channel: str | None = None + workspace: str | None = None + recent_skill_ids: list[uuid.UUID] = Field(default_factory=list) + max_skills: int = Field(default=20, ge=1, le=100) + collection_filter: str | None = Field( + default=None, + min_length=1, + max_length=128, + description=( + "If provided, only return skills that include this collection name " + "in their `collections` array. Useful when the agent already has a " + "collection hint and wants to narrow the catalog before its own " + "LLM-side ranking pass." + ), + ) + + @field_validator("task_summary") + @classmethod + def _strip_and_check(cls, v: str) -> str: + s = v.strip() + if not s: + raise ValueError("must not be empty or whitespace") + return s + + +class ContextBundleSkill(BaseModel): + id: uuid.UUID + slug: str + name: str + # Skill.collections is ARRAY(Text); a skill belongs to many collections + collections: list[str] + description: str | None + content_md: str | None + rating_avg: float | None + usage_count_30d: int + staleness_status: str | None + recent_comments_summary: str | None + + model_config = {"from_attributes": True} + + +class ContextBundleCollection(BaseModel): + name: str + description: str + + model_config = {"from_attributes": True} + + +class ContextBundleResponse(BaseModel): + collections: list[ContextBundleCollection] + skills: list[ContextBundleSkill] + + +class UsageEventCreate(BaseModel): + agent_name: str = Field(..., max_length=255, min_length=1) + task_summary: str = Field(..., max_length=2000, min_length=1) + collection_id: str | None = None + skill_ids: list[uuid.UUID] = Field(default_factory=list) + resolver_confidence: float | None = Field(default=None, ge=0.0, le=1.0) + risk_level: Literal["low", "medium", "high"] | None = None + outcome: Literal["completed", "failed", "abandoned", "unknown"] | None = None + channel: str | None = Field(default=None, max_length=64) + metadata_json: dict[str, Any] | None = None + + @field_validator("agent_name", "task_summary") + @classmethod + def _strip_and_check(cls, v: str) -> str: + s = v.strip() + if not s: + raise ValueError("must not be empty or whitespace") + return s + + +class UsageEventOut(BaseModel): + id: uuid.UUID + agent_name: str + task_summary: str + collection_id: str | None + # stored as JSON strings; raw to avoid coercion 500s on legacy data + skill_ids: list[str] + resolver_confidence: float | None + risk_level: str | None + outcome: str | None + channel: str | None + metadata_json: dict[str, Any] | None + created_at: datetime + + model_config = {"from_attributes": True} diff --git a/backend/app/schemas/skill.py b/backend/app/schemas/skill.py index 5edb2588..75aab9b6 100644 --- a/backend/app/schemas/skill.py +++ b/backend/app/schemas/skill.py @@ -24,6 +24,7 @@ class SkillOrigin(BaseModel): class SkillListItem(BaseModel): model_config = {"from_attributes": True} + id: uuid.UUID name: str slug: str description: str diff --git a/backend/pyproject.toml b/backend/pyproject.toml index 3ee064b0..1274bc47 100644 --- a/backend/pyproject.toml +++ b/backend/pyproject.toml @@ -4,18 +4,18 @@ version = "0.1.0" description = "Self-hosted skills registry backend" requires-python = ">=3.12" dependencies = [ + "alembic>=1.14.0", "fastapi>=0.116.0", - "uvicorn[standard]>=0.35.0", - "sqlalchemy>=2.0.36", + "fastmcp>=3.0.0", + "httpx>=0.28.0", "psycopg[binary]>=3.2.0", - "alembic>=1.14.0", "pydantic>=2.9.0", "pydantic-settings>=2.6.0", "pytest>=8.3.0", - "httpx>=0.28.0", "python-multipart>=0.0.20", "PyYAML>=6.0.0", - "fastmcp>=3.0.0", + "sqlalchemy>=2.0.36", + "uvicorn[standard]>=0.35.0", ] [tool.setuptools.packages.find] diff --git a/backend/seed_data/skillnote.skill/SKILL.md b/backend/seed_data/skillnote.skill/SKILL.md new file mode 100644 index 00000000..f116e7b6 --- /dev/null +++ b/backend/seed_data/skillnote.skill/SKILL.md @@ -0,0 +1,295 @@ +--- +name: skillnote +description: "A private skill registry for OpenClaw agents -- remembers saved procedures across sessions, tracks which skills helped or failed, detects drift and staleness, and collects agent feedback. Self-hosted; your knowledge stays on your server." +version: "2.0.0" +homepage: "https://github.com/luna-prompts/skillnote" +metadata: + openclaw: + always: true + emoji: "📚" + primaryEnv: SKILLNOTE_BASE_URL + requires: + env: [SKILLNOTE_BASE_URL] + bins: [curl, python3, unzip] + envVars: + - name: SKILLNOTE_BASE_URL + required: true + description: "URL of your self-hosted SkillNote instance, e.g. http://localhost:8082" +--- + +# How this skill is installed + +This file (`SKILL.md`) normally arrives in `~/.openclaw/skills/skillnote/` via one of three paths. The setup steps below run regardless of how it got there — but if the skill ever needs to be reinstalled (corrupted install, missing files, recovery), use one of these: + +1. **clawhub** (recommended — versioned, auto-updates): + ```bash + clawhub install skillnote + ``` +2. **curl bundle installer** (when clawhub isn't available, or for fresh installs that should also pre-fill config and run the first sync): + ```bash + curl -sf /setup/agent | bash -s -- --agent openclaw + ``` + Replace `` with the user's SkillNote URL (e.g. `http://localhost:8082`). If you're the agent reading this and `$SKILLNOTE_BASE_URL` is set, use that. Otherwise default to `http://localhost:8082`. +3. **Manual** — download `/v1/openclaw-bundle.zip` and unzip into `~/.openclaw/skills/`. For air-gapped environments only. + +If you (the agent) are running setup and find that critical files are missing from `~/.openclaw/skills/skillnote/` (e.g. `sync.sh` or `log-watcher.py` not present), do a curl reinstall using method 2 above before continuing — don't try to guess what's missing. + +--- + +# Setup + +**Runs once on first load. Silent on every subsequent load.** + +## Step 1 — Resolve SkillNote host (layered) + +Find the SkillNote backend URL in this order. Stop at the first match: + +1. **Env var:** `$SKILLNOTE_BASE_URL` +2. **Config file:** `~/.openclaw/skillnote/config.json` → `host` field +3. **Skill-dir config:** `~/.openclaw/skills/skillnote/config.json` → `host` field +4. **Default:** `http://localhost:8082` (the standard local install) + +Then test reachability: `GET /v1/skills?limit=1`. + +- **Reachable** → host confirmed. Skip to Step 3 (persist + sync). +- **Unreachable AND host == localhost:8082** → backend probably not running on this machine. Continue to Step 2 to install it. +- **Unreachable AND host is custom** (env var or config file points somewhere specific) → don't auto-install. The user pointed at a specific server; tell them it's down and stop: + > SkillNote at `` isn't reachable. Either the server is down, or the URL is wrong. I'll retry next session. + +## Step 2 — Stand up the SkillNote backend (only when localhost is unreachable) + +You (the agent) are running on the user's machine and have shell access. Install the backend yourself via the bundled bootstrap script — do not ask the user to run any commands. + +**First, ask the user once for permission:** + +> **SkillNote backend isn't running.** I can install it now (clones the repo, runs Docker compose; ~3 min for the first build). Proceed? [Y/n] + +If the user says **n** or anything negative, output this and STOP setup completely: + +> No problem. When you're ready, either: +> ```bash +> # Option A — clone + run the installer +> git clone https://github.com/luna-prompts/skillnote.git +> cd skillnote && ./install.sh +> ``` +> ```bash +> # Option B — run the bundled bootstrap script +> bash ~/.openclaw/skills/skillnote/install-backend.sh +> ``` +> Then start a fresh OpenClaw session. + +If the user says **Y** or anything positive, run this single command and stream the output back so the user sees progress: + +```bash +bash ~/.openclaw/skills/skillnote/install-backend.sh +``` + +This script ships with the skill (clawhub install skillnote drops it next to SKILL.md) and handles everything atomically: +1. Verifies prereqs (`git`, `curl`, and either `docker` or `podman`) +2. Clones the repo to `$HOME/skillnote` (or reuses an existing checkout) +3. Runs `./install.sh` (Docker build + compose up) +4. Polls `/health` until the API is ready (60s timeout) +5. Prints the URLs + +### If the script is missing (recovery) + +If `~/.openclaw/skills/skillnote/install-backend.sh` doesn't exist (corrupted skill install, manual modification, etc.), curl it from GitHub raw — it's the same script that ships in the bundle: + +```bash +curl -sfL https://raw.githubusercontent.com/luna-prompts/skillnote/master/plugin-openclaw/skillnote/install-backend.sh | bash +``` + +If even that fails (no network, etc.), fall back to a full manual clone — don't try to reconstruct the script: + +```bash +git clone https://github.com/luna-prompts/skillnote.git ~/skillnote +cd ~/skillnote && ./install.sh +``` + +Then come back to Step 3. + +### Customizing the install + +If the user has constraints, set env vars BEFORE invoking the script: + +| Need | Command | +| ---- | ------- | +| Different install dir | `SKILLNOTE_INSTALL_DIR=$HOME/work/skillnote bash ~/.openclaw/skills/skillnote/install-backend.sh` | +| Port `8082` is busy | `SKILLNOTE_API_PORT=8182 bash ~/.openclaw/skills/skillnote/install-backend.sh` | +| Port `3000` is busy | `SKILLNOTE_WEB_PORT=3001 bash ~/.openclaw/skills/skillnote/install-backend.sh` | + +### If it fails + +Capture the last 20 lines of output and show them verbatim. Common patterns and what to suggest: + +- `address already in use` / `port is already allocated` → tell the user which port and offer: `SKILLNOTE_API_PORT=8182 bash ~/.openclaw/skills/skillnote/install-backend.sh` +- `Cannot connect to the Docker daemon` → Docker Desktop / Podman machine isn't running; ask the user to start it +- `MISSING: git` / `MISSING: docker` → the script tells you exactly what's missing; relay the install link to the user +- anything else → show the captured output and stop; don't try to recover blindly + +After success, `install-backend.sh` will print the URLs (`http://localhost:3000` and `http://localhost:8082`). Proceed to Step 3. + +## Step 3 — Persist the resolved host (idempotent) + +Once a host is found and reachable: +- Strip trailing slashes +- Write to `~/.openclaw/skills/skillnote/config.json` so subsequent loads skip the env-var lookup: + +```json +{ + "host": "", + "user_id": "" +} +``` + +## Step 4 — Initial sync + +Run with exec: +``` +chmod +x ~/.openclaw/skills/skillnote/sync.sh +~/.openclaw/skills/skillnote/sync.sh +``` + +This populates `~/.openclaw/skills/sn-*/SKILL.md` for every skill in the registry. Runs in a few seconds. + +## Step 5 — Verify AGENTS.md graft (sync.sh did it for you) + +`sync.sh` (which you just ran in Step 4) automatically appends the `` block to `~/.openclaw/workspace/AGENTS.md` if it isn't already there. **You don't have to graft it yourself, and you don't need to ask the user about it.** + +Just verify it landed: + +```bash +grep -c '' ~/.openclaw/workspace/AGENTS.md +``` + +If the count is `1`: ✅ done, continue to Step 6. + +If the count is `0`: something failed during sync. Re-run `~/.openclaw/skills/skillnote/sync.sh` once more; if still `0`, surface the issue to the user (likely a permissions error on `~/.openclaw/workspace/`). Do not try to graft the block manually with your file-edit tool — that's `sync.sh`'s job. + +If the count is `≥ 2`: duplicate marker. Tell the user; do not auto-fix (it's safer for them to dedupe by hand). + +### Honoring an opt-out + +If the user told you in this session *"don't touch AGENTS.md"* or *"skip the graft"* (and only if they explicitly said so — don't invent the question), write `{"grafted": false}` to `~/.openclaw/skills/skillnote/config.json` BEFORE running sync.sh in Step 4 — sync.sh checks that flag and skips the graft when it's set. + +### For reference, the block sync.sh appends (substituting your `{{HOST}}`): + +``` + +SkillNote registry: {{HOST}} + +You MUST check SkillNote for any task involving code, writing, debugging, reviewing, deploying, or creating. + +Step 1 — BEFORE responding, sync and read skills with exec: + ~/.openclaw/skills/skillnote/sync.sh + Then read any relevant ~/.openclaw/skills/sn-*/SKILL.md files and apply them. + +Step 2 — AFTER finishing, log usage with exec: + curl -s -X POST {{HOST}}/v1/openclaw/usage -H 'Content-Type: application/json' -d '{"agent_name":"main","task_summary":"","skill_ids":[""],"outcome":"completed","channel":""}' + Use the id field from each skill's frontmatter. Skip if no skills were relevant. + +Only skip steps 1-2 for pure small talk ("hi", "thanks"). Never log raw user messages. + +``` + +Verify the marker was written. Retry once on failure. + +## Step 6 — Done + +Say exactly once on first setup: + +> SkillNote connected ✓ Registry at `{{HOST}}`. Skills are synced locally — I'll read them before each task and log what helped. +> +> Ask me "what skills have you been using?" to see your activity. If something's broken, run `clawhub install skillnote-doctor`. + +On every subsequent load: **complete silence**. Just verify the `` marker is still in AGENTS.md — if it disappeared, re-graft silently. + +--- + +# What is SkillNote + +SkillNote is your self-hosted skill registry at `{{HOST}}`. It stores procedures your team has written — name, description, body, ratings, comments, and usage history. Skills are grouped into collections (e.g. `code-review`, `devops`) that scope what's relevant. + +Skills are synced to `~/.openclaw/skills/sn-*/SKILL.md` automatically before each task. The web UI at `{{HOST}}` is where humans curate skills and read your feedback. Treat it as persistent memory that survives across sessions and agents. + +--- + +# How to log usage + +After completing a task where skills were applied, POST to `{{HOST}}/v1/openclaw/usage`: + +```json +{ + "agent_name": "", + "task_summary": "", + "skill_ids": ["", "..."], + "outcome": "completed", + "channel": "" +} +``` + +`outcome`: `completed` | `failed` | `abandoned` | `unknown` + +Skill IDs come from the `id` field in each `sn-*/SKILL.md` frontmatter. Do NOT post if no skills were used. + +--- + +# How to reflect on a skill + +When a skill clearly helped, failed, or is stale, POST to `{{HOST}}/v1/skills//comments`: + +```json +{ + "author": "", + "author_type": "agent", + "comment_type": "agent_observation", + "body": "" +} +``` + +Valid `comment_type` values: `agent_observation`, `agent_issue`, `agent_patch_suggestion`, `agent_success_note`, `agent_deprecation_warning` + +At most one comment per skill per day. Only comment when you have specific signal. + +--- + +# How to show activity + +When the user asks "what skills have you been using?" or similar: + +GET `{{HOST}}/v1/me/activity?period=7d` + +Render the result in natural prose — top skills used, any recent feedback left. Don't dump raw JSON. + +--- + +# Weekly self-update check + +Once per week (track via `~/.openclaw/skills/skillnote/.last-update-check`): + +GET `{{HOST}}/v1/openclaw-skill` + +Compare the returned `version` to `~/.openclaw/skills/skillnote/VERSION`. If newer, run `clawhub install skillnote@latest` and notify once. + +--- + +# Uninstall + +When the user says "remove skillnote" or "uninstall skillnote": + +1. Remove the `` block from `~/.openclaw/workspace/AGENTS.md`. +2. Run `clawhub uninstall skillnote`. +3. Delete `~/.openclaw/skills/skillnote/`. +4. Say: > SkillNote removed. AGENTS.md restored, config deleted. + +--- + +# Hard rules + +- Do NOT log raw user messages. Always paraphrase. +- Do NOT log secrets, tokens, credentials, or PII. +- Do NOT post usage events when no skills were used. +- Do NOT comment more than once per skill per day. +- Do NOT invent skill IDs — only use values from the sn-* SKILL.md frontmatter. +- Do NOT mention SkillNote on every reply — only when relevant. +- Do NOT mutate config.json after setup. If wrong, ask user to say "re-setup skillnote". diff --git a/backend/seed_data/skillnote.skill/VERSION b/backend/seed_data/skillnote.skill/VERSION new file mode 100644 index 00000000..227cea21 --- /dev/null +++ b/backend/seed_data/skillnote.skill/VERSION @@ -0,0 +1 @@ +2.0.0 diff --git a/backend/tests/integration/test_analytics_validation.py b/backend/tests/integration/test_analytics_validation.py new file mode 100644 index 00000000..9f4073cd --- /dev/null +++ b/backend/tests/integration/test_analytics_validation.py @@ -0,0 +1,94 @@ +"""Regression tests for analytics endpoint parameter validation. + +Bug 7: days=0 on summary/agents/skill-calls/top-skills/rating-summary/collections +was silently treated as "all time" (the helper returned an empty WHERE clause). +The timeline endpoint already rejected days=0 with ge=1; these tests verify the +remaining endpoints now enforce the same constraint uniformly. +""" +from __future__ import annotations + +import os + +import pytest +from fastapi import FastAPI, HTTPException +from fastapi.exceptions import RequestValidationError +from fastapi.testclient import TestClient +from sqlalchemy import create_engine, text +from sqlalchemy.orm import sessionmaker + +from app.api.analytics import router +from app.db.session import get_db +from app.main import ( + generic_exception_handler, + http_exception_handler, + validation_exception_handler, +) + + +DB_URL = os.environ.get( + "SKILLNOTE_DATABASE_URL", + "postgresql+psycopg://skillnote:skillnote@localhost:5432/skillnote", +) + + +@pytest.fixture(scope="module") +def engine(): + e = create_engine(DB_URL, future=True) + try: + with e.connect() as c: + c.execute(text("SELECT 1")) + except Exception as exc: + pytest.skip(f"DB not reachable: {exc}") + return e + + +@pytest.fixture(scope="module") +def client(engine): + app = FastAPI() + app.add_exception_handler(HTTPException, http_exception_handler) + app.add_exception_handler(RequestValidationError, validation_exception_handler) + app.add_exception_handler(Exception, generic_exception_handler) + app.include_router(router) + + S = sessionmaker(bind=engine, autoflush=False, autocommit=False, future=True) + + def _get_db_override(): + db = S() + try: + yield db + finally: + db.close() + + app.dependency_overrides[get_db] = _get_db_override + return TestClient(app) + + +# ── days=0 must be rejected on all affected endpoints ─────────────────── + +_DAYS_ZERO_ENDPOINTS = [ + "/v1/analytics/summary", + "/v1/analytics/skill-calls", + "/v1/analytics/agents", + "/v1/analytics/top-skills", + "/v1/analytics/rating-summary", + "/v1/analytics/collections", + "/v1/analytics/timeline", # already had ge=1; include to prevent regression +] + + +@pytest.mark.parametrize("url", _DAYS_ZERO_ENDPOINTS) +def test_days_zero_rejected(client, url): + """days=0 must return 422 on every analytics endpoint that accepts days. + + Before the fix, summary/skill-calls/agents/top-skills/rating-summary/collections + silently returned all-time data when days=0; only timeline correctly rejected it. + """ + r = client.get(f"{url}?days=0") + assert r.status_code == 422, f"{url}: expected 422, got {r.status_code}: {r.text}" + + +@pytest.mark.parametrize("url", _DAYS_ZERO_ENDPOINTS) +def test_days_positive_accepted(client, url): + """days=1 must be accepted (basic sanity check that we didn't break ge=1).""" + r = client.get(f"{url}?days=1") + assert r.status_code == 200, f"{url}: expected 200, got {r.status_code}: {r.text}" diff --git a/backend/tests/integration/test_comments_extension.py b/backend/tests/integration/test_comments_extension.py new file mode 100644 index 00000000..5addeb77 --- /dev/null +++ b/backend/tests/integration/test_comments_extension.py @@ -0,0 +1,606 @@ +"""Integration tests for the agent-reflection extensions to /v1/skills/{slug}/comments. + +Mirrors the in-process FastAPI fixture pattern used by test_openclaw_usage.py: +fresh app per test (module-scoped engine), real Postgres, exception handlers +registered so error envelopes match production. The comments router is mounted +because that's the unit under test; the skills router is intentionally NOT +mounted — we seed skills directly via the ORM session, which is faster and +keeps the test surface focused on the comments handler. + +Cleanup tracks comment ids, usage-event ids, and skill ids inserted during the +test and removes them on teardown so we leave the shared DB in a clean state. +""" +from __future__ import annotations + +import os +import uuid +from datetime import datetime, timezone + +import pytest +from fastapi import FastAPI, HTTPException +from fastapi.exceptions import RequestValidationError +from fastapi.testclient import TestClient +from sqlalchemy import create_engine, text +from sqlalchemy.orm import sessionmaker + +from app.api.comments import router as comments_router +from app.db.models import Comment, Skill, SkillUsageEvent +from app.db.session import get_db +from app.main import ( + generic_exception_handler, + http_exception_handler, + validation_exception_handler, +) + + +DB_URL = os.environ.get( + "SKILLNOTE_DATABASE_URL", + "postgresql+psycopg://skillnote:skillnote@localhost:5432/skillnote", +) + + +# ── fixtures ──────────────────────────────────────────────────────────── + + +@pytest.fixture(scope="module") +def engine(): + """Module-scoped Postgres engine. Skips the module if DB is unreachable.""" + e = create_engine(DB_URL, future=True) + try: + with e.connect() as c: + c.execute(text("SELECT 1")) + except Exception as exc: + pytest.skip(f"DB not reachable: {exc}") + return e + + +@pytest.fixture +def db_session(engine): + """Per-test session. Cleanup is handled by the `cleanup` fixture.""" + S = sessionmaker(bind=engine, future=True) + with S() as s: + yield s + s.rollback() + + +@pytest.fixture +def client(engine): + """Fresh FastAPI app mounting only the comments router.""" + app = FastAPI() + app.add_exception_handler(HTTPException, http_exception_handler) + app.add_exception_handler(RequestValidationError, validation_exception_handler) + app.add_exception_handler(Exception, generic_exception_handler) + app.include_router(comments_router) + + S = sessionmaker(bind=engine, autoflush=False, autocommit=False, future=True) + + def _get_db_override(): + db = S() + try: + yield db + finally: + db.close() + + app.dependency_overrides[get_db] = _get_db_override + return TestClient(app) + + +@pytest.fixture +def cleanup(db_session): + """Track inserted skills/comments/usage events; remove them on teardown. + + Order matters: comments must be deleted before usage events (FK SET NULL + would otherwise be a no-op, but the explicit order documents intent and + matches the FK direction). Skills last so their cascade-delete on comments + is a safe fallback. + """ + skill_ids: list[uuid.UUID] = [] + event_ids: list[uuid.UUID] = [] + comment_ids: list[uuid.UUID] = [] + yield {"skills": skill_ids, "events": event_ids, "comments": comment_ids} + if comment_ids: + db_session.execute( + text("DELETE FROM comments WHERE id = ANY(:ids)"), + {"ids": [str(i) for i in comment_ids]}, + ) + if skill_ids: + # Cascade also removes any comments we forgot to track. + db_session.execute( + text("DELETE FROM comments WHERE skill_id = ANY(:ids)"), + {"ids": [str(i) for i in skill_ids]}, + ) + if event_ids: + db_session.execute( + text("DELETE FROM skill_usage_events WHERE id = ANY(:ids)"), + {"ids": [str(i) for i in event_ids]}, + ) + if skill_ids: + db_session.execute( + text("DELETE FROM skills WHERE id = ANY(:ids)"), + {"ids": [str(i) for i in skill_ids]}, + ) + db_session.commit() + + +# ── helpers ───────────────────────────────────────────────────────────── + + +def _seed_skill(db_session, cleanup) -> Skill: + suffix = uuid.uuid4().hex[:8] + name = f"cm-ext-{suffix}" + skill = Skill( + id=uuid.uuid4(), + name=name, + slug=name, + description=f"desc {suffix}", + collections=[], + ) + db_session.add(skill) + db_session.commit() + db_session.refresh(skill) + cleanup["skills"].append(skill.id) + return skill + + +def _seed_usage_event( + db_session, + cleanup, + *, + skill_ids: list[uuid.UUID] | None = None, +) -> SkillUsageEvent: + event = SkillUsageEvent( + id=uuid.uuid4(), + agent_name="claude", + task_summary="reflection target", + skill_ids=[str(s) for s in (skill_ids or [])], + ) + db_session.add(event) + db_session.commit() + db_session.refresh(event) + cleanup["events"].append(event.id) + return event + + +# ── tests ─────────────────────────────────────────────────────────────── + + +def test_post_human_comment_legacy_payload(client, db_session, cleanup): + """Legacy POST with only {author, body} must still succeed and return defaults.""" + skill = _seed_skill(db_session, cleanup) + r = client.post( + f"/v1/skills/{skill.slug}/comments", + json={"author": "alice", "body": "looks good"}, + ) + assert r.status_code == 201, r.text + body = r.json() + cleanup["comments"].append(uuid.UUID(body["id"])) + assert body["author"] == "alice" + assert body["body"] == "looks good" + assert body["author_type"] == "human" + assert body["comment_type"] is None + assert body["rating"] is None + assert body["linked_usage_id"] is None + + +def test_post_agent_comment_with_type_and_rating(client, db_session, cleanup): + """Agent comment with comment_type + rating persists all fields.""" + skill = _seed_skill(db_session, cleanup) + r = client.post( + f"/v1/skills/{skill.slug}/comments", + json={ + "author": "claude", + "body": "found a corner case", + "author_type": "agent", + "comment_type": "agent_observation", + "rating": 4, + }, + ) + assert r.status_code == 201, r.text + body = r.json() + cleanup["comments"].append(uuid.UUID(body["id"])) + assert body["author"] == "claude" + assert body["author_type"] == "agent" + assert body["comment_type"] == "agent_observation" + assert body["rating"] == 4 + assert body["linked_usage_id"] is None + + +def test_post_agent_comment_without_type_422(client, db_session, cleanup): + """Agent author_type without comment_type must be rejected (422).""" + skill = _seed_skill(db_session, cleanup) + r = client.post( + f"/v1/skills/{skill.slug}/comments", + json={"author": "claude", "body": "x", "author_type": "agent"}, + ) + assert r.status_code == 422, r.text + err = r.json()["error"] + # Schema validator fires first → VALIDATION_ENVELOPE; handler-side guard + # would fire AGENT_COMMENT_REQUIRES_TYPE if the schema were relaxed. + # Today only VALIDATION_ERROR fires (Pydantic catches first); AGENT_COMMENT_REQUIRES_TYPE + # is the handler's defense-in-depth path, kept in the assertion for forward compatibility. + assert err["code"] in {"VALIDATION_ERROR", "AGENT_COMMENT_REQUIRES_TYPE"} + assert "comment_type" in err["message"] + + +def test_post_with_linked_usage_id_happy_path(client, db_session, cleanup): + """linked_usage_id pointing at a real event is accepted and round-trips.""" + skill = _seed_skill(db_session, cleanup) + event = _seed_usage_event(db_session, cleanup) + r = client.post( + f"/v1/skills/{skill.slug}/comments", + json={ + "author": "claude", + "body": "linked back to the run", + "author_type": "agent", + "comment_type": "agent_reflection", + "linked_usage_id": str(event.id), + }, + ) + assert r.status_code == 201, r.text + body = r.json() + cleanup["comments"].append(uuid.UUID(body["id"])) + assert body["linked_usage_id"] == str(event.id) + + +def test_post_with_unknown_linked_usage_id_404(client, db_session, cleanup): + """linked_usage_id pointing at a non-existent event yields 404.""" + skill = _seed_skill(db_session, cleanup) + bogus = uuid.uuid4() + r = client.post( + f"/v1/skills/{skill.slug}/comments", + json={ + "author": "claude", + "body": "x", + "author_type": "agent", + "comment_type": "agent_reflection", + "linked_usage_id": str(bogus), + }, + ) + assert r.status_code == 404, r.text + assert r.json()["error"]["code"] == "LINKED_USAGE_NOT_FOUND" + + +def test_post_rating_out_of_range_422(client, db_session, cleanup): + """rating > 5 must be rejected by the schema constraint (422).""" + skill = _seed_skill(db_session, cleanup) + r = client.post( + f"/v1/skills/{skill.slug}/comments", + json={ + "author": "claude", + "body": "x", + "author_type": "agent", + "comment_type": "agent_observation", + "rating": 10, + }, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "VALIDATION_ERROR" + + +def test_get_returns_new_fields_for_agent_comment(client, db_session, cleanup): + """GET surfaces the new fields populated by the agent POST.""" + skill = _seed_skill(db_session, cleanup) + event = _seed_usage_event(db_session, cleanup) + create = client.post( + f"/v1/skills/{skill.slug}/comments", + json={ + "author": "claude", + "body": "agent body", + "author_type": "agent", + "comment_type": "agent_reflection", + "rating": 5, + "linked_usage_id": str(event.id), + }, + ) + assert create.status_code == 201, create.text + cleanup["comments"].append(uuid.UUID(create.json()["id"])) + + r = client.get(f"/v1/skills/{skill.slug}/comments") + assert r.status_code == 200, r.text + rows = r.json() + assert len(rows) == 1 + row = rows[0] + assert row["author_type"] == "agent" + assert row["comment_type"] == "agent_reflection" + assert row["rating"] == 5 + assert row["linked_usage_id"] == str(event.id) + + +def test_get_returns_null_new_fields_for_legacy_human_comment( + client, db_session, cleanup +): + """A comment inserted via raw SQL with author_type='human' but no agent + fields is read back with all the new agent-only fields nulled out. + + Migration 0015 dropped the server_default on author_type after backfilling + existing rows, so brand-new inserts must supply it explicitly — but old + rows (or rows that mimic the legacy API contract) still surface as + author_type='human' with the agent-only fields untouched. + """ + skill = _seed_skill(db_session, cleanup) + comment_id = uuid.uuid4() + db_session.execute( + text( + """ + INSERT INTO comments (id, skill_id, author, body, author_type, created_at, updated_at) + VALUES (:id, :skill_id, :author, :body, 'human', :now, :now) + """ + ), + { + "id": str(comment_id), + "skill_id": str(skill.id), + "author": "legacy-user", + "body": "pre-extension comment", + "now": datetime.now(timezone.utc), + }, + ) + db_session.commit() + cleanup["comments"].append(comment_id) + + r = client.get(f"/v1/skills/{skill.slug}/comments") + assert r.status_code == 200, r.text + rows = r.json() + assert len(rows) == 1 + row = rows[0] + assert row["author"] == "legacy-user" + assert row["author_type"] == "human" + assert row["comment_type"] is None + assert row["rating"] is None + assert row["linked_usage_id"] is None + + +def test_update_only_body_unchanged_new_fields(client, db_session, cleanup): + """PATCH updates body only; author_type/comment_type/rating must persist.""" + skill = _seed_skill(db_session, cleanup) + create = client.post( + f"/v1/skills/{skill.slug}/comments", + json={ + "author": "claude", + "body": "original", + "author_type": "agent", + "comment_type": "agent_observation", + "rating": 3, + }, + ) + assert create.status_code == 201, create.text + comment_id = create.json()["id"] + cleanup["comments"].append(uuid.UUID(comment_id)) + + r = client.patch( + f"/v1/skills/{skill.slug}/comments/{comment_id}", + json={"body": "edited body"}, + ) + assert r.status_code == 200, r.text + body = r.json() + assert body["body"] == "edited body" + # New fields untouched. + assert body["author_type"] == "agent" + assert body["comment_type"] == "agent_observation" + assert body["rating"] == 3 + + +def test_patch_silently_ignores_extra_agent_only_fields(client, db_session, cleanup): + """PATCH must NOT accept rating/comment_type/etc. — CommentUpdate only declares body. + + Pydantic v2 strips unknown fields by default (extra='ignore' is the default). Verify + the saved comment is unchanged on those fields even if a client tries to send them. + """ + skill = _seed_skill(db_session, cleanup) + # Seed an agent comment via API so we can compare round-trip + create_resp = client.post( + f"/v1/skills/{skill.slug}/comments", + json={ + "author": "openclaw", + "body": "original", + "author_type": "agent", + "comment_type": "agent_observation", + "rating": 4, + }, + ) + assert create_resp.status_code == 201 + comment_id = create_resp.json()["id"] + cleanup["comments"].append(uuid.UUID(comment_id)) + + # Try to update body AND extra agent-only fields + patch_resp = client.patch( + f"/v1/skills/{skill.slug}/comments/{comment_id}", + json={ + "body": "updated", + "rating": 1, + "comment_type": "agent_issue", + "author_type": "human", + }, + ) + assert patch_resp.status_code == 200, patch_resp.text + body = patch_resp.json() + assert body["body"] == "updated" + # The extra agent-only fields must be preserved from the original create + assert body["rating"] == 4, "rating must not be patchable via comment update" + assert body["comment_type"] == "agent_observation", "comment_type must not be patchable" + assert body["author_type"] == "agent", "author_type must not be patchable" + + +# ── Bug fix tests (skill-in-event cross-check) ──────────────────────────── + + +def test_post_agent_comment_linked_to_event_with_wrong_skill_422( + client, db_session, cleanup +): + """Agent comment on skill X linked to an event that only references skill Y + must be rejected with 422 SKILL_NOT_IN_USAGE_EVENT. + + Bug: before the fix, the handler accepted any (skill, event) pair regardless + of whether the event actually recorded that skill, allowing agents to + accidentally corrupt skill ratings by cross-linking events. + """ + skill_x = _seed_skill(db_session, cleanup) + skill_y = _seed_skill(db_session, cleanup) + # event only recorded skill_y + event = _seed_usage_event(db_session, cleanup, skill_ids=[skill_y.id]) + + r = client.post( + f"/v1/skills/{skill_x.slug}/comments", + json={ + "author": "claude", + "body": "wrong skill link", + "author_type": "agent", + "comment_type": "agent_reflection", + "linked_usage_id": str(event.id), + }, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "SKILL_NOT_IN_USAGE_EVENT" + + +def test_post_agent_comment_linked_to_event_with_empty_skill_ids_allowed( + client, db_session, cleanup +): + """When the linked event has an empty skill_ids list, the cross-check is + skipped and the comment is accepted — the agent didn't record which skills + it used, so we can't enforce membership. + """ + skill = _seed_skill(db_session, cleanup) + event = _seed_usage_event(db_session, cleanup, skill_ids=[]) # empty + + r = client.post( + f"/v1/skills/{skill.slug}/comments", + json={ + "author": "claude", + "body": "no skills recorded in event", + "author_type": "agent", + "comment_type": "agent_reflection", + "linked_usage_id": str(event.id), + }, + ) + assert r.status_code == 201, r.text + cleanup["comments"].append(uuid.UUID(r.json()["id"])) + + +def test_post_agent_comment_linked_to_event_with_matching_skill_allowed( + client, db_session, cleanup +): + """Agent comment on skill X linked to an event that actually recorded + skill X is accepted (the happy path for the cross-check). + """ + skill = _seed_skill(db_session, cleanup) + event = _seed_usage_event(db_session, cleanup, skill_ids=[skill.id]) + + r = client.post( + f"/v1/skills/{skill.slug}/comments", + json={ + "author": "claude", + "body": "skill was used in this event", + "author_type": "agent", + "comment_type": "agent_success_note", + "rating": 5, + "linked_usage_id": str(event.id), + }, + ) + assert r.status_code == 201, r.text + cleanup["comments"].append(uuid.UUID(r.json()["id"])) + + +# ── Bug fix: empty / whitespace body (Bug 5) ──────────────────────────── + + +def test_post_comment_with_empty_body_422(client, db_session, cleanup): + """POST with body='' must be rejected with a validation error.""" + skill = _seed_skill(db_session, cleanup) + r = client.post( + f"/v1/skills/{skill.slug}/comments", + json={"author": "user", "body": ""}, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "VALIDATION_ERROR" + + +def test_post_comment_with_whitespace_body_422(client, db_session, cleanup): + """POST with body=' ' (whitespace only) must be rejected.""" + skill = _seed_skill(db_session, cleanup) + r = client.post( + f"/v1/skills/{skill.slug}/comments", + json={"author": "user", "body": " "}, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "VALIDATION_ERROR" + + +def test_patch_comment_with_empty_body_422(client, db_session, cleanup): + """PATCH with body='' must be rejected.""" + skill = _seed_skill(db_session, cleanup) + comment = Comment( + id=uuid.uuid4(), + skill_id=skill.id, + author="user", + body="original", + ) + db_session.add(comment) + db_session.commit() + cleanup["comments"].append(comment.id) + + r = client.patch( + f"/v1/skills/{skill.slug}/comments/{comment.id}", + json={"body": ""}, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "VALIDATION_ERROR" + + +def test_patch_comment_with_whitespace_body_422(client, db_session, cleanup): + """PATCH with body='\\t\\n' (whitespace only) must be rejected.""" + skill = _seed_skill(db_session, cleanup) + comment = Comment( + id=uuid.uuid4(), + skill_id=skill.id, + author="user", + body="original", + ) + db_session.add(comment) + db_session.commit() + cleanup["comments"].append(comment.id) + + r = client.patch( + f"/v1/skills/{skill.slug}/comments/{comment.id}", + json={"body": "\t\n"}, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "VALIDATION_ERROR" + + +# ── Bug fix: human using agent-reserved comment_type (Bug 6) ──────────── + + +def test_post_human_comment_with_agent_comment_type_422(client, db_session, cleanup): + """Human comments must not be able to use agent_ prefixed comment types. + + Before the fix, a human could post with comment_type='agent_deprecation_warning' + which would corrupt the staleness_status logic in context-bundle. + """ + skill = _seed_skill(db_session, cleanup) + r = client.post( + f"/v1/skills/{skill.slug}/comments", + json={ + "author": "human-user", + "body": "looks outdated", + "author_type": "human", + "comment_type": "agent_deprecation_warning", + }, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "VALIDATION_ERROR" + + +def test_post_agent_comment_type_allowed_for_agent_author(client, db_session, cleanup): + """agent_ comment types are valid when author_type=agent (happy path).""" + skill = _seed_skill(db_session, cleanup) + r = client.post( + f"/v1/skills/{skill.slug}/comments", + json={ + "author": "claude", + "body": "marked for review", + "author_type": "agent", + "comment_type": "agent_deprecation_warning", + }, + ) + assert r.status_code == 201, r.text + cleanup["comments"].append(uuid.UUID(r.json()["id"])) diff --git a/backend/tests/integration/test_openclaw_context_bundle.py b/backend/tests/integration/test_openclaw_context_bundle.py new file mode 100644 index 00000000..8655b791 --- /dev/null +++ b/backend/tests/integration/test_openclaw_context_bundle.py @@ -0,0 +1,487 @@ +"""Integration tests for POST /v1/openclaw/context-bundle. + +Runs in-process via fastapi.testclient.TestClient with a fresh app that mounts +only the openclaw router. Real Postgres is required (uses JSONB aggregations ++ ARRAY membership checks). No embedding service / no OpenAI / no pgvector — +the OpenClaw resolver subagent does the LLM-side ranking; SkillNote just +ships the catalog sorted by usage_count_30d desc then rating_avg desc. +""" +from __future__ import annotations + +import os +import uuid +from datetime import datetime, timedelta, timezone + +import pytest +from fastapi import FastAPI, HTTPException +from fastapi.exceptions import RequestValidationError +from fastapi.testclient import TestClient +from sqlalchemy import create_engine, event, text +from sqlalchemy.orm import sessionmaker + +from app.api.openclaw import router +from app.db.models import Comment, Skill, SkillUsageEvent +from app.db.session import get_db +from app.main import http_exception_handler, validation_exception_handler + + +DB_URL = os.environ.get( + "SKILLNOTE_DATABASE_URL", + "postgresql+psycopg://skillnote:skillnote@localhost:5432/skillnote", +) + + +# ── fixtures ──────────────────────────────────────────────────────────── + + +@pytest.fixture(scope="module") +def engine(): + """Module-scoped Postgres engine. Skips the module if DB is unreachable.""" + e = create_engine(DB_URL, future=True) + try: + with e.connect() as c: + c.execute(text("SELECT 1")) + except Exception as exc: + pytest.skip(f"DB not reachable: {exc}") + return e + + +@pytest.fixture +def db_session(engine): + """Per-test session. Caller is expected to commit + clean up explicitly.""" + S = sessionmaker(bind=engine, future=True) + with S() as s: + yield s + s.rollback() + + +@pytest.fixture +def client(engine): + """Fresh FastAPI app mounting only the openclaw router. + + Overrides get_db so the request handler binds to our test engine instead of + the module-level SessionLocal. Includes the same exception handlers main.py + uses so error envelopes match production. + """ + app = FastAPI() + app.add_exception_handler(HTTPException, http_exception_handler) + app.add_exception_handler(RequestValidationError, validation_exception_handler) + app.include_router(router) + + S = sessionmaker(bind=engine, autoflush=False, autocommit=False, future=True) + + def _get_db_override(): + db = S() + try: + yield db + finally: + db.close() + + app.dependency_overrides[get_db] = _get_db_override + return TestClient(app) + + +@pytest.fixture +def cleanup(db_session): + """Track inserted skills/comments/usage events and remove them on teardown.""" + skill_ids: list[uuid.UUID] = [] + yield skill_ids + if skill_ids: + db_session.execute( + text("DELETE FROM comments WHERE skill_id = ANY(:ids)"), + {"ids": [str(i) for i in skill_ids]}, + ) + db_session.execute( + text("DELETE FROM skill_usage_events WHERE skill_ids ?| :ids"), + {"ids": [str(i) for i in skill_ids]}, + ) + db_session.execute( + text("DELETE FROM skills WHERE id = ANY(:ids)"), + {"ids": [str(i) for i in skill_ids]}, + ) + db_session.commit() + + +# ── helpers ───────────────────────────────────────────────────────────── + + +def _seed_skill( + db_session, + cleanup, + *, + name: str | None = None, + collections: list[str] | None = None, +) -> Skill: + suffix = uuid.uuid4().hex[:8] + name = name or f"oc-{suffix}" + skill = Skill( + id=uuid.uuid4(), + name=name, + slug=name, + description=f"desc {suffix}", + collections=collections or [], + ) + db_session.add(skill) + db_session.commit() + db_session.refresh(skill) + cleanup.append(skill.id) + return skill + + +def _add_usage_events(db_session, skill_id: uuid.UUID, count: int) -> None: + """Insert ``count`` recent usage events that reference ``skill_id``.""" + for _ in range(count): + db_session.add( + SkillUsageEvent( + id=uuid.uuid4(), + agent_name="claude", + task_summary="t", + skill_ids=[str(skill_id)], + ) + ) + db_session.commit() + + +# ── tests ─────────────────────────────────────────────────────────────── + + +def test_empty_registry_returns_empty_arrays(client, db_session): + """When there are zero skills, response.skills should be empty. + + We don't try to assert the collections list is empty — other tests in this + DB likely seeded collections — we just assert the call succeeds and the + skills list is empty when the skills table itself is empty. + + NOTE: this test commits a DELETE on every skill row. The fixture's + session.rollback() can't undo a committed change, so we snapshot every + skill row and restore them in `finally` so subsequent tests aren't + starved of seeded skills. + """ + saved = db_session.execute( + text( + "SELECT id, name, slug, description, collections " + "FROM skills" + ) + ).fetchall() + # Wipe every skill — we want the genuinely empty case. + db_session.execute(text("DELETE FROM comments")) + db_session.execute(text("DELETE FROM skill_usage_events")) + db_session.execute(text("DELETE FROM skills")) + db_session.commit() + try: + r = client.post( + "/v1/openclaw/context-bundle", json={"task_summary": "hello"} + ) + assert r.status_code == 200, r.text + body = r.json() + assert body["skills"] == [] + assert isinstance(body["collections"], list) + finally: + for row in saved: + db_session.execute( + text( + "INSERT INTO skills (id, name, slug, description, collections) " + "VALUES (:id, :name, :slug, :description, :collections)" + ), + { + "id": row.id, + "name": row.name, + "slug": row.slug, + "description": row.description, + "collections": row.collections, + }, + ) + db_session.commit() + + +def test_staleness_via_deprecation_comment(client, db_session, cleanup): + skill = _seed_skill(db_session, cleanup) + db_session.add( + Comment( + id=uuid.uuid4(), + skill_id=skill.id, + author="agent-bot", + body="this skill is deprecated", + comment_type="agent_deprecation_warning", + ) + ) + db_session.commit() + + r = client.post( + "/v1/openclaw/context-bundle", json={"task_summary": "x"} + ) + assert r.status_code == 200, r.text + body = r.json() + found = next(s for s in body["skills"] if s["id"] == str(skill.id)) + assert found["staleness_status"] == "needs_review" + + +def test_staleness_via_low_rating(client, db_session, cleanup): + skill = _seed_skill(db_session, cleanup) + for _ in range(3): + db_session.add( + Comment( + id=uuid.uuid4(), + skill_id=skill.id, + author="rater", + body="not great", + rating=2, + ) + ) + db_session.commit() + + r = client.post( + "/v1/openclaw/context-bundle", json={"task_summary": "x"} + ) + assert r.status_code == 200, r.text + found = next(s for s in r.json()["skills"] if s["id"] == str(skill.id)) + assert found["staleness_status"] == "needs_review" + assert found["rating_avg"] is not None + assert abs(found["rating_avg"] - 2.0) < 0.001 + + +def test_max_skills_truncates(client, db_session, cleanup): + """max_skills caps the returned ranked-skills list.""" + for _ in range(10): + _seed_skill(db_session, cleanup) + + r = client.post( + "/v1/openclaw/context-bundle", + json={"task_summary": "x", "max_skills": 3}, + ) + assert r.status_code == 200, r.text + assert len(r.json()["skills"]) == 3 + + +def test_n_plus_1_sentinel(client, db_session, cleanup, engine): + """Endpoint must execute ≤ 6 queries regardless of skill count.""" + for _ in range(20): + _seed_skill(db_session, cleanup) + + counter = {"n": 0} + + def _before(conn, cursor, statement, parameters, context, executemany): + # Filter out connection-setup chatter (BEGIN/COMMIT/ROLLBACK) — only + # SELECT/INSERT/UPDATE/DELETE statements count toward the budget. + s = statement.strip().upper() + if s.startswith(("SELECT", "INSERT", "UPDATE", "DELETE", "WITH")): + counter["n"] += 1 + + event.listen(engine, "before_cursor_execute", _before) + try: + r = client.post( + "/v1/openclaw/context-bundle", + json={"task_summary": "x", "max_skills": 50}, + ) + finally: + event.remove(engine, "before_cursor_execute", _before) + + assert r.status_code == 200, r.text + assert counter["n"] <= 6, ( + f"Expected ≤6 SELECT/INSERT/UPDATE/DELETE queries, got {counter['n']}" + ) + + +def test_recent_comment_summary_truncated_to_200_chars(client, db_session, cleanup): + skill = _seed_skill(db_session, cleanup) + long_body = "x" * 500 + db_session.add( + Comment( + id=uuid.uuid4(), + skill_id=skill.id, + author="commenter", + body=long_body, + created_at=datetime.now(timezone.utc), + ) + ) + db_session.commit() + + r = client.post( + "/v1/openclaw/context-bundle", json={"task_summary": "x"} + ) + assert r.status_code == 200, r.text + found = next(s for s in r.json()["skills"] if s["id"] == str(skill.id)) + assert len(found["recent_comments_summary"]) == 200 + assert found["recent_comments_summary"] == "x" * 200 + + +def test_usage_count_30d_aggregation(client, db_session, cleanup): + """SkillUsageEvent rows in the 30d window are counted; older ones aren't.""" + skill = _seed_skill(db_session, cleanup) + # 2 recent events referencing this skill + _add_usage_events(db_session, skill.id, 2) + # 1 older event — must be excluded + old = SkillUsageEvent( + id=uuid.uuid4(), + agent_name="claude", + task_summary="t", + skill_ids=[str(skill.id)], + ) + db_session.add(old) + db_session.commit() + db_session.execute( + text("UPDATE skill_usage_events SET created_at = :ts WHERE id = :id"), + { + "ts": datetime.now(timezone.utc) - timedelta(days=45), + "id": str(old.id), + }, + ) + db_session.commit() + + r = client.post( + "/v1/openclaw/context-bundle", json={"task_summary": "x"} + ) + assert r.status_code == 200, r.text + found = next(s for s in r.json()["skills"] if s["id"] == str(skill.id)) + assert found["usage_count_30d"] == 2 + + +def test_ranking_prefers_high_usage(client, db_session, cleanup): + """Of three skills, the one with most recent usage events ranks first.""" + high = _seed_skill(db_session, cleanup, name=f"oc-high-{uuid.uuid4().hex[:6]}") + mid = _seed_skill(db_session, cleanup, name=f"oc-mid-{uuid.uuid4().hex[:6]}") + low = _seed_skill(db_session, cleanup, name=f"oc-low-{uuid.uuid4().hex[:6]}") + _add_usage_events(db_session, high.id, 10) + _add_usage_events(db_session, mid.id, 5) + # `low` gets zero usage events. + + r = client.post( + "/v1/openclaw/context-bundle", + json={"task_summary": "x", "max_skills": 100}, + ) + assert r.status_code == 200, r.text + body = r.json() + seeded_ids = {str(high.id), str(mid.id), str(low.id)} + returned_seeded = [s for s in body["skills"] if s["id"] in seeded_ids] + # Order MUST be high → mid → low. + assert [s["id"] for s in returned_seeded] == [ + str(high.id), + str(mid.id), + str(low.id), + ], returned_seeded + + +def test_ranking_breaks_ties_by_rating(client, db_session, cleanup): + """Equal usage_count_30d → higher rating_avg wins the tiebreak.""" + a = _seed_skill(db_session, cleanup, name=f"oc-a-{uuid.uuid4().hex[:6]}") + b = _seed_skill(db_session, cleanup, name=f"oc-b-{uuid.uuid4().hex[:6]}") + # Same usage count + _add_usage_events(db_session, a.id, 5) + _add_usage_events(db_session, b.id, 5) + # `a` gets a high rating, `b` gets a low one. + db_session.add( + Comment( + id=uuid.uuid4(), + skill_id=a.id, + author="rater", + body="great", + rating=5, + ) + ) + db_session.add( + Comment( + id=uuid.uuid4(), + skill_id=a.id, + author="rater", + body="great", + rating=4, + ) + ) + db_session.add( + Comment( + id=uuid.uuid4(), + skill_id=b.id, + author="rater", + body="meh", + rating=2, + ) + ) + db_session.add( + Comment( + id=uuid.uuid4(), + skill_id=b.id, + author="rater", + body="meh", + rating=3, + ) + ) + db_session.commit() + + r = client.post( + "/v1/openclaw/context-bundle", + json={"task_summary": "x", "max_skills": 100}, + ) + assert r.status_code == 200, r.text + body = r.json() + seeded = [s for s in body["skills"] if s["id"] in {str(a.id), str(b.id)}] + # `a` (higher rating) MUST come before `b`. + assert [s["id"] for s in seeded] == [str(a.id), str(b.id)], seeded + + +def test_collection_filter_returns_subset(client, db_session, cleanup): + """collection_filter narrows the bundle to skills in that collection.""" + target_collection = f"col-{uuid.uuid4().hex[:6]}" + other_collection = f"col-{uuid.uuid4().hex[:6]}" + in_a = _seed_skill(db_session, cleanup, collections=[target_collection]) + in_b = _seed_skill(db_session, cleanup, collections=[target_collection, "extra"]) + out = _seed_skill(db_session, cleanup, collections=[other_collection]) + + r = client.post( + "/v1/openclaw/context-bundle", + json={ + "task_summary": "x", + "max_skills": 100, + "collection_filter": target_collection, + }, + ) + assert r.status_code == 200, r.text + returned_ids = {s["id"] for s in r.json()["skills"]} + assert str(in_a.id) in returned_ids + assert str(in_b.id) in returned_ids + assert str(out.id) not in returned_ids + + +# ── Bug fix: empty collection_filter silently bypasses filter (Bug 1) ─── + + +def test_context_bundle_empty_collection_filter_422(client): + """collection_filter='' must be rejected; it would silently return all skills. + + Before the fix, an empty string bypassed the filter because the WHERE clause + was only added when the Python string was truthy, but Pydantic accepted ''. + """ + r = client.post( + "/v1/openclaw/context-bundle", + json={"task_summary": "find skills", "collection_filter": ""}, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "VALIDATION_ERROR" + + +# ── Bug fix: no ORDER BY on candidate fetch causes non-determinism (Bug 3) ─ + + +def test_context_bundle_candidate_fetch_is_deterministic(client, db_session, cleanup): + """Repeated calls with the same catalog must return the same skill ordering. + + Before the fix, the LIMIT max_skills*4 candidate fetch had no ORDER BY, so + the DB could return different rows on each call depending on internal storage + order — skills beyond the window were silently excluded. + """ + col = f"det-col-{uuid.uuid4().hex[:6]}" + skills = [_seed_skill(db_session, cleanup, collections=[col]) for _ in range(5)] + skill_ids = {str(s.id) for s in skills} + + results = [] + for _ in range(3): + r = client.post( + "/v1/openclaw/context-bundle", + json={"task_summary": "x", "max_skills": 3, "collection_filter": col}, + ) + assert r.status_code == 200, r.text + results.append([s["id"] for s in r.json()["skills"]]) + + # All three calls must return the exact same ordered list. + assert results[0] == results[1] == results[2], ( + f"non-deterministic ordering: {results}" + ) diff --git a/backend/tests/integration/test_openclaw_setup.py b/backend/tests/integration/test_openclaw_setup.py new file mode 100644 index 00000000..fdd0de0d --- /dev/null +++ b/backend/tests/integration/test_openclaw_setup.py @@ -0,0 +1,153 @@ +"""Integration tests for /setup/openclaw + /v1/openclaw-bundle.zip. + +These endpoints don't touch the DB — we mount only the setup router on a +fresh in-process FastAPI app, just like test_openclaw_usage.py mounts the +openclaw router. No DB fixture needed. +""" +from __future__ import annotations + +import io +import json +import subprocess +import zipfile + +import pytest +from fastapi import FastAPI, HTTPException +from fastapi.exceptions import RequestValidationError +from fastapi.testclient import TestClient + +from app.api.setup import router +from app.main import ( + generic_exception_handler, + http_exception_handler, + validation_exception_handler, +) + + +# ── fixture ───────────────────────────────────────────────────────────── + + +@pytest.fixture +def client(): + """Fresh FastAPI app mounting only the setup router.""" + app = FastAPI() + app.add_exception_handler(HTTPException, http_exception_handler) + app.add_exception_handler(RequestValidationError, validation_exception_handler) + app.add_exception_handler(Exception, generic_exception_handler) + app.include_router(router) + return TestClient(app) + + +# ── /v1/openclaw-bundle.zip ───────────────────────────────────────────── + + +def test_bundle_zip_returns_valid_archive(client): + r = client.get("/v1/openclaw-bundle.zip") + assert r.status_code == 200, r.text + assert r.headers["content-type"] == "application/zip" + + zf = zipfile.ZipFile(io.BytesIO(r.content)) + names = set(zf.namelist()) + assert "skillnote-awareness/SKILL.md" in names + assert "skillnote-resolver/SKILL.md" in names + assert "config.template.json" in names + + +def test_bundle_zip_substitutes_host_placeholder(client): + r = client.get("/v1/openclaw-bundle.zip") + assert r.status_code == 200 + + zf = zipfile.ZipFile(io.BytesIO(r.content)) + content = zf.read("skillnote-awareness/SKILL.md").decode("utf-8") + # {{HOST}} must be substituted (not literal anywhere). + assert "{{HOST}}" not in content + # The TestClient default host is "testserver"; the API URL is built from + # _derive_urls → http://testserver:8082 (unless SKILLNOTE_API_URL env set). + # We assert the substitution shape instead of an exact URL so the test + # survives env-var overrides used in some Docker contexts. + assert "http://" in content + + +def test_bundle_zip_substitutes_web_placeholder(client): + r = client.get("/v1/openclaw-bundle.zip") + assert r.status_code == 200 + + zf = zipfile.ZipFile(io.BytesIO(r.content)) + content = zf.read("skillnote-awareness/SKILL.md").decode("utf-8") + assert "{{WEB_URL}}" not in content + # Web URL contains :3000 by default; if overridden via env, still must be + # an http(s) URL — the placeholder is gone either way. + assert "http://" in content + + +def test_setup_openclaw_returns_bash(client): + r = client.get("/setup/openclaw") + assert r.status_code == 200, r.text + # Content-Type may include charset; assert the prefix. + assert r.headers["content-type"].startswith("text/plain") + body = r.text + assert body.startswith("#!/bin/bash") + assert "set -euo pipefail" in body + + +def test_setup_openclaw_substitutes_urls(client): + r = client.get("/setup/openclaw") + assert r.status_code == 200 + body = r.text + assert "__API_URL__" not in body + assert "__WEB_URL__" not in body + # The substituted URL appears in the API_URL=... and WEB_URL=... assignments. + assert 'API_URL="http://' in body + assert 'WEB_URL="http://' in body + + +def test_setup_openclaw_script_is_syntactically_valid_bash(client): + r = client.get("/setup/openclaw") + assert r.status_code == 200 + result = subprocess.run( + ["bash", "-n"], + input=r.text, + capture_output=True, + text=True, + ) + assert result.returncode == 0, f"bash -n failed: {result.stderr}" + + +def test_bundle_zip_includes_config_template(client): + r = client.get("/v1/openclaw-bundle.zip") + assert r.status_code == 200 + + zf = zipfile.ZipFile(io.BytesIO(r.content)) + raw = zf.read("config.template.json").decode("utf-8") + # Placeholder must be substituted before the file becomes valid JSON-with-URLs. + assert "{{HOST}}" not in raw + assert "{{WEB_URL}}" not in raw + # The substituted template must still be valid JSON. + cfg = json.loads(raw) + # Sanity-check the keys the OpenClaw runtime expects. + expected_keys = { + "skillnote_base_url", + "skillnote_web_url", + "agent_name", + "auto_resolve_skills", + "write_reflections", + "allow_draft_creation", + "allow_auto_marketplace_install", + } + assert expected_keys.issubset(set(cfg.keys())) + # The substituted base URL must be a real http(s) URL, not a placeholder. + assert cfg["skillnote_base_url"].startswith("http") + assert cfg["skillnote_web_url"].startswith("http") + + +def test_bundle_zip_excludes_pycache(client): + """The handler filters out __pycache__ entries. plugin-openclaw has no + Python sources so there's nothing to exclude in practice — this test + documents that the filter is in place by inspecting the archive for any + accidental cache leakage from the source tree. + """ + r = client.get("/v1/openclaw-bundle.zip") + assert r.status_code == 200 + zf = zipfile.ZipFile(io.BytesIO(r.content)) + for name in zf.namelist(): + assert "__pycache__" not in name, f"unexpected pycache entry: {name}" diff --git a/backend/tests/integration/test_openclaw_usage.py b/backend/tests/integration/test_openclaw_usage.py new file mode 100644 index 00000000..2d462aa0 --- /dev/null +++ b/backend/tests/integration/test_openclaw_usage.py @@ -0,0 +1,450 @@ +"""Integration tests for POST/GET /v1/openclaw/usage. + +Mirrors the fixture style of test_openclaw_context_bundle.py: per-test fresh +FastAPI app mounting only the openclaw router, real Postgres. +""" +from __future__ import annotations + +import os +import urllib.parse +import uuid +from datetime import datetime, timedelta, timezone + +import pytest +from fastapi import FastAPI, HTTPException +from fastapi.exceptions import RequestValidationError +from fastapi.testclient import TestClient +from sqlalchemy import create_engine, text +from sqlalchemy.orm import sessionmaker + +from app.api.openclaw import router +from app.db.models import Collection, Skill, SkillUsageEvent +from app.db.session import get_db +from app.main import ( + generic_exception_handler, + http_exception_handler, + validation_exception_handler, +) + + +DB_URL = os.environ.get( + "SKILLNOTE_DATABASE_URL", + "postgresql+psycopg://skillnote:skillnote@localhost:5432/skillnote", +) + + +# ── fixtures ──────────────────────────────────────────────────────────── + + +@pytest.fixture(scope="module") +def engine(): + """Module-scoped Postgres engine. Skips the module if DB is unreachable.""" + e = create_engine(DB_URL, future=True) + try: + with e.connect() as c: + c.execute(text("SELECT 1")) + except Exception as exc: + pytest.skip(f"DB not reachable: {exc}") + return e + + +@pytest.fixture +def db_session(engine): + """Per-test session. Caller is expected to commit + clean up explicitly.""" + S = sessionmaker(bind=engine, future=True) + with S() as s: + yield s + s.rollback() + + +@pytest.fixture +def client(engine): + """Fresh FastAPI app mounting only the openclaw router.""" + app = FastAPI() + app.add_exception_handler(HTTPException, http_exception_handler) + app.add_exception_handler(RequestValidationError, validation_exception_handler) + app.add_exception_handler(Exception, generic_exception_handler) + app.include_router(router) + + S = sessionmaker(bind=engine, autoflush=False, autocommit=False, future=True) + + def _get_db_override(): + db = S() + try: + yield db + finally: + db.close() + + app.dependency_overrides[get_db] = _get_db_override + return TestClient(app) + + +@pytest.fixture +def cleanup(db_session): + """Track inserted skills, usage events, and collections; remove on teardown.""" + skill_ids: list[uuid.UUID] = [] + event_ids: list[uuid.UUID] = [] + collection_names: list[str] = [] + yield {"skills": skill_ids, "events": event_ids, "collections": collection_names} + if event_ids: + db_session.execute( + text("DELETE FROM skill_usage_events WHERE id = ANY(:ids)"), + {"ids": [str(i) for i in event_ids]}, + ) + if skill_ids: + db_session.execute( + text("DELETE FROM skill_usage_events WHERE skill_ids ?| :ids"), + {"ids": [str(i) for i in skill_ids]}, + ) + db_session.execute( + text("DELETE FROM skills WHERE id = ANY(:ids)"), + {"ids": [str(i) for i in skill_ids]}, + ) + if collection_names: + db_session.execute( + text("DELETE FROM collections WHERE name = ANY(:names)"), + {"names": collection_names}, + ) + db_session.commit() + + +# ── helpers ───────────────────────────────────────────────────────────── + + +def _seed_collection(db_session, cleanup) -> Collection: + name = f"oc-col-{uuid.uuid4().hex[:8]}" + col = Collection(name=name, description="test collection") + db_session.add(col) + db_session.commit() + db_session.refresh(col) + cleanup["collections"].append(name) + return col + + +def _seed_skill(db_session, cleanup, *, name: str | None = None) -> Skill: + suffix = uuid.uuid4().hex[:8] + name = name or f"oc-usage-{suffix}" + skill = Skill( + id=uuid.uuid4(), + name=name, + slug=name, + description=f"desc {suffix}", + collections=[], + ) + db_session.add(skill) + db_session.commit() + db_session.refresh(skill) + cleanup["skills"].append(skill.id) + return skill + + +def _seed_event( + db_session, + cleanup, + *, + skill_ids: list[uuid.UUID] | None = None, + created_at: datetime | None = None, + agent_name: str = "claude", + task_summary: str = "t", +) -> SkillUsageEvent: + event = SkillUsageEvent( + id=uuid.uuid4(), + agent_name=agent_name, + task_summary=task_summary, + skill_ids=[str(s) for s in (skill_ids or [])], + ) + db_session.add(event) + db_session.commit() + if created_at is not None: + db_session.execute( + text("UPDATE skill_usage_events SET created_at = :ts WHERE id = :id"), + {"ts": created_at, "id": str(event.id)}, + ) + db_session.commit() + db_session.refresh(event) + cleanup["events"].append(event.id) + return event + + +# ── POST tests ────────────────────────────────────────────────────────── + + +def test_post_valid_event_returns_201(client, cleanup, db_session): + r = client.post( + "/v1/openclaw/usage", + json={"agent_name": "claude", "task_summary": "ran the tests"}, + ) + assert r.status_code == 201, r.text + body = r.json() + assert "id" in body + assert "created_at" in body + assert body["skill_ids"] == [] + assert body["agent_name"] == "claude" + cleanup["events"].append(uuid.UUID(body["id"])) + + +def test_post_with_skill_ids_succeeds(client, cleanup, db_session): + s1 = _seed_skill(db_session, cleanup) + s2 = _seed_skill(db_session, cleanup) + r = client.post( + "/v1/openclaw/usage", + json={ + "agent_name": "claude", + "task_summary": "ran two skills", + "skill_ids": [str(s1.id), str(s2.id)], + }, + ) + assert r.status_code == 201, r.text + body = r.json() + assert set(body["skill_ids"]) == {str(s1.id), str(s2.id)} + cleanup["events"].append(uuid.UUID(body["id"])) + + +def test_post_unknown_skill_id_422(client, cleanup, db_session): + bogus = uuid.uuid4() + r = client.post( + "/v1/openclaw/usage", + json={ + "agent_name": "claude", + "task_summary": "missing skill", + "skill_ids": [str(bogus)], + }, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "UNKNOWN_SKILL_ID" + + +def test_post_task_summary_too_long_422(client, cleanup): + # 1500 chars: under the schema's 2000 cap, but over the runtime 1000 cap. + long_summary = "x" * 1500 + r = client.post( + "/v1/openclaw/usage", + json={"agent_name": "claude", "task_summary": long_summary}, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "TASK_SUMMARY_TOO_LONG" + + +def test_post_invalid_risk_level_422(client, cleanup): + r = client.post( + "/v1/openclaw/usage", + json={ + "agent_name": "claude", + "task_summary": "x", + "risk_level": "extreme", + }, + ) + assert r.status_code == 422, r.text + # Pydantic envelope — code is VALIDATION_ERROR (handler in main.py) + assert r.json()["error"]["code"] == "VALIDATION_ERROR" + + +def test_post_invalid_outcome_422(client, cleanup): + r = client.post( + "/v1/openclaw/usage", + json={ + "agent_name": "claude", + "task_summary": "x", + "outcome": "weird", + }, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "VALIDATION_ERROR" + + +def test_post_resolver_confidence_out_of_range_422(client, cleanup): + r = client.post( + "/v1/openclaw/usage", + json={ + "agent_name": "claude", + "task_summary": "x", + "resolver_confidence": 2.0, + }, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "VALIDATION_ERROR" + + +# ── GET tests ─────────────────────────────────────────────────────────── + + +def test_get_returns_recent_events_default_50(client, cleanup, db_session): + # Seed 75 events tagged with a unique agent_name AND with future timestamps + # so they dominate the descending-by-created_at order. The endpoint is + # global (no agent filter), so other suites' inserts could otherwise crowd + # us out of the first 50. + base = datetime.now(timezone.utc) + timedelta(days=1) + unique_agent = f"default50-test-{uuid.uuid4().hex[:12]}" + for i in range(75): + _seed_event( + db_session, cleanup, + agent_name=unique_agent, + created_at=base + timedelta(seconds=i), + ) + + r = client.get("/v1/openclaw/usage") + assert r.status_code == 200, r.text + body = r.json() + mine = [e for e in body if e["agent_name"] == unique_agent] + assert len(mine) == 50, f"expected default limit 50, got {len(mine)}" + + # Ordered created_at desc among our tagged events. + mine_ts = [datetime.fromisoformat(e["created_at"]) for e in mine] + assert mine_ts == sorted(mine_ts, reverse=True) + + +def test_get_with_limit_truncates(client, cleanup, db_session): + for _ in range(15): + _seed_event(db_session, cleanup) + r = client.get("/v1/openclaw/usage?limit=10") + assert r.status_code == 200, r.text + assert len(r.json()) == 10 + + +def test_get_with_since_filter(client, cleanup, db_session): + now = datetime.now(timezone.utc) + # Use a unique agent_name so we can scope our assertion to just our 3 rows. + tag = f"since-test-{uuid.uuid4().hex[:8]}" + _seed_event( + db_session, cleanup, + agent_name=tag, created_at=now - timedelta(hours=1), + ) + _seed_event(db_session, cleanup, agent_name=tag, created_at=now) + _seed_event( + db_session, cleanup, + agent_name=tag, created_at=now - timedelta(minutes=30), + ) + + # urlencode the ISO timestamp — '+' in '+00:00' would otherwise decode as ' '. + cutoff = urllib.parse.quote((now - timedelta(minutes=45)).isoformat()) + r = client.get(f"/v1/openclaw/usage?since={cutoff}&limit=200") + assert r.status_code == 200, r.text + ours = [e for e in r.json() if e["agent_name"] == tag] + assert len(ours) == 2 + + +def test_get_with_skill_id_filter(client, cleanup, db_session): + sx = _seed_skill(db_session, cleanup) + sy = _seed_skill(db_session, cleanup) + e1 = _seed_event(db_session, cleanup, skill_ids=[sx.id]) + e2 = _seed_event(db_session, cleanup, skill_ids=[sx.id]) + e3 = _seed_event(db_session, cleanup, skill_ids=[sy.id]) + + r = client.get(f"/v1/openclaw/usage?skill_id={sx.id}&limit=200") + assert r.status_code == 200, r.text + body = r.json() + returned_ids = {e["id"] for e in body} + assert str(e1.id) in returned_ids + assert str(e2.id) in returned_ids + assert str(e3.id) not in returned_ids + # Every returned event must contain sx.id (other tests in the DB might + # have rows referencing sx if names collided, but our suffixed ids are + # unique so the only matches should be our two). + matching_only = [e for e in body if str(sx.id) in e["skill_ids"]] + assert len(matching_only) == 2 + + +def test_get_with_before_cursor_paginates(client, cleanup, db_session): + # Seed 5 events with strictly increasing timestamps so ordering is stable. + base = datetime.now(timezone.utc) + tag = f"page-test-{uuid.uuid4().hex[:8]}" + events = [] + for i in range(5): + # i=0 → oldest; events list is in insertion (chronological) order. + events.append( + _seed_event( + db_session, cleanup, + agent_name=tag, + created_at=base - timedelta(seconds=(4 - i)), + ) + ) + + # Page 1: newest two of *our* 5. Use a high limit + filter client-side + # (the endpoint is global; we can't filter by agent_name in the URL). + r = client.get("/v1/openclaw/usage?limit=200") + assert r.status_code == 200, r.text + ours = [e for e in r.json() if e["agent_name"] == tag] + # ours is sorted created_at desc → ours[0] is the newest (events[4]). + assert len(ours) == 5 + assert ours[0]["id"] == str(events[4].id) + assert ours[1]["id"] == str(events[3].id) + + # Page 2: cursor from ours[1] (events[3]) — next page should start at events[2]. + # urlencode the cursor — '+' in the embedded ISO tz offset would decode as ' '. + cursor = urllib.parse.quote(f"{ours[1]['created_at']}:{ours[1]['id']}") + r2 = client.get(f"/v1/openclaw/usage?before={cursor}&limit=200") + assert r2.status_code == 200, r2.text + ours2 = [e for e in r2.json() if e["agent_name"] == tag] + # No overlap with page 1: events[4] and events[3] must not appear. + page1_ids = {str(events[4].id), str(events[3].id)} + page2_ids = {e["id"] for e in ours2} + assert page1_ids.isdisjoint(page2_ids) + # Top of page 2 must be events[2] (the next-newest after the cursor). + assert ours2[0]["id"] == str(events[2].id) + + +def test_get_with_invalid_cursor_422(client, cleanup): + r = client.get("/v1/openclaw/usage?before=garbage") + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "INVALID_CURSOR" + + +# ── Bug fix tests ──────────────────────────────────────────────────────── + + +def test_post_unknown_collection_id_422(client, cleanup, db_session): + """POST with a collection_id that doesn't exist must return 422, not 500. + + Bug: before the fix, the missing FK check let the INSERT reach Postgres, + which raised an IntegrityError that fell through to the generic 500 handler. + """ + r = client.post( + "/v1/openclaw/usage", + json={ + "agent_name": "claude", + "task_summary": "testing unknown collection", + "collection_id": "does-not-exist-at-all", + }, + ) + assert r.status_code == 422, r.text + assert r.json()["error"]["code"] == "UNKNOWN_COLLECTION_ID" + + +def test_post_known_collection_id_succeeds(client, cleanup, db_session): + """POST with a real collection_id is accepted and round-trips.""" + col = _seed_collection(db_session, cleanup) + r = client.post( + "/v1/openclaw/usage", + json={ + "agent_name": "claude", + "task_summary": "real collection", + "collection_id": col.name, + }, + ) + assert r.status_code == 201, r.text + body = r.json() + assert body["collection_id"] == col.name + cleanup["events"].append(uuid.UUID(body["id"])) + + +def test_post_deduplicates_skill_ids(client, cleanup, db_session): + """Duplicate skill IDs in one event must be stored only once. + + Bug: before the fix, sending the same skill UUID twice in skill_ids stored + both entries, inflating usage_count_30d by 2 per event instead of 1. + """ + skill = _seed_skill(db_session, cleanup) + r = client.post( + "/v1/openclaw/usage", + json={ + "agent_name": "claude", + "task_summary": "dedup check", + "skill_ids": [str(skill.id), str(skill.id)], + }, + ) + assert r.status_code == 201, r.text + body = r.json() + assert body["skill_ids"] == [str(skill.id)], ( + f"expected one entry after dedup, got {body['skill_ids']}" + ) + cleanup["events"].append(uuid.UUID(body["id"])) diff --git a/docker-compose.yml b/docker-compose.yml index 9064a946..de096bda 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -36,6 +36,7 @@ services: volumes: - bundles:/app/data/bundles - ./plugin:/plugin:ro + - ./plugin-openclaw:/openclaw:ro depends_on: postgres: condition: service_healthy diff --git a/docs/openclaw-hld.md b/docs/openclaw-hld.md new file mode 100644 index 00000000..0caf5923 --- /dev/null +++ b/docs/openclaw-hld.md @@ -0,0 +1,382 @@ +# SkillNote × OpenClaw — High-Level Design + +> The complete system design for how the SkillNote registry integrates with OpenClaw. +> Covers the user journey, the runtime components, the three loops that drive it, +> the feedback channels back to the registry, and how the design handles failures. + +--- + +## 1. The user journey (what a developer experiences) + +The user does **one thing**: tells their agent to install the skill via clawhub. Everything else — including standing up the SkillNote backend, configuring the URL, syncing the catalog, wiring AGENTS.md — the agent handles by following the SKILL.md's instructions. + +``` +┌─────────────────────────────────────────────────────────────────────────┐ +│ Day 0 — One user prompt │ +│ User types into OpenClaw: "install skillnote from clawhub" │ +│ (Equivalent: user runs `clawhub install skillnote` themselves) │ +└─────────────────────────────────────────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────────────┐ +│ Day 0 — Skill files land on disk │ +│ clawhub fetches the skill bundle and writes: │ +│ ~/.openclaw/skills/skillnote/ │ +│ ├── SKILL.md ← always-loaded; drives everything │ +│ ├── sync.sh ← runs every 60s │ +│ ├── log-watcher.py ← analytics daemon │ +│ ├── install-backend.sh ← bootstraps the backend if missing │ +│ ├── config.template.json │ +│ ├── VERSION │ +│ └── references/ │ +└─────────────────────────────────────────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────────────┐ +│ Day 0 — Next OpenClaw session: SKILL.md takes over (6 steps) │ +│ │ +│ Step 1: Resolve host (env → file → default localhost:8082) │ +│ Reach test │ +│ ├── reachable → skip to Step 3 │ +│ └── unreachable → continue to Step 2 │ +│ │ +│ Step 2: STAND UP THE BACKEND (only when localhost is unreachable) │ +│ Ask user: "may I install the backend? [Y/n]" ← consent #1 │ +│ On Y, run: bash ~/.openclaw/skills/skillnote/install-backend.sh│ +│ • git clone https://github.com/luna-prompts/skillnote.git │ +│ • cd skillnote && ./install.sh (Docker compose, ~3 min) │ +│ • Poll /health until ready │ +│ Recovery if script missing: │ +│ curl -sfL /install-backend.sh | bash │ +│ │ +│ Step 3: Persist resolved host to ~/.openclaw/skillnote/config.json │ +│ Step 4: chmod +x sync.sh && first sync → 22 sn-* skill dirs appear │ +│ log-watcher.py daemon spawns (PID-guarded) │ +│ sync.sh ALSO grafts into AGENTS.md (idempotent) │ +│ Step 5: Verify AGENTS.md graft is present (no file edit, no prompt) │ +│ Step 6: "SkillNote connected ✓ N skills synced" │ +└─────────────────────────────────────────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────────────┐ +│ Day 1+ — Every session, silently │ +│ Before any task: agent runs sync.sh → reads relevant sn-*/SKILL.md │ +│ After any task: agent POSTs usage event with skill_ids + outcome │ +│ In-turn: if a skill helped, agent runs the pre-filled rating curl │ +│ Background: log-watcher silently tracks every SKILL.md the agent │ +│ opened, fires hooks/skill-used to backend │ +└─────────────────────────────────────────────────────────────────────────┘ + ↓ +┌─────────────────────────────────────────────────────────────────────────┐ +│ Day 7 — Web UI feedback loop │ +│ Developer opens skillnote.local → Analytics → sees: │ +│ • Top skills (by call_count from log-watcher) │ +│ • Avg rating per skill (from agent ratings) │ +│ • Per-agent activity │ +│ • Agent comments (observation/issue/success_note) inline w/ skills │ +│ Developer edits a skill → next sync (≤60s) → agent has new content │ +└─────────────────────────────────────────────────────────────────────────┘ +``` + +### Total user input + +- **1 prompt:** "install skillnote from clawhub" +- **At most 1 Y/n answer:** consent to install the backend (only fires when localhost:8082 is unreachable). The AGENTS.md graft happens silently inside `sync.sh` — no second prompt. (See §8 for why.) +- That's it. No clone, no `./install.sh`, no URL prompt, no manual config. + +### Four install methods on the Connect page (web UI) + +For users who'd rather click than type, the web UI's Connect → OpenClaw tab offers four equivalent paths. All converge to the same on-disk state. + +| Method | Command | When | +|---|---|---| +| **Copy prompt** *(default tab)* | Personalized prompt with user's URL pre-baked, served from `/setup/agent-prompt?agent=openclaw` | Recommended — zero terminal | +| **clawhub** | `SKILLNOTE_BASE_URL=… clawhub install skillnote` | Power users with the plugin manager | +| **curl** | `curl -sf /setup/agent \| bash -s -- --agent openclaw` | When clawhub isn't available | +| **Manual** | 4-step bash block | Air-gapped environments | + +--- + +## 2. Component map + +``` +┌──────────────────────────────── HOST MACHINE ─────────────────────────────────┐ +│ │ +│ ┌─────────────────────┐ ┌──────────────────────────────────────┐ │ +│ │ OpenClaw runtime │ │ ~/.openclaw/ │ │ +│ │ │ │ ├── workspace/ │ │ +│ │ ┌──────────────┐ │ │ │ └── AGENTS.md │ │ +│ │ │ Agent loop │──┼────────→│ │ (← graft) │ │ +│ │ │ (LLM calls) │ │ reads │ │ │ │ +│ │ └──────────────┘ │ │ ├── agents/main/sessions/ │ │ +│ │ │ │ │ │ ├── sess-abc.jsonl (live log) │ │ +│ │ │ writes │ │ │ ├── sess-xyz.jsonl │ │ +│ │ │ JSONL │ │ │ └── ... │ │ +│ │ ▼ │ │ │ │ │ +│ │ ┌──────────────┐ │ │ ├── skills/ │ │ +│ │ │ session log │──┼────────→│ │ ├── skillnote/ │ │ +│ │ └──────────────┘ │ writes │ │ │ ├── SKILL.md (always-on) │ │ +│ │ │ │ │ │ ├── sync.sh │ │ +│ │ reads SKILL.md ◄──┼─────────│ │ │ ├── log-watcher.py │ │ +│ │ from skills dirs │ │ │ │ ├── install-backend.sh │ │ +│ └─────────────────────┘ │ │ │ ├── config.json {host,user} │ │ +│ │ │ │ ├── VERSION │ │ +│ │ │ │ ├── .last-sync-time │ │ +│ │ │ │ ├── .skillnote-manifest │ │ +│ │ │ │ ├── .log-watcher.pid │ │ +│ │ │ │ └── .log-watcher-state │ │ +│ │ │ ├── sn-brainstorming/SKILL.md │ │ +│ │ │ ├── sn-error-handling/SKILL.md │ │ +│ │ │ └── sn-{slug}/... │ │ +│ └───┴───────────────────────────────────┘ │ +│ ▲ │ +│ ┌──────────────────────────────────────────────┴──────────────────────────┐ │ +│ │ log-watcher.py daemon (background process, PID-guarded) │ │ +│ │ polls sessions/*.jsonl every 2s │ │ +│ │ tails new lines, parses toolCall.read for sn-*/SKILL.md │ │ +│ │ POSTs /v1/hooks/skill-used (slug, agent, session_id) │ │ +│ │ deduplicates per (file, session_id) │ │ +│ └─────────────────────────────────────────────────────────────────────────┘ │ +└────────────────────────────────────────────────────────────────────────────────┘ + │ + │ HTTP (every 60s + per-event) + ▼ +┌──────────────────────── SkillNote BACKEND (FastAPI :8082) ────────────────────┐ +│ │ +│ GET /v1/skills ← sync.sh pulls catalog │ +│ GET /v1/openclaw-bundle.zip ← installer downloads (with install- │ +│ backend.sh + SKILL.md + sync.sh + │ +│ log-watcher.py) │ +│ GET /v1/openclaw-skill ← daily self-update version check │ +│ GET /setup/agent ← unified dispatcher (--agent flag) │ +│ GET /setup/agent-prompt?agent=... ← personalized copy-prompt (markdown) │ +│ POST /v1/hooks/skill-used ← log-watcher fires per detected read │ +│ POST /v1/openclaw/usage ← agent fires after task completion │ +│ POST /v1/skills/{slug}/comments ← agent fires for ratings │ +│ │ +│ ┌──────────────────────────────────────────────────────────────────────┐ │ +│ │ PostgreSQL │ │ +│ │ skills, comments, skill_usage_events, skill_ratings, ... │ │ +│ │ ↑ comments with rating fan out to skill_ratings (analytics roll-up)│ │ +│ └──────────────────────────────────────────────────────────────────────┘ │ +└────────────────────────────────────────────────────────────────────────────────┘ + │ + ▼ +┌──────────────────── Web UI (Next.js :3000) ─────────────────────┐ +│ Skills · Collections · Analytics · Connect · Settings │ +│ Reads from API · displays usage / ratings / comments per skill │ +│ Developer edits skills here · changes propagate via sync within 60s│ +└──────────────────────────────────────────────────────────────────┘ +``` + +--- + +## 3. Three independent loops that make it work + +The system runs **three concurrent loops**, each with a different cadence and purpose. They never block each other. + +### Loop A — Catalog Sync (every 60s, from `sync.sh`) +**Trigger:** OpenClaw agent calls `~/.openclaw/skills/skillnote/sync.sh` before each task (per the AGENTS.md graft). + +``` +sync.sh runs + ├── grab .sync.lock (mkdir-based; concurrent calls bail silently) + ├── if .last-sync-time < 60s ago → exit + ├── GET /v1/skills ← whole catalog + ├── for each skill from API: + │ write sn-{slug}/SKILL.md with: + │ frontmatter (name, description, id, collections) + │ + body + │ + rating footer (pre-filled curl with this slug) + │ skip write if hash unchanged (idempotent) + ├── compute (manifest_old - api_skills) ∪ stale on-disk = orphans + ├── delete orphan sn-* dirs + ├── write .skillnote-manifest.json atomically (tempfile + os.replace) + └── update .last-sync-time +``` + +**Why this design:** Throttle prevents hammering the API on rapid agent re-invocations. The lock protects against bash parallelism. Atomic manifest prevents partial reads. + +### Loop B — Self-Update (every 24h, from `sync.sh`) +**Trigger:** Same `sync.sh` invocation, but gated by `.last-version-check`. + +``` +once per 24h: + GET /v1/openclaw-skill ← {version, skill} + compare to local VERSION + if newer: + try `clawhub install skillnote@` (preferred) + else overwrite SKILL.md + VERSION inline (fallback) + print "SkillNote updated to vX.Y.Z" to user once +``` + +**Why:** Lets us ship plugin fixes without asking users to re-run installers. + +### Loop C — Analytics (continuous, from `log-watcher.py` daemon) +**Trigger:** Spawned by `sync.sh` once, PID-guarded (won't double-launch). + +``` +every 2s: + for each *.jsonl in ~/.openclaw/agents/main/sessions/ + (skip *.trajectory.* and *.reset.* files) + stat inode → if changed, treat as rotation, reset offset + seek to last offset + parse new lines as JSON: + if event.type == "session" → update session_id, clear seen_slugs + if event.type == "message": + for each toolCall in content: + if name == "read" AND path matches "**/sn-{slug}/SKILL.md": + if slug not in seen_slugs (per session): + POST /v1/hooks/skill-used {slug, agent, session_id} + seen_slugs.add(slug) + save offset +``` + +**Why:** OpenClaw doesn't have PostToolUse hooks like Claude Code, so we parse the session log instead. Per-session dedup prevents inflated counts when an agent re-reads the same skill mid-conversation. Inode tracking handles log rotation. Offset preservation across daemon restarts prevents replay storms. + +--- + +## 4. Three feedback channels back to SkillNote + +| Channel | Source | What it captures | Endpoint | +|---|---|---|---| +| **Implicit usage** | log-watcher daemon | "Agent opened SKILL.md for skill X in session Y" | `POST /v1/hooks/skill-used` | +| **Explicit task outcome** | Agent (per AGENTS.md graft) | "Completed task using skills [a, b], outcome: completed" | `POST /v1/openclaw/usage` | +| **Quality signal** | Agent (per rating footer) | "Skill X helped/failed — rating 1-5 + one-line note" | `POST /v1/skills/{slug}/comments` | + +These three layers are intentional: +- **Implicit** is automatic and complete — we always know what was read. +- **Explicit** is intent-aware — the agent paraphrases the task and links the skills it actually applied (vs. just glanced at). +- **Quality** is judgment — the agent's same-turn opinion before context fades; ratings fan out from `comments` to `skill_ratings` for analytics roll-ups. + +--- + +## 5. Why the design choices + +| Decision | Why | +|---|---| +| **One unified `skillnote` skill** (vs. earlier 2-skill `awareness` + `resolver`) | OpenClaw's native skill system + AGENTS.md graft makes the resolver redundant — the agent reads `sn-*/SKILL.md` directly. Less to install, less to break. | +| **`always: true` on the parent skill** | Ensures the SKILL.md (and its setup steps) are in every session's system prompt — no chance of being "forgotten." | +| **AGENTS.md graft** | OpenClaw reloads AGENTS.md every session — gives us a persistent place to tell the agent "always sync first, log usage after." | +| **AGENTS.md graft is done by `sync.sh`, not the agent** | LLMs default to "ask consent before modifying user files" — and we couldn't override that even with explicit `do NOT ask` instructions in SKILL.md. So we moved the graft into `sync.sh`. The shell script can't be talked out of just appending text. The agent's Step 5 just verifies. (See §8.) | +| **Per-skill rating footer injected at sync time** | Agents don't reliably remember things across sessions. The pre-filled curl command is right there in the skill body — they rate while context is fresh. | +| **Log-watcher daemon (vs. agent self-reporting)** | Agents lie (or just forget). Parsing the session log gives ground truth for "what was actually opened." Self-reporting handles intent on top. | +| **`mkdir` lock + atomic manifest** | Bash `&` and concurrent agent invocations would otherwise race the manifest. POSIX `rename` is atomic; `mkdir` is the portable lock. | +| **PID-guarded daemon** | `sync.sh` runs every minute via the agent — without PID guarding we'd have N daemons fighting over the offset state. | +| **Throttle via `.last-sync-time`** | Same reason — agent calls sync constantly, but we don't want to hammer `/v1/skills` more than once a minute. | +| **Inode tracking** | Sessions rotate on agent restart. Tracking inode (vs. path) means we don't double-count or skip lines after a rotation. | +| **Comment fan-out to `skill_ratings`** | Lets the same analytics pipeline serve both Claude Code (which writes directly to `skill_ratings`) and OpenClaw (which uses comments) without separate aggregation paths. | + +--- + +## 6. The complete data flow for one task + +``` +USER: "fix this auth bug" + │ + ▼ +OpenClaw reads AGENTS.md → sees block + │ + ▼ +Agent runs `sync.sh` (Loop A throttle decides: skip, already synced 30s ago) + │ + ▼ +Agent decides: brainstorming + error-handling are relevant +Agent runs Read tool on: + - ~/.openclaw/skills/sn-brainstorming/SKILL.md + - ~/.openclaw/skills/sn-error-handling/SKILL.md + │ + ├─────────────────────────────────────────────────────┐ + │ (concurrently) │ + │ log-watcher sees the toolCall.read in session JSONL │ + │ POST /v1/hooks/skill-used × 2 (one per slug) │ + │ → backend increments call_count on both skills │ + ▼ │ +Agent reads each SKILL.md → applies guidance │ +Agent writes the bug fix │ +Agent finishes task │ + │ │ + ▼ │ +Agent runs: │ + POST /v1/openclaw/usage │ + {agent_name, task_summary: "fixed auth null deref", │ + skill_ids: [...], outcome: completed, channel: cli} │ + → backend records SkillUsageEvent │ + │ │ + ▼ │ +Agent (one of the skills had a clear win): │ + POST /v1/skills/error-handling/comments │ + {author, author_type: agent, │ + comment_type: agent_success_note, rating: 5, │ + body: "the null-check pattern caught it immediately"} │ + → backend writes Comment + fans out to skill_ratings │ + │ + ▼ + Web UI Analytics tab picks up: + - call_count for both skills (+1) + - avg_rating on error-handling (updated) + - usage event in agent activity + - comment in error-handling Reviews tab +``` + +--- + +## 7. Failure modes & how the design handles them + +| Failure | Handling | +|---|---| +| Backend unreachable | sync.sh exits silently — local sn-* dirs stay intact, no data loss. Agent uses last-known skills. | +| Backend unreachable AND localhost (fresh user) | SKILL.md Step 2 detects this case and offers to install the backend. Agent runs `install-backend.sh`. | +| `install-backend.sh` missing on disk | SKILL.md falls back to `curl -sfL /install-backend.sh \| bash` (same canonical script). Final fallback: manual `git clone` instructions. | +| Malformed config.json | Python try/except → silent exit, no crash. | +| Agent crashes mid-session | Next sync rebuilds sn-* from API. Log-watcher offset survives — no replay. | +| Two concurrent syncs | First grabs `.sync.lock` (mkdir), second sees existing dir and bails. | +| Daemon dies | Next `sync.sh` invocation sees `kill -0 $pid` fail → relaunches. PID file is the source of truth. | +| Session JSONL corrupted line | `json.JSONDecodeError` caught per-line; skip bad line, continue with the next. | +| Skill renamed on server | Old slug appears in manifest but not API → marked stale, dir removed. New slug syncs as "new." | +| Plugin update breaks something | Daily self-update is opt-in via `clawhub`; the inline fallback overwrites only `SKILL.md`/`VERSION`, never the lock or daemon state. | +| Re-install over existing setup | New installer preserves user's `config.json`, kills old daemon, then re-extracts. | +| `clawhub install skillnote` fails | Personalized prompt's Step 1 falls back to `curl -sf /setup/agent \| bash -s -- --agent openclaw` | +| Custom (non-localhost) backend unreachable | SKILL.md Step 1 doesn't auto-install — the user explicitly pointed at a server, so the agent reports "down, will retry next session" instead of presuming. | + +--- + +## 8. Install architecture (the agent-driven model) + +The install flow inverts the usual "user runs commands, agent helps" model. Here, the agent IS the installer — the user just types one prompt. + +### What this requires + +1. **Skill self-contained on disk** — every file the agent might need (SKILL.md, sync.sh, log-watcher.py, install-backend.sh) ships in the clawhub bundle. No "download this other thing" step during setup. +2. **Layered URL resolution** — `$SKILLNOTE_BASE_URL` env > `~/.openclaw/skillnote/config.json` > skill-dir config > `http://localhost:8082` default. Most users never touch any of these. +3. **Agent-runnable bootstrap script** — `install-backend.sh` is a single `bash ` invocation that handles git clone + Docker + readiness polling + error triage internally. The agent executes it; doesn't reimplement it. +4. **Honest consent — but only where the agent has a real choice.** The agent asks once before installing the backend (Docker spinup is a meaningful action). It does NOT ask before grafting AGENTS.md — that's done shell-side by `sync.sh`. (See "The consent-prompt anti-pattern" below.) +5. **Failure surfaces** — if the script fails, the agent shows `./install.sh`'s actual output instead of papering over it. + +### The consent-prompt anti-pattern (and why we moved AGENTS.md graft to sync.sh) + +Initial design: SKILL.md Step 5 told the agent to ask the user "may I add a small block to your AGENTS.md? [Y/n]" before grafting. This worked in interactive sessions but broke in three real failure modes: + +1. **Non-interactive / scripted runs** (`openclaw agent --message "set up skillnote"`) — the agent has no way to receive a Y/n. It pauses indefinitely or surfaces as an unfinished half-state. +2. **CI / async messaging** — the consent question goes to a queue with no human attached. +3. **Even with explicit "do NOT ask" instructions in SKILL.md, the LLM still asked.** This was the surprise. We tried wording it as a 🛑 IMPORTANT directive at the top of Step 5 ("do not ask any questions in this step"). The agent still asked. LLM safety training has a strong default of "ask before modifying user files" that prose instructions can't reliably override. + +**The fix**: move the graft logic out of the SKILL.md (which the LLM interprets) and into `sync.sh` (which is a shell script that just runs). The agent's Step 5 reduces to a single `grep -c ''` verification — no file editing, no consent question, no LLM judgment. The shell script can't be talked out of `cat block >> AGENTS.md`. + +**Side effects:** +- `sync.sh` now runs an idempotent graft check on every invocation (cheap — just a grep) +- An opt-out flag (`{"grafted": false}` in `config.json`) is honored by `sync.sh`, not the agent — so the user can disable the graft permanently with one config edit even if the agent tries to re-add it +- The graft happens during `curl|bash` install too (since the installer runs sync.sh as part of install) — so the user is connected before the agent ever loads + +**General principle this surfaces**: any time you're about to write "[the agent] should not ask the user for consent here" in SKILL.md, that's a signal to move the action out of the LLM and into a shell script. The LLM will fight you. The shell won't. + +### Why agent-driven (vs. CLI-driven) + +| Concern | CLI-driven (old) | Agent-driven (new) | +|---|---|---| +| User burden | Read README, clone, cd, run install.sh, then install plugin | Type one prompt | +| Non-technical users | Fails (can't type bash commands confidently) | Works (agent does the typing) | +| Cross-machine setup | Same procedure each time | Same prompt each time | +| Error recovery | User has to read error messages and decide what to do | Agent reads, classifies common errors, suggests fix | +| Updates | User has to know which command to re-run | Agent re-reads SKILL.md; flow is identical to first install | + +### Trust boundary + +The user trusts clawhub to install the skill (same trust they extend to any clawhub package). Everything we ship inside the skill bundle (`install-backend.sh`, `sync.sh`, `log-watcher.py`) inherits that trust — no separate "and now trust this other URL" ask. The GitHub raw URL is recovery-only and points at the same canonical file. diff --git a/docs/openclaw-integration.md b/docs/openclaw-integration.md new file mode 100644 index 00000000..b9400197 --- /dev/null +++ b/docs/openclaw-integration.md @@ -0,0 +1,97 @@ +# OpenClaw Integration + +## What this is + +SkillNote × OpenClaw is a living skill registry for the OpenClaw agent. SkillNote stores your skills; OpenClaw uses them autonomously, learns which ones helped, and lets you (the human) review what your agent has been doing through the SkillNote web UI. Two skills get installed into your OpenClaw setup; everything else stays in SkillNote. + +## Prerequisites + +- A running SkillNote backend on a host you control (`./install.sh` from this repo). +- An OpenClaw agent installed locally. + +No additional API keys are required on the SkillNote side. The OpenClaw resolver subagent runs in the agent harness with full LLM reasoning, so SkillNote ships the catalog and the subagent picks. + +## Install + +One command, run wherever your OpenClaw agent lives: + +```bash +curl -sf http://:8082/setup/openclaw | bash +``` + +The installer: + +- Asks for one-time confirmation (when run interactively). +- Downloads the 2-skill bundle and the config template. +- Substitutes your SkillNote host into both files. +- Writes everything to `~/.openclaw/`. + +You can also grab the install command from your SkillNote web UI at `Settings → OpenClaw Integration → Copy`. + +## What gets installed + +``` +~/.openclaw/skills/skillnote-awareness/SKILL.md # always-injected meta-skill +~/.openclaw/skills/skillnote-resolver/SKILL.md # subagent for skill selection +~/.openclaw/skillnote/config.json # host, agent name, defaults +``` + +`skillnote-awareness` loads at every OpenClaw session start. `skillnote-resolver` is a subagent the main agent invokes when picking skills for a task. `config.json` holds your SkillNote host, the agent's identity, and feature toggles (auto-resolve, write reflections — both default ON; allow-marketplace-install — default OFF). + +## What the agent does after install + +- **Picks skills automatically.** When you ask the agent to do something non-trivial, it spawns the resolver, which queries `/v1/openclaw/context-bundle` and gets back the catalog with usage / rating / staleness metadata. The resolver re-ranks via LLM reasoning over the task and returns 1-5 skills for the main agent to apply. +- **Logs each task.** After acting, it POSTs a usage event to `/v1/openclaw/usage` with the task summary (paraphrased — never your raw message), the skills used, the resolver's confidence, and the outcome. +- **Leaves comments.** When the agent notices a skill helped, failed, or seems stale, it POSTs a comment on that skill (`author_type=agent`). Five comment types: agent_observation, agent_issue, agent_patch_suggestion, agent_success_note, agent_deprecation_warning. Rate-limited to one comment per skill per day. +- **Asks for confirmation only when warranted.** Confidence < 0.6, or risk_level ≥ medium, or two equally-valid collections. + +## What you do as a human + +- Open the SkillNote web UI to see what your agent has been doing. Activity feed, skill ratings, agent comments — all visible at the host you set up. +- Add skills as you spot gaps. Edit existing skills as procedures change. The agent picks them up on the next session. +- **(Coming in v0.4.1)** Review agent-suggested skill drafts and Skill Garden health metrics. + +## Settings & defaults + +Open `~/.openclaw/skillnote/config.json` to tune: + +```json +{ + "skillnote_base_url": "http://your-host:8082", + "skillnote_web_url": "http://your-host:3000", + "agent_name": "openclaw-main", + "auto_resolve_skills": true, + "write_reflections": true, + "allow_draft_creation": false, + "allow_auto_marketplace_install": false +} +``` + +- `auto_resolve_skills`: agent calls the resolver autonomously. Disable if you want strict manual control. +- `write_reflections`: agent writes comments on skills. Disable if you want a read-only agent. +- `allow_draft_creation`: leave false in v0.4.0 (drafts table arrives in v0.4.1). +- `allow_auto_marketplace_install`: leave false unless you trust your marketplace. + +## Uninstall + +```bash +rm -rf ~/.openclaw/skills/skillnote-awareness +rm -rf ~/.openclaw/skills/skillnote-resolver +rm -rf ~/.openclaw/skillnote +``` + +That's it. SkillNote-side data (your skills, comments, usage events) stays in your SkillNote backend. + +## Troubleshooting + +**Agent says SkillNote is unreachable.** + +- Check `~/.openclaw/skillnote/config.json` exists. +- Check the `skillnote_base_url` resolves from the OpenClaw host (a NAT'd container won't reach `localhost`). +- `curl -sf $SKILLNOTE_BASE_URL/health` from inside the agent's host. + +**Agent doesn't seem to use skills.** + +- Check Settings → OpenClaw Integration in the SkillNote UI; the "Connected" indicator should be green if the agent has logged any usage in the last 7 days. +- Run `curl -s $API_URL/v1/openclaw/usage?limit=5` to see if usage events are landing. +- Re-run the install command to refresh the awareness skill (the bundled awareness skill version `1.0.0` is in the SKILL.md frontmatter). diff --git a/install.sh b/install.sh index b0605620..2b972f08 100755 --- a/install.sh +++ b/install.sh @@ -303,19 +303,68 @@ done # ── Done ────────────────────────────────────────────────────────── SKILL_COUNT=$(curl -sf "http://localhost:${API_PORT}/v1/skills" 2>/dev/null | python3 -c "import json,sys; print(len(json.load(sys.stdin)))" 2>/dev/null || echo "?") +# Detect which agents are present on this machine so we can recommend +# the right Stage-2 command (and skip the ones that aren't applicable). +HAS_CLAUDE=0 +HAS_OPENCLAW=0 +[ -d "$HOME/.claude" ] && HAS_CLAUDE=1 +[ -d "$HOME/.openclaw" ] && HAS_OPENCLAW=1 + +ORANGE='\033[38;5;208m' + echo "" -echo -e " ${GREEN}${BOLD}SkillNote is running${NC}" +echo -e " ${GREEN}${BOLD}✓ Stage 1 complete — SkillNote is running${NC}" echo "" echo -e " ${DIM}Web${NC} ${WEB_URL}" echo -e " ${DIM}API${NC} ${API_URL}" echo -e " ${DIM}Skills${NC} ${SKILL_COUNT}" echo "" -ORANGE='\033[38;5;208m' -echo -e " ${ORANGE}${BOLD}Connect Claude Code${NC}" -echo -e " ${ORANGE}\$${NC} curl -sf ${API_URL}/setup | bash" +echo -e " ${BOLD}Next — Stage 2: connect an AI agent${NC}" +echo -e " ${DIM}One unified installer; pick your agent with --agent.${NC}" +echo "" + +# ── Tailored Stage-2 hint ──────────────────────────────────────── +if [ "$HAS_CLAUDE" -eq 1 ] && [ "$HAS_OPENCLAW" -eq 1 ]; then + # Both agents detected on this host + echo -e " ${DIM}Detected:${NC} ${GREEN}Claude Code${NC} + ${GREEN}OpenClaw${NC}" + echo "" + echo -e " ${ORANGE}${BOLD}Claude Code${NC}" + echo -e " ${ORANGE}\$${NC} curl -sf ${API_URL}/setup/agent | bash -s -- --agent claude-code" + echo "" + echo -e " ${ORANGE}${BOLD}OpenClaw${NC}" + echo -e " ${ORANGE}\$${NC} curl -sf ${API_URL}/setup/agent | bash -s -- --agent openclaw" +elif [ "$HAS_CLAUDE" -eq 1 ]; then + echo -e " ${DIM}Detected:${NC} ${GREEN}Claude Code${NC} ${DIM}(~/.claude exists)${NC}" + echo "" + echo -e " ${ORANGE}${BOLD}Connect Claude Code${NC}" + echo -e " ${ORANGE}\$${NC} curl -sf ${API_URL}/setup/agent | bash -s -- --agent claude-code" + echo "" + echo -e " ${DIM}Also using OpenClaw? Swap --agent claude-code → --agent openclaw${NC}" +elif [ "$HAS_OPENCLAW" -eq 1 ]; then + echo -e " ${DIM}Detected:${NC} ${GREEN}OpenClaw${NC} ${DIM}(~/.openclaw exists)${NC}" + echo "" + echo -e " ${ORANGE}${BOLD}Connect OpenClaw${NC}" + echo -e " ${ORANGE}\$${NC} curl -sf ${API_URL}/setup/agent | bash -s -- --agent openclaw" + echo "" + echo -e " ${DIM}Also using Claude Code? Swap --agent openclaw → --agent claude-code${NC}" +else + # No agent detected — the user is probably setting up the registry + # on a server they don't run agents on. Show both, no preference. + echo -e " ${DIM}No agent home directory detected on this machine.${NC}" + echo -e " ${DIM}If you'll use SkillNote from another machine, run one of these there:${NC}" + echo "" + echo -e " ${ORANGE}${BOLD}Claude Code${NC}" + echo -e " ${ORANGE}\$${NC} curl -sf ${API_URL}/setup/agent | bash -s -- --agent claude-code" + echo "" + echo -e " ${ORANGE}${BOLD}OpenClaw${NC}" + echo -e " ${ORANGE}\$${NC} curl -sf ${API_URL}/setup/agent | bash -s -- --agent openclaw" +fi + +echo "" +echo -e " ${DIM}Or use the web UI walkthrough:${NC} ${CYAN}${WEB_URL}/integrations${NC}" echo "" -echo -e " ${DIM}Manage:${NC}" -echo -e " ${DIM}\$${NC} $COMPOSE logs -f ${DIM}# logs${NC}" +echo -e " ${DIM}Manage this stack:${NC}" +echo -e " ${DIM}\$${NC} $COMPOSE logs -f ${DIM}# tail logs${NC}" echo -e " ${DIM}\$${NC} $COMPOSE down ${DIM}# stop${NC}" -echo -e " ${DIM}\$${NC} $COMPOSE down -v ${DIM}# reset${NC}" +echo -e " ${DIM}\$${NC} $COMPOSE down -v ${DIM}# reset (drops the database)${NC}" echo "" diff --git a/package.json b/package.json index 752307e3..05802bd5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "skillnote", - "version": "0.3.4", + "version": "0.4.0", "private": true, "scripts": { "dev": "next dev", diff --git a/plugin-openclaw/skillnote-doctor/SKILL.md b/plugin-openclaw/skillnote-doctor/SKILL.md new file mode 100644 index 00000000..d7eaafed --- /dev/null +++ b/plugin-openclaw/skillnote-doctor/SKILL.md @@ -0,0 +1,85 @@ +--- +name: skillnote-doctor +description: "A diagnostic tool for OpenClaw agents -- checks skill registry connectivity, AGENTS.md setup, config file validity, and installed skill health. Use when your setup seems broken, skills aren't loading, or you want to audit your agent's configuration." +version: "1.0.0" +metadata: {"openclaw": {"emoji": "🩺", "triggers": ["diagnose", "check setup", "why isn't", "debug", "broken", "not working"]}} +--- + +# SkillNote Doctor + +Diagnose your SkillNote + OpenClaw integration in 6 checks. Run every check even if an earlier one fails — the user needs the full picture. Report ✓ pass or ✗ fail with specific remediation for each. + +## Check 1 — clawhub binary + +Run: `which clawhub` + +- ✓ Pass: binary found +- ✗ Fail: `clawhub not found. Install from https://clawhub.ai or run: npm install -g clawhub` + +## Check 2 — SkillNote config + +Read `~/.openclaw/skills/skillnote/config.json`. + +- ✓ Pass: file exists, valid JSON, `host` is non-empty +- ✗ Fail (missing): `Config not found. SkillNote is not installed. Install with: clawhub install skillnote && clawhub install skillnote-resolver` +- ✗ Fail (invalid JSON): `Config is malformed. Delete ~/.openclaw/skills/skillnote/config.json and re-run skillnote setup.` +- ✗ Fail (empty host): `Config exists but host is empty. Ask your agent to re-setup skillnote.` + +## Check 3 — Registry reachability + +GET `/v1/skills?limit=1` + +- ✓ Pass: HTTP 200 +- ✗ Fail (timeout/refused): `SkillNote at is unreachable. Verify the URL and that your instance is running. Self-host guide: https://github.com/luna-prompts/skillnote` +- ✗ Fail (non-200): `Unexpected HTTP . Check SkillNote server logs.` + +## Check 4 — AGENTS.md marker + +Read `~/.openclaw/workspace/AGENTS.md`. Check for exact string ``. + +- ✓ Pass: marker found +- ✗ Fail: `AGENTS.md marker missing. Ask your agent: "re-graft skillnote into AGENTS.md" — or reinstall: clawhub install skillnote` + +## Check 5 — skillnote-resolver installed + +Check `~/.openclaw/skills/skillnote-resolver/SKILL.md` exists. + +- ✓ Pass: file found +- ✗ Fail: `skillnote-resolver not found. Install with: clawhub install skillnote-resolver` + +## Check 6 — resolver endpoint + +POST `/v1/openclaw/context-bundle` with body `{"task_summary": "doctor health check", "max_skills": 1}` + +- ✓ Pass: HTTP 200, `skills` array present +- ✗ Fail: `Context bundle endpoint unavailable. Check SkillNote server version — endpoint requires v0.3.0+` + +--- + +## Summary + +After all checks report: + +``` +SkillNote health: X/6 checks passed +``` + +If all 6 pass: +> Your SkillNote integration looks healthy. If you're still seeing issues, check https://github.com/luna-prompts/skillnote/issues + +If Check 2 fails with "Config not found" (SkillNote not installed at all): +> SkillNote not detected. Install with: +> ``` +> clawhub install skillnote +> clawhub install skillnote-resolver +> ``` +> Then follow the 5-step setup that runs automatically on first load. + +--- + +# Hard rules + +- Never modify any file during diagnosis — read-only. +- Never POST to any endpoint other than `/v1/openclaw/context-bundle`. +- Run all 6 checks regardless of earlier failures. +- Never guess or invent the host URL — read it strictly from config.json. diff --git a/plugin-openclaw/skillnote/SKILL.md b/plugin-openclaw/skillnote/SKILL.md new file mode 100644 index 00000000..f116e7b6 --- /dev/null +++ b/plugin-openclaw/skillnote/SKILL.md @@ -0,0 +1,295 @@ +--- +name: skillnote +description: "A private skill registry for OpenClaw agents -- remembers saved procedures across sessions, tracks which skills helped or failed, detects drift and staleness, and collects agent feedback. Self-hosted; your knowledge stays on your server." +version: "2.0.0" +homepage: "https://github.com/luna-prompts/skillnote" +metadata: + openclaw: + always: true + emoji: "📚" + primaryEnv: SKILLNOTE_BASE_URL + requires: + env: [SKILLNOTE_BASE_URL] + bins: [curl, python3, unzip] + envVars: + - name: SKILLNOTE_BASE_URL + required: true + description: "URL of your self-hosted SkillNote instance, e.g. http://localhost:8082" +--- + +# How this skill is installed + +This file (`SKILL.md`) normally arrives in `~/.openclaw/skills/skillnote/` via one of three paths. The setup steps below run regardless of how it got there — but if the skill ever needs to be reinstalled (corrupted install, missing files, recovery), use one of these: + +1. **clawhub** (recommended — versioned, auto-updates): + ```bash + clawhub install skillnote + ``` +2. **curl bundle installer** (when clawhub isn't available, or for fresh installs that should also pre-fill config and run the first sync): + ```bash + curl -sf /setup/agent | bash -s -- --agent openclaw + ``` + Replace `` with the user's SkillNote URL (e.g. `http://localhost:8082`). If you're the agent reading this and `$SKILLNOTE_BASE_URL` is set, use that. Otherwise default to `http://localhost:8082`. +3. **Manual** — download `/v1/openclaw-bundle.zip` and unzip into `~/.openclaw/skills/`. For air-gapped environments only. + +If you (the agent) are running setup and find that critical files are missing from `~/.openclaw/skills/skillnote/` (e.g. `sync.sh` or `log-watcher.py` not present), do a curl reinstall using method 2 above before continuing — don't try to guess what's missing. + +--- + +# Setup + +**Runs once on first load. Silent on every subsequent load.** + +## Step 1 — Resolve SkillNote host (layered) + +Find the SkillNote backend URL in this order. Stop at the first match: + +1. **Env var:** `$SKILLNOTE_BASE_URL` +2. **Config file:** `~/.openclaw/skillnote/config.json` → `host` field +3. **Skill-dir config:** `~/.openclaw/skills/skillnote/config.json` → `host` field +4. **Default:** `http://localhost:8082` (the standard local install) + +Then test reachability: `GET /v1/skills?limit=1`. + +- **Reachable** → host confirmed. Skip to Step 3 (persist + sync). +- **Unreachable AND host == localhost:8082** → backend probably not running on this machine. Continue to Step 2 to install it. +- **Unreachable AND host is custom** (env var or config file points somewhere specific) → don't auto-install. The user pointed at a specific server; tell them it's down and stop: + > SkillNote at `` isn't reachable. Either the server is down, or the URL is wrong. I'll retry next session. + +## Step 2 — Stand up the SkillNote backend (only when localhost is unreachable) + +You (the agent) are running on the user's machine and have shell access. Install the backend yourself via the bundled bootstrap script — do not ask the user to run any commands. + +**First, ask the user once for permission:** + +> **SkillNote backend isn't running.** I can install it now (clones the repo, runs Docker compose; ~3 min for the first build). Proceed? [Y/n] + +If the user says **n** or anything negative, output this and STOP setup completely: + +> No problem. When you're ready, either: +> ```bash +> # Option A — clone + run the installer +> git clone https://github.com/luna-prompts/skillnote.git +> cd skillnote && ./install.sh +> ``` +> ```bash +> # Option B — run the bundled bootstrap script +> bash ~/.openclaw/skills/skillnote/install-backend.sh +> ``` +> Then start a fresh OpenClaw session. + +If the user says **Y** or anything positive, run this single command and stream the output back so the user sees progress: + +```bash +bash ~/.openclaw/skills/skillnote/install-backend.sh +``` + +This script ships with the skill (clawhub install skillnote drops it next to SKILL.md) and handles everything atomically: +1. Verifies prereqs (`git`, `curl`, and either `docker` or `podman`) +2. Clones the repo to `$HOME/skillnote` (or reuses an existing checkout) +3. Runs `./install.sh` (Docker build + compose up) +4. Polls `/health` until the API is ready (60s timeout) +5. Prints the URLs + +### If the script is missing (recovery) + +If `~/.openclaw/skills/skillnote/install-backend.sh` doesn't exist (corrupted skill install, manual modification, etc.), curl it from GitHub raw — it's the same script that ships in the bundle: + +```bash +curl -sfL https://raw.githubusercontent.com/luna-prompts/skillnote/master/plugin-openclaw/skillnote/install-backend.sh | bash +``` + +If even that fails (no network, etc.), fall back to a full manual clone — don't try to reconstruct the script: + +```bash +git clone https://github.com/luna-prompts/skillnote.git ~/skillnote +cd ~/skillnote && ./install.sh +``` + +Then come back to Step 3. + +### Customizing the install + +If the user has constraints, set env vars BEFORE invoking the script: + +| Need | Command | +| ---- | ------- | +| Different install dir | `SKILLNOTE_INSTALL_DIR=$HOME/work/skillnote bash ~/.openclaw/skills/skillnote/install-backend.sh` | +| Port `8082` is busy | `SKILLNOTE_API_PORT=8182 bash ~/.openclaw/skills/skillnote/install-backend.sh` | +| Port `3000` is busy | `SKILLNOTE_WEB_PORT=3001 bash ~/.openclaw/skills/skillnote/install-backend.sh` | + +### If it fails + +Capture the last 20 lines of output and show them verbatim. Common patterns and what to suggest: + +- `address already in use` / `port is already allocated` → tell the user which port and offer: `SKILLNOTE_API_PORT=8182 bash ~/.openclaw/skills/skillnote/install-backend.sh` +- `Cannot connect to the Docker daemon` → Docker Desktop / Podman machine isn't running; ask the user to start it +- `MISSING: git` / `MISSING: docker` → the script tells you exactly what's missing; relay the install link to the user +- anything else → show the captured output and stop; don't try to recover blindly + +After success, `install-backend.sh` will print the URLs (`http://localhost:3000` and `http://localhost:8082`). Proceed to Step 3. + +## Step 3 — Persist the resolved host (idempotent) + +Once a host is found and reachable: +- Strip trailing slashes +- Write to `~/.openclaw/skills/skillnote/config.json` so subsequent loads skip the env-var lookup: + +```json +{ + "host": "", + "user_id": "" +} +``` + +## Step 4 — Initial sync + +Run with exec: +``` +chmod +x ~/.openclaw/skills/skillnote/sync.sh +~/.openclaw/skills/skillnote/sync.sh +``` + +This populates `~/.openclaw/skills/sn-*/SKILL.md` for every skill in the registry. Runs in a few seconds. + +## Step 5 — Verify AGENTS.md graft (sync.sh did it for you) + +`sync.sh` (which you just ran in Step 4) automatically appends the `` block to `~/.openclaw/workspace/AGENTS.md` if it isn't already there. **You don't have to graft it yourself, and you don't need to ask the user about it.** + +Just verify it landed: + +```bash +grep -c '' ~/.openclaw/workspace/AGENTS.md +``` + +If the count is `1`: ✅ done, continue to Step 6. + +If the count is `0`: something failed during sync. Re-run `~/.openclaw/skills/skillnote/sync.sh` once more; if still `0`, surface the issue to the user (likely a permissions error on `~/.openclaw/workspace/`). Do not try to graft the block manually with your file-edit tool — that's `sync.sh`'s job. + +If the count is `≥ 2`: duplicate marker. Tell the user; do not auto-fix (it's safer for them to dedupe by hand). + +### Honoring an opt-out + +If the user told you in this session *"don't touch AGENTS.md"* or *"skip the graft"* (and only if they explicitly said so — don't invent the question), write `{"grafted": false}` to `~/.openclaw/skills/skillnote/config.json` BEFORE running sync.sh in Step 4 — sync.sh checks that flag and skips the graft when it's set. + +### For reference, the block sync.sh appends (substituting your `{{HOST}}`): + +``` + +SkillNote registry: {{HOST}} + +You MUST check SkillNote for any task involving code, writing, debugging, reviewing, deploying, or creating. + +Step 1 — BEFORE responding, sync and read skills with exec: + ~/.openclaw/skills/skillnote/sync.sh + Then read any relevant ~/.openclaw/skills/sn-*/SKILL.md files and apply them. + +Step 2 — AFTER finishing, log usage with exec: + curl -s -X POST {{HOST}}/v1/openclaw/usage -H 'Content-Type: application/json' -d '{"agent_name":"main","task_summary":"","skill_ids":[""],"outcome":"completed","channel":""}' + Use the id field from each skill's frontmatter. Skip if no skills were relevant. + +Only skip steps 1-2 for pure small talk ("hi", "thanks"). Never log raw user messages. + +``` + +Verify the marker was written. Retry once on failure. + +## Step 6 — Done + +Say exactly once on first setup: + +> SkillNote connected ✓ Registry at `{{HOST}}`. Skills are synced locally — I'll read them before each task and log what helped. +> +> Ask me "what skills have you been using?" to see your activity. If something's broken, run `clawhub install skillnote-doctor`. + +On every subsequent load: **complete silence**. Just verify the `` marker is still in AGENTS.md — if it disappeared, re-graft silently. + +--- + +# What is SkillNote + +SkillNote is your self-hosted skill registry at `{{HOST}}`. It stores procedures your team has written — name, description, body, ratings, comments, and usage history. Skills are grouped into collections (e.g. `code-review`, `devops`) that scope what's relevant. + +Skills are synced to `~/.openclaw/skills/sn-*/SKILL.md` automatically before each task. The web UI at `{{HOST}}` is where humans curate skills and read your feedback. Treat it as persistent memory that survives across sessions and agents. + +--- + +# How to log usage + +After completing a task where skills were applied, POST to `{{HOST}}/v1/openclaw/usage`: + +```json +{ + "agent_name": "", + "task_summary": "", + "skill_ids": ["", "..."], + "outcome": "completed", + "channel": "" +} +``` + +`outcome`: `completed` | `failed` | `abandoned` | `unknown` + +Skill IDs come from the `id` field in each `sn-*/SKILL.md` frontmatter. Do NOT post if no skills were used. + +--- + +# How to reflect on a skill + +When a skill clearly helped, failed, or is stale, POST to `{{HOST}}/v1/skills//comments`: + +```json +{ + "author": "", + "author_type": "agent", + "comment_type": "agent_observation", + "body": "" +} +``` + +Valid `comment_type` values: `agent_observation`, `agent_issue`, `agent_patch_suggestion`, `agent_success_note`, `agent_deprecation_warning` + +At most one comment per skill per day. Only comment when you have specific signal. + +--- + +# How to show activity + +When the user asks "what skills have you been using?" or similar: + +GET `{{HOST}}/v1/me/activity?period=7d` + +Render the result in natural prose — top skills used, any recent feedback left. Don't dump raw JSON. + +--- + +# Weekly self-update check + +Once per week (track via `~/.openclaw/skills/skillnote/.last-update-check`): + +GET `{{HOST}}/v1/openclaw-skill` + +Compare the returned `version` to `~/.openclaw/skills/skillnote/VERSION`. If newer, run `clawhub install skillnote@latest` and notify once. + +--- + +# Uninstall + +When the user says "remove skillnote" or "uninstall skillnote": + +1. Remove the `` block from `~/.openclaw/workspace/AGENTS.md`. +2. Run `clawhub uninstall skillnote`. +3. Delete `~/.openclaw/skills/skillnote/`. +4. Say: > SkillNote removed. AGENTS.md restored, config deleted. + +--- + +# Hard rules + +- Do NOT log raw user messages. Always paraphrase. +- Do NOT log secrets, tokens, credentials, or PII. +- Do NOT post usage events when no skills were used. +- Do NOT comment more than once per skill per day. +- Do NOT invent skill IDs — only use values from the sn-* SKILL.md frontmatter. +- Do NOT mention SkillNote on every reply — only when relevant. +- Do NOT mutate config.json after setup. If wrong, ask user to say "re-setup skillnote". diff --git a/plugin-openclaw/skillnote/VERSION b/plugin-openclaw/skillnote/VERSION new file mode 100644 index 00000000..227cea21 --- /dev/null +++ b/plugin-openclaw/skillnote/VERSION @@ -0,0 +1 @@ +2.0.0 diff --git a/plugin-openclaw/skillnote/config.template.json b/plugin-openclaw/skillnote/config.template.json new file mode 100644 index 00000000..5df2159f --- /dev/null +++ b/plugin-openclaw/skillnote/config.template.json @@ -0,0 +1,9 @@ +{ + "skillnote_base_url": "{{HOST}}", + "skillnote_web_url": "{{WEB_URL}}", + "agent_name": "openclaw-main", + "auto_resolve_skills": true, + "write_reflections": true, + "allow_draft_creation": false, + "allow_auto_marketplace_install": false +} diff --git a/plugin-openclaw/skillnote/install-backend.sh b/plugin-openclaw/skillnote/install-backend.sh new file mode 100755 index 00000000..fc6b8fbd --- /dev/null +++ b/plugin-openclaw/skillnote/install-backend.sh @@ -0,0 +1,103 @@ +#!/usr/bin/env bash +# SkillNote OpenClaw skill — backend bootstrap. +# +# This script ships INSIDE the SkillNote OpenClaw skill bundle (alongside +# SKILL.md / sync.sh / log-watcher.py). It lands on disk as part of either: +# • clawhub install skillnote (clawhub unpacks the skill files) +# • curl /setup/agent | bash … (our installer extracts the bundle) +# +# When the SKILL.md detects no SkillNote backend on localhost, it tells the +# agent to invoke this file directly: +# +# bash ~/.openclaw/skills/skillnote/install-backend.sh +# +# We invoke via `bash ` (not `` directly) so it works even if +# clawhub stripped the executable bit at install time. +# +# Two install routes for the BACKEND, depending on context: +# • This script → invoked by the OpenClaw agent on the user's behalf +# • ./install.sh → run manually by anyone who has already cloned the repo +# +# Optional env vars: +# SKILLNOTE_INSTALL_DIR — clone target (default: $HOME/skillnote) +# SKILLNOTE_BRANCH — git branch to clone (default: master) +# SKILLNOTE_API_PORT — host port for API (default: 8082) +# SKILLNOTE_WEB_PORT — host port for Web (default: 3000) + +set -euo pipefail + +# Resolve $HOME defensively. Under `env -i` or other stripped-environment +# invocations it may not be set, which combined with `set -u` would crash +# the script before it gets a chance to print a useful error. macOS doesn't +# ship `getent`, so we use `eval echo ~user` which works on both Linux and +# macOS, then fall through to /tmp as the absolute last resort. +HOME="${HOME:-$(eval echo "~$(id -un 2>/dev/null)" 2>/dev/null)}" +HOME="${HOME:-/tmp}" + +TARGET_DIR="${SKILLNOTE_INSTALL_DIR:-$HOME/skillnote}" +BRANCH="${SKILLNOTE_BRANCH:-master}" +API_PORT="${SKILLNOTE_API_PORT:-8082}" +WEB_PORT="${SKILLNOTE_WEB_PORT:-3000}" + +CYAN='\033[0;36m' +GREEN='\033[0;32m' +RED='\033[0;31m' +DIM='\033[2m' +BOLD='\033[1m' +NC='\033[0m' + +step() { printf "\n${CYAN}==>${NC} ${BOLD}%s${NC}\n" "$1"; } +ok() { printf " ${GREEN}✓${NC} %s\n" "$1"; } +err() { printf "\n ${RED}✗ %s${NC}\n\n" "$1" >&2; exit 1; } + +# ── 1. Prereqs ────────────────────────────────────────────────────────────── +step "Checking prerequisites" +for cmd in git curl; do + command -v "$cmd" >/dev/null 2>&1 || err "Missing: $cmd. Install it and re-run." + ok "$cmd" +done +if command -v docker >/dev/null 2>&1; then + ok "docker" +elif command -v podman >/dev/null 2>&1; then + ok "podman" +else + err "Missing: docker or podman. Install one: https://docs.docker.com/get-docker/" +fi + +# ── 2. Clone (or reuse existing checkout) ────────────────────────────────── +step "Preparing $TARGET_DIR" +if [ -d "$TARGET_DIR/.git" ]; then + ok "Using existing checkout at $TARGET_DIR" +elif [ -e "$TARGET_DIR" ]; then + err "$TARGET_DIR exists but is not a git checkout. Move it aside or set SKILLNOTE_INSTALL_DIR to a different path." +else + git clone --branch "$BRANCH" --depth 1 https://github.com/luna-prompts/skillnote.git "$TARGET_DIR" + ok "Cloned into $TARGET_DIR" +fi + +# ── 3. Run the main installer ─────────────────────────────────────────────── +step "Running ./install.sh (Docker build, ~2-3 min on first run)" +cd "$TARGET_DIR" +SKILLNOTE_API_PORT="$API_PORT" SKILLNOTE_WEB_PORT="$WEB_PORT" ./install.sh + +# ── 4. Wait for the API to respond ────────────────────────────────────────── +step "Waiting for the API to be ready" +for i in $(seq 1 30); do + if curl -sf "http://localhost:${API_PORT}/health" >/dev/null 2>&1; then + ok "API responded after ${i}× 2s" + break + fi + [ "$i" -eq 30 ] && err "API didn't respond within 60s. Inspect: cd $TARGET_DIR && docker compose logs api" + sleep 2 +done + +# ── 5. Done ───────────────────────────────────────────────────────────────── +SKILL_COUNT=$(curl -sf "http://localhost:${API_PORT}/v1/skills" 2>/dev/null \ + | python3 -c "import json,sys; print(len(json.load(sys.stdin)))" 2>/dev/null \ + || echo "?") + +printf "\n${GREEN}${BOLD}✓ SkillNote backend ready${NC}\n" +printf " ${DIM}Web${NC} http://localhost:${WEB_PORT}\n" +printf " ${DIM}API${NC} http://localhost:${API_PORT}\n" +printf " ${DIM}Skills${NC} ${SKILL_COUNT}\n" +printf " ${DIM}Repo${NC} ${TARGET_DIR}\n\n" diff --git a/plugin-openclaw/skillnote/log-watcher.py b/plugin-openclaw/skillnote/log-watcher.py new file mode 100644 index 00000000..2a095311 --- /dev/null +++ b/plugin-openclaw/skillnote/log-watcher.py @@ -0,0 +1,250 @@ +#!/usr/bin/env python3 +""" +log-watcher.py — Watch OpenClaw session JSONL files for skill reads and post +analytics events to SkillNote. + +Usage: + python3 log-watcher.py + +Args: + host e.g. http://localhost:8082 + sessions_dir e.g. ~/.openclaw/agents/main/sessions + state_dir e.g. ~/.openclaw/skills/skillnote +""" + +import json +import os +import signal +import sys +import time +import urllib.request + +# --------------------------------------------------------------------------- +# Constants +# --------------------------------------------------------------------------- +POLL_INTERVAL = 2 # seconds between scans + + +# --------------------------------------------------------------------------- +# HTTP helpers +# --------------------------------------------------------------------------- + +def post_skill_used(host: str, slug: str, session_id: str) -> None: + """Fire-and-forget POST to /v1/hooks/skill-used.""" + payload = json.dumps( + { + "skill_slug": slug, + "agent_name": "openclaw-main", + "session_id": session_id or "", + } + ).encode() + req = urllib.request.Request( + f"{host}/v1/hooks/skill-used", + data=payload, + headers={"Content-Type": "application/json"}, + method="POST", + ) + try: + urllib.request.urlopen(req, timeout=5) + except Exception: + pass # fire-and-forget — network errors are silently ignored + + +# --------------------------------------------------------------------------- +# File processing +# --------------------------------------------------------------------------- + +def process_file(path: str, state: dict, host: str) -> None: + """ + Read new lines from a JSONL session file, emit skill-used events for any + skill reads found, and update state in-place. + """ + file_state = state.get( + path, + {"inode": None, "offset": 0, "session_id": "", "seen_slugs": []}, + ) + + try: + current_inode = os.stat(path).st_ino + except OSError: + # File disappeared between scan and stat — skip silently. + return + + if current_inode != file_state["inode"]: + # File rotated or brand-new — reset all tracking state. + file_state = { + "inode": current_inode, + "offset": 0, + "session_id": "", + "seen_slugs": [], + } + + try: + with open(path) as f: + f.seek(file_state["offset"]) + for line in f: + try: + event = json.loads(line) + except json.JSONDecodeError: + # Partial line (write in progress) — skip and keep reading. + continue + + # Track the session id; reset per-session deduplication. + if event.get("type") == "session": + file_state["session_id"] = event.get("id", "") + file_state["seen_slugs"] = [] + + # Look for tool calls that read a skill file. + if event.get("type") == "message": + msg = event.get("message", {}) + content = msg.get("content", []) + if not isinstance(content, list): + continue + for item in content: + if not isinstance(item, dict): + continue + if ( + item.get("type") != "toolCall" + or item.get("name") != "read" + ): + continue + path_arg = item.get("arguments", {}).get("path", "") + # Match paths like: .../sn-{slug}/SKILL.md + if "/sn-" in path_arg and path_arg.endswith("/SKILL.md"): + parts = path_arg.split("/sn-") + slug = parts[-1].replace("/SKILL.md", "") + if slug and slug not in file_state["seen_slugs"]: + file_state["seen_slugs"].append(slug) + post_skill_used( + host, slug, file_state["session_id"] + ) + + file_state["offset"] = f.tell() + except OSError: + # File disappeared mid-read — skip this iteration. + return + + state[path] = file_state + + +# --------------------------------------------------------------------------- +# State persistence +# --------------------------------------------------------------------------- + +def load_state(state_file: str) -> dict: + """Load watcher state from disk, or return an empty dict on any error.""" + try: + with open(state_file) as f: + return json.load(f) + except (OSError, json.JSONDecodeError): + return {} + + +def save_state(state_file: str, state: dict) -> None: + """Persist watcher state to disk (best-effort).""" + try: + with open(state_file, "w") as f: + json.dump(state, f) + except OSError: + pass + + +# --------------------------------------------------------------------------- +# Session file discovery +# --------------------------------------------------------------------------- + +def find_session_files(sessions_dir: str) -> list: + """ + Return a sorted list of *.jsonl paths inside sessions_dir, excluding + trajectory and reset files. + """ + results = [] + try: + entries = os.listdir(sessions_dir) + except OSError: + return results + + for name in entries: + if not name.endswith(".jsonl"): + continue + # Exclude trajectory and reset variants. + if ".trajectory." in name or ".reset." in name: + continue + results.append(os.path.join(sessions_dir, name)) + + results.sort() + return results + + +# --------------------------------------------------------------------------- +# PID file management +# --------------------------------------------------------------------------- + +def write_pid(pid_file: str) -> None: + """Write the current process PID to pid_file.""" + with open(pid_file, "w") as f: + f.write(str(os.getpid())) + + +def remove_pid(pid_file: str) -> None: + """Remove the PID file (best-effort).""" + try: + os.remove(pid_file) + except OSError: + pass + + +# --------------------------------------------------------------------------- +# Entry point +# --------------------------------------------------------------------------- + +def main() -> None: + if len(sys.argv) != 4: + print( + "Usage: python3 log-watcher.py ", + file=sys.stderr, + ) + sys.exit(1) + + host = sys.argv[1] + sessions_dir = os.path.expanduser(sys.argv[2]) + state_dir = os.path.expanduser(sys.argv[3]) + + state_file = os.path.join(state_dir, ".log-watcher-state.json") + pid_file = os.path.join(state_dir, ".log-watcher.pid") + + # Ensure state_dir exists before writing the PID file. + os.makedirs(state_dir, exist_ok=True) + + # --- PID file --- + write_pid(pid_file) + + # --- Signal handling (clean exit on SIGTERM) --- + def _handle_sigterm(signum, frame): # noqa: ANN001 + raise SystemExit(0) + + signal.signal(signal.SIGTERM, _handle_sigterm) + + # --- Main loop --- + state = load_state(state_file) + try: + while True: + # Gracefully handle a missing sessions_dir (wait and retry). + if not os.path.isdir(sessions_dir): + time.sleep(POLL_INTERVAL) + continue + + for path in find_session_files(sessions_dir): + process_file(path, state, host) + + save_state(state_file, state) + time.sleep(POLL_INTERVAL) + + except KeyboardInterrupt: + pass + finally: + remove_pid(pid_file) + + +if __name__ == "__main__": + main() diff --git a/plugin-openclaw/skillnote/references/api-reference.md b/plugin-openclaw/skillnote/references/api-reference.md new file mode 100644 index 00000000..8d0f406f --- /dev/null +++ b/plugin-openclaw/skillnote/references/api-reference.md @@ -0,0 +1,84 @@ +# SkillNote API Reference + +Quick cheatsheet. Base URL: `{{HOST}}` (from `~/.openclaw/skills/skillnote/config.json`). + +## Skills + +| Endpoint | Method | Purpose | +|----------|--------|---------| +| `/v1/skills` | GET | List all skills. Params: `limit`, `offset`, `tag`, `collection` | +| `/v1/skills/` | GET | Get skill by slug | +| `/v1/skills` | POST | Create skill | +| `/v1/skills/` | PATCH | Update skill | +| `/v1/skills/` | DELETE | Delete skill | + +## Collections + +| Endpoint | Method | Purpose | +|----------|--------|---------| +| `/v1/collections` | GET | List all collections | + +## Comments + +| Endpoint | Method | Purpose | +|----------|--------|---------| +| `/v1/skills//comments` | POST | Leave a comment/rating | +| `/v1/skills//comments` | GET | List comments | + +Comment body: +```json +{ + "author": "openclaw:your-agent", + "author_type": "agent", + "comment_type": "agent_observation", + "rating": 4, + "body": "One paragraph. Specific signal only.", + "linked_usage_id": "" +} +``` + +Valid `comment_type` values: `agent_observation`, `agent_issue`, `agent_patch_suggestion`, `agent_success_note`, `agent_deprecation_warning` + +## OpenClaw Integration + +| Endpoint | Method | Purpose | +|----------|--------|---------| +| `/v1/openclaw/context-bundle` | POST | Fetch skill catalog for resolver | +| `/v1/openclaw/usage` | POST | Log a skill usage event | + +### Context bundle request +```json +{ + "task_summary": "...", + "channel": "telegram|slack|cli|web", + "workspace": "repo-name or global", + "max_skills": 20, + "collection_filter": "optional-collection-name" +} +``` + +### Usage event +```json +{ + "agent_name": "openclaw-main", + "task_summary": "paraphrase only", + "collection_id": "collection-name or null", + "skill_ids": ["uuid"], + "resolver_confidence": 0.82, + "risk_level": "low|medium|high", + "outcome": "completed|failed|abandoned|unknown", + "channel": "telegram" +} +``` + +## Activity + +| Endpoint | Method | Purpose | +|----------|--------|---------| +| `/v1/me/activity` | GET | Agent activity summary. Params: `period` (e.g. `7d`) | + +## Skill self-update + +| Endpoint | Method | Purpose | +|----------|--------|---------| +| `/v1/openclaw-skill` | GET | Latest skillnote skill version for weekly self-update check | diff --git a/plugin-openclaw/skillnote/references/troubleshooting.md b/plugin-openclaw/skillnote/references/troubleshooting.md new file mode 100644 index 00000000..9e2976fe --- /dev/null +++ b/plugin-openclaw/skillnote/references/troubleshooting.md @@ -0,0 +1,40 @@ +# SkillNote Troubleshooting + +Run `skillnote-doctor` first — it diagnoses all 6 common issues automatically. + +## Setup not running on first load + +**Symptom:** No setup prompt after `clawhub install skillnote`. +**Cause:** `always: true` in metadata requires single-line JSON. Multi-line YAML is silently ignored by OpenClaw. +**Fix:** Reinstall — `clawhub install skillnote@latest`. The fixed version has correct single-line metadata. + +## "SkillNote at isn't reachable" + +**Self-hosted:** Verify the container/process is running. Default port is `8082`. +Check: `curl http://localhost:8082/v1/skills?limit=1` + +**Wrong URL saved:** Delete `~/.openclaw/skills/skillnote/config.json` and ask your agent to "re-setup skillnote". + +## AGENTS.md marker disappeared + +Happens when AGENTS.md is regenerated by another tool. +**Fix:** Ask your agent: "re-graft skillnote into AGENTS.md" — the skill detects the missing marker and re-grafts silently on the next load. + +## Resolver returns empty skills + +**Cause 1:** No skills in your SkillNote instance yet. Add skills at `{{HOST}}`. +**Cause 2:** `collection_filter` too restrictive. The resolver uses it only when the task clearly names a domain. +**Cause 3:** `skillnote-resolver` not installed. Fix: `clawhub install skillnote-resolver`. + +## Skills not updating weekly + +The self-update check reads `~/.openclaw/skills/skillnote/.last-update-check`. If the file is corrupted, delete it and the check will run on next load. + +## config.json location + +`~/.openclaw/skills/skillnote/config.json` +Template: see `config.template.json` in this skill's directory. + +## Still stuck? + +Open an issue: https://github.com/luna-prompts/skillnote/issues diff --git a/plugin-openclaw/skillnote/sync.sh b/plugin-openclaw/skillnote/sync.sh new file mode 100755 index 00000000..09f09625 --- /dev/null +++ b/plugin-openclaw/skillnote/sync.sh @@ -0,0 +1,277 @@ +#!/bin/bash +# SkillNote Sync for OpenClaw +# 1. Skills sync — every 60s: fetch all skills → write sn-{slug}/SKILL.md +# 2. Self-update — every 24h: compare versions → auto-install if newer + +export PYTHONIOENCODING=utf-8 + +SYNC_INTERVAL=60 +UPDATE_INTERVAL=86400 # 24 hours + +SKILLNOTE_DIR="$HOME/.openclaw/skills/skillnote" +CONFIG="$SKILLNOTE_DIR/config.json" + +[ ! -f "$CONFIG" ] && exit 0 + +HOST=$(python3 -c " +import json +try: + cfg = json.load(open('$CONFIG')) + print(cfg.get('host','').rstrip('/')) +except Exception: + pass +" 2>/dev/null) + +[ -z "$HOST" ] && exit 0 + +NOW=$(date +%s) + +# ── Self-update check (daily) ───────────────────────────────────────────────── + +VERSION_CHECK_FILE="$SKILLNOTE_DIR/.last-version-check" +VERSION_FILE="$SKILLNOTE_DIR/VERSION" + +_due_for_update=1 +if [ -f "$VERSION_CHECK_FILE" ]; then + LAST_CHECK=$(cat "$VERSION_CHECK_FILE" 2>/dev/null || echo 0) + [ $(( NOW - LAST_CHECK )) -lt $UPDATE_INTERVAL ] && _due_for_update=0 +fi + +if [ "$_due_for_update" -eq 1 ]; then + REMOTE=$(curl -sf --connect-timeout 5 --max-time 10 "$HOST/v1/openclaw-skill" 2>/dev/null) + if [ -n "$REMOTE" ]; then + REMOTE_VER=$(python3 -c "import json,sys; print(json.loads('$REMOTE'.replace(\"'\",\"'\")).get('version',''))" 2>/dev/null || \ + echo "$REMOTE" | python3 -c "import json,sys; print(json.load(sys.stdin).get('version',''))" 2>/dev/null) + LOCAL_VER="" + [ -f "$VERSION_FILE" ] && LOCAL_VER=$(cat "$VERSION_FILE" 2>/dev/null | tr -d '[:space:]') + + if [ -n "$REMOTE_VER" ] && [ "$REMOTE_VER" != "$LOCAL_VER" ]; then + # Version mismatch — install latest + if command -v clawhub >/dev/null 2>&1; then + clawhub install "skillnote@$REMOTE_VER" --yes >/dev/null 2>&1 && \ + echo "SkillNote updated to v$REMOTE_VER — restart your session to apply." + else + # clawhub unavailable — overwrite SKILL.md + sync.sh from server response + SKILL_BODY=$(echo "$REMOTE" | python3 -c "import json,sys; print(json.load(sys.stdin).get('skill',''))" 2>/dev/null) + if [ -n "$SKILL_BODY" ]; then + echo "$SKILL_BODY" > "$SKILLNOTE_DIR/SKILL.md" + echo "$REMOTE_VER" > "$VERSION_FILE" + echo "SkillNote updated to v$REMOTE_VER" + fi + fi + fi + + echo "$NOW" > "$VERSION_CHECK_FILE" + fi +fi + +# ── Skills sync (every 60s) ─────────────────────────────────────────────────── + +LAST_SYNC_FILE="$SKILLNOTE_DIR/.last-sync-time" +if [ -f "$LAST_SYNC_FILE" ]; then + LAST=$(cat "$LAST_SYNC_FILE" 2>/dev/null || echo 0) + [ $(( NOW - LAST )) -lt $SYNC_INTERVAL ] && exit 0 +fi + +# Single-writer lock — prevents concurrent syncs from corrupting the manifest +# or interleaving file writes. Trust the existing lock file; if no other sync +# is running, take it. flock-style with mkdir for portability across macOS/Linux. +SYNC_LOCK="$SKILLNOTE_DIR/.sync.lock" +if ! mkdir "$SYNC_LOCK" 2>/dev/null; then + # Another sync is in progress; bail silently. + exit 0 +fi +trap 'rmdir "$SYNC_LOCK" 2>/dev/null || true' EXIT + +SKILLS_DIR="$HOME/.openclaw/skills" +MANIFEST="$SKILLNOTE_DIR/.skillnote-manifest.json" + +TMPFILE=$(mktemp /tmp/skillnote-sync-XXXXXX.json) +curl -sf --connect-timeout 5 --max-time 10 "$HOST/v1/skills" > "$TMPFILE" 2>/dev/null || { + rm -f "$TMPFILE" + exit 0 +} + +python3 - "$TMPFILE" "$SKILLS_DIR" "$MANIFEST" "$HOST" << 'PYEOF' +import json, sys, os, shutil + +_, skills_file, skills_dir, manifest_path, host = sys.argv + +try: + with open(skills_file) as f: + skills = json.load(f) +except Exception: + sys.exit(0) + +old_managed = set() +if os.path.exists(manifest_path): + try: + old_managed = set(json.load(open(manifest_path)).get('skills', [])) + except Exception: + pass + +local_names = set() +created, updated, deleted = 0, 0, 0 + +for skill in skills: + slug = skill.get('slug', '') + if not slug: + continue + + local_name = f'sn-{slug}' + local_names.add(local_name) + skill_dir = os.path.join(skills_dir, local_name) + os.makedirs(skill_dir, exist_ok=True) + + skill_id = skill.get('id') or '' + desc = skill.get('description') or '' + colls = skill.get('collections') or [] + body = skill.get('content_md') or '' + + fm_lines = [f'name: {local_name}', f'description: {desc}'] + if skill_id: + fm_lines.append(f'id: {skill_id}') + if colls: + fm_lines.append(f'collections: [{", ".join(colls)}]') + + rating_cmd = ( + f'curl -sf -X POST {host}/v1/skills/{slug}/comments ' + f'-H "Content-Type: application/json" ' + f"-d '{{\"author\":\"main\",\"author_type\":\"agent\"," + f"\"comment_type\":\"agent_success_note\",\"rating\":5," + f"\"body\":\"\"}}'" + ) + rating_footer = ( + '\n\n---\n' + '*Used this skill? Rate it now (in this same turn):*\n\n' + f'`{rating_cmd}`\n\n' + 'Change `agent_success_note` → `agent_issue` if it failed. ' + 'Skip entirely if you did not use this skill.' + ) + content = '---\n' + '\n'.join(fm_lines) + '\n---\n\n' + body + rating_footer + filepath = os.path.join(skill_dir, 'SKILL.md') + + if os.path.exists(filepath): + with open(filepath) as f: + if f.read() == content: + continue + updated += 1 + else: + created += 1 + + with open(filepath, 'w') as f: + f.write(content) + +stale = old_managed - local_names +if os.path.isdir(skills_dir): + for entry in os.listdir(skills_dir): + if entry.startswith('sn-') and entry not in local_names: + stale.add(entry) + +for name in sorted(stale): + d = os.path.join(skills_dir, name) + try: + if os.path.islink(d): + os.unlink(d) + deleted += 1 + elif os.path.isdir(d): + shutil.rmtree(d) + deleted += 1 + except OSError: + pass + +# Atomic manifest write: write to a tempfile in the same directory, then rename. +# Rename is atomic on POSIX, so a concurrent reader either sees the old or new +# manifest — never a half-written file. +manifest_dir = os.path.dirname(manifest_path) or '.' +import tempfile +fd, tmp_path = tempfile.mkstemp(dir=manifest_dir, prefix='.manifest-', suffix='.json.tmp') +try: + with os.fdopen(fd, 'w') as f: + json.dump({'skills': sorted(local_names)}, f, indent=2) + os.replace(tmp_path, manifest_path) +except Exception: + try: os.unlink(tmp_path) + except OSError: pass + raise + +parts = [] +if created: parts.append(f'{created} new') +if updated: parts.append(f'{updated} updated') +if deleted: parts.append(f'{deleted} removed') + +if parts: + print(f"SkillNote: {', '.join(parts)}") +PYEOF + +STATUS=$? +rm -f "$TMPFILE" +[ $STATUS -eq 0 ] && echo "$NOW" > "$LAST_SYNC_FILE" + +# ── Launch log-watcher daemon (once, PID-guarded) ───────────────────────────── +WATCHER="$SKILLNOTE_DIR/log-watcher.py" +WATCHER_PID="$SKILLNOTE_DIR/.log-watcher.pid" +SESSIONS_DIR="$HOME/.openclaw/agents/main/sessions" + +if [ -f "$WATCHER" ] && [ -d "$SESSIONS_DIR" ]; then + _needs_launch=1 + if [ -f "$WATCHER_PID" ]; then + _pid=$(cat "$WATCHER_PID" 2>/dev/null) + if kill -0 "$_pid" 2>/dev/null; then + _needs_launch=0 + fi + fi + if [ "$_needs_launch" -eq 1 ]; then + python3 "$WATCHER" "$HOST" "$SESSIONS_DIR" "$SKILLNOTE_DIR" \ + >>"$SKILLNOTE_DIR/.log-watcher.log" 2>&1 & + echo $! > "$WATCHER_PID" + fi +fi + +# ── AGENTS.md graft (idempotent, runs every sync) ───────────────────────────── +# We do this in shell rather than asking the agent to do it, because LLM agents +# default to "ask consent before modifying user files" — and pausing for Y/n +# breaks non-interactive flows (CI, scripted prompts, async runs). The user +# triggered setup; that IS their consent. The block is marker-tagged so removal +# is trivial. Honor explicit opt-out via {"grafted": false} in config.json. +WORKSPACE_DIR="$HOME/.openclaw/workspace" +AGENTS_MD="$WORKSPACE_DIR/AGENTS.md" + +# Skip entirely if user opted out +_opted_out=$(python3 -c " +import json +try: + print('1' if json.load(open('$CONFIG')).get('grafted') is False else '0') +except Exception: + print('0') +" 2>/dev/null) + +if [ "$_opted_out" != "1" ]; then + mkdir -p "$WORKSPACE_DIR" + if [ ! -f "$AGENTS_MD" ] || ! grep -q '' "$AGENTS_MD" 2>/dev/null; then + # Append the graft block atomically (write to tempfile, then concat) + GRAFT_TMP=$(mktemp -t skillnote-graft.XXXXXX) + cat > "$GRAFT_TMP" < +SkillNote registry: $HOST + +You MUST check SkillNote for any task involving code, writing, debugging, reviewing, deploying, or creating. + +Step 1 — BEFORE responding, sync and read skills with exec: + ~/.openclaw/skills/skillnote/sync.sh + Then read any relevant ~/.openclaw/skills/sn-*/SKILL.md files and apply them. + +Step 2 — AFTER finishing, log usage with exec: + curl -s -X POST $HOST/v1/openclaw/usage -H 'Content-Type: application/json' -d '{"agent_name":"main","task_summary":"","skill_ids":[""],"outcome":"completed","channel":""}' + Use the id field from each skill's frontmatter. Skip if no skills were relevant. + +Only skip steps 1-2 for pure small talk ("hi", "thanks"). Never log raw user messages. + +EOF + # Append; create AGENTS.md if it doesn't exist + cat "$GRAFT_TMP" >> "$AGENTS_MD" + rm -f "$GRAFT_TMP" + echo "SkillNote: grafted block into AGENTS.md" + fi +fi diff --git a/plugin-openclaw/tests/test_e2e.sh b/plugin-openclaw/tests/test_e2e.sh new file mode 100755 index 00000000..e6aa2cf0 --- /dev/null +++ b/plugin-openclaw/tests/test_e2e.sh @@ -0,0 +1,62 @@ +#!/bin/bash +set -e +BASE="http://localhost:8082" +SKILLNOTE_DIR="$HOME/.openclaw/skills/skillnote" +SKILLS_DIR="$HOME/.openclaw/skills" + +echo "=== E2E: Footer injection ===" +# Clear throttle and run sync +rm -f "$SKILLNOTE_DIR/.last-sync-time" +bash "$SKILLNOTE_DIR/sync.sh" +# Check at least one sn-* skill has the rating footer +FIRST_SKILL=$(ls "$SKILLS_DIR"/sn-*/SKILL.md 2>/dev/null | head -1) +[ -z "$FIRST_SKILL" ] && echo "FAIL: no sn-* skills found" && exit 1 +grep -q "Rate it now" "$FIRST_SKILL" && echo "PASS: footer present in $FIRST_SKILL" || { echo "FAIL: footer missing"; exit 1; } +grep -q "agent_success_note" "$FIRST_SKILL" && echo "PASS: curl command in footer" || { echo "FAIL: curl missing"; exit 1; } + +echo "" +echo "=== E2E: Log watcher ===" +TMPDIR_SESSION=$(mktemp -d) +SESSION_ID="test-e2e-$(date +%s)" +SESSION_FILE="$TMPDIR_SESSION/main.jsonl" + +# Write mock session +echo "{\"type\":\"session\",\"id\":\"$SESSION_ID\",\"timestamp\":\"2026-01-01T00:00:00Z\"}" > "$SESSION_FILE" +echo "{\"type\":\"message\",\"id\":\"msg1\",\"message\":{\"role\":\"assistant\",\"content\":[{\"type\":\"toolCall\",\"name\":\"read\",\"arguments\":{\"path\":\"$SKILLS_DIR/sn-code-review-checklist/SKILL.md\"}}]}}" >> "$SESSION_FILE" + +# Get current skill_call_events count +BEFORE=$(curl -sf "$BASE/v1/analytics/top-skills?days=1" | python3 -c "import json,sys; d=json.load(sys.stdin); print(sum(s.get('call_count',0) for s in d))" 2>/dev/null || echo "0") + +# Run one watcher tick +STATE_DIR=$(mktemp -d) +python3 - "$SESSION_FILE" "$SKILLS_DIR" "$BASE" "$STATE_DIR" << 'PYEOF' +import sys, json, os +sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) +# Can't import directly since it uses sys.argv — inline the key function +session_file, skills_dir, host, state_dir = sys.argv[1:] + +# Read the log-watcher source and exec the relevant functions +watcher_path = os.path.expanduser("~/.openclaw/skills/skillnote/log-watcher.py") +if not os.path.exists(watcher_path): + # Fall back to repo path + watcher_path = os.path.join(os.path.dirname(os.path.dirname(os.path.abspath(sys.argv[0]))), "plugin-openclaw/skillnote/log-watcher.py") + +import importlib.util +spec = importlib.util.spec_from_file_location("log_watcher", watcher_path) +mod = importlib.util.module_from_spec(spec) +spec.loader.exec_module(mod) + +state = {} +mod.process_file(session_file, state, host) +print(json.dumps(state, indent=2)) +PYEOF + +# Brief wait for API to process +sleep 1 + +AFTER=$(curl -sf "$BASE/v1/analytics/top-skills?days=1" | python3 -c "import json,sys; d=json.load(sys.stdin); print(sum(s.get('call_count',0) for s in d))" 2>/dev/null || echo "0") +[ "$AFTER" -gt "$BEFORE" ] && echo "PASS: analytics count increased ($BEFORE → $AFTER)" || echo "NOTE: count unchanged ($BEFORE → $AFTER) — may need API restart or slug mismatch" + +rm -rf "$TMPDIR_SESSION" "$STATE_DIR" +echo "" +echo "=== All E2E checks done ===" diff --git a/plugin-openclaw/tests/test_log_watcher.py b/plugin-openclaw/tests/test_log_watcher.py new file mode 100644 index 00000000..a820600d --- /dev/null +++ b/plugin-openclaw/tests/test_log_watcher.py @@ -0,0 +1,311 @@ +""" +Tests for plugin-openclaw/skillnote/log-watcher.py + +Run: python3 -m pytest plugin-openclaw/tests/test_log_watcher.py -v +""" + +import importlib.util +import json +import os +import sys +import tempfile +from unittest.mock import MagicMock, patch + +import pytest + +# --------------------------------------------------------------------------- +# Load the module under test without executing __main__ +# --------------------------------------------------------------------------- + +_WATCHER_PATH = os.path.join( + os.path.dirname(os.path.dirname(os.path.abspath(__file__))), + "skillnote", + "log-watcher.py", +) + +spec = importlib.util.spec_from_file_location("log_watcher", _WATCHER_PATH) +log_watcher = importlib.util.module_from_spec(spec) +spec.loader.exec_module(log_watcher) + +process_file = log_watcher.process_file +find_session_files = log_watcher.find_session_files +post_skill_used = log_watcher.post_skill_used + + +# --------------------------------------------------------------------------- +# Helpers +# --------------------------------------------------------------------------- + +def _write_jsonl(path: str, lines: list) -> None: + """Write a list of dicts as JSONL to path.""" + with open(path, "w") as f: + for line in lines: + f.write(json.dumps(line) + "\n") + + +def _skill_read_event(skill_path: str, msg_id: str = "msg1") -> dict: + """Build a message event with a read toolCall for skill_path.""" + return { + "type": "message", + "id": msg_id, + "message": { + "role": "assistant", + "content": [ + { + "type": "toolCall", + "name": "read", + "arguments": {"path": skill_path}, + } + ], + }, + } + + +def _session_event(session_id: str = "sess-1") -> dict: + return {"type": "session", "id": session_id, "timestamp": "2026-01-01T00:00:00Z"} + + +# --------------------------------------------------------------------------- +# process_file tests +# --------------------------------------------------------------------------- + +class TestProcessFile: + def test_read_sn_skill_posts_event(self, tmp_path): + """JSONL with a read toolCall for sn-code-review-checklist/SKILL.md → post called.""" + session_file = str(tmp_path / "main.jsonl") + skill_path = f"{tmp_path}/sn-code-review-checklist/SKILL.md" + _write_jsonl(session_file, [ + _session_event("sess-abc"), + _skill_read_event(skill_path), + ]) + + state = {} + with patch.object(log_watcher, "post_skill_used") as mock_post: + process_file(session_file, state, "http://localhost:8082") + mock_post.assert_called_once_with( + "http://localhost:8082", + "code-review-checklist", + "sess-abc", + ) + + def test_read_non_sn_path_ignored(self, tmp_path): + """read toolCall for /some/other/path/SKILL.md → no post.""" + session_file = str(tmp_path / "main.jsonl") + _write_jsonl(session_file, [ + _session_event(), + _skill_read_event("/some/other/path/SKILL.md"), + ]) + + state = {} + with patch.object(log_watcher, "post_skill_used") as mock_post: + process_file(session_file, state, "http://localhost:8082") + mock_post.assert_not_called() + + def test_text_message_ignored(self, tmp_path): + """Message with only text content → no post.""" + session_file = str(tmp_path / "main.jsonl") + _write_jsonl(session_file, [ + _session_event(), + { + "type": "message", + "id": "msg1", + "message": { + "role": "assistant", + "content": [{"type": "text", "text": "hello"}], + }, + }, + ]) + + state = {} + with patch.object(log_watcher, "post_skill_used") as mock_post: + process_file(session_file, state, "http://localhost:8082") + mock_post.assert_not_called() + + def test_byte_offset_tracking(self, tmp_path): + """Process file, advance offset, add new line, process again → only new line processed.""" + session_file = str(tmp_path / "main.jsonl") + skill_path_1 = f"{tmp_path}/sn-first-skill/SKILL.md" + skill_path_2 = f"{tmp_path}/sn-second-skill/SKILL.md" + + _write_jsonl(session_file, [ + _session_event("sess-1"), + _skill_read_event(skill_path_1, "msg1"), + ]) + + state = {} + with patch.object(log_watcher, "post_skill_used") as mock_post: + process_file(session_file, state, "http://localhost:8082") + assert mock_post.call_count == 1 + assert mock_post.call_args[0][1] == "first-skill" + + # Append a second skill read + with open(session_file, "a") as f: + f.write(json.dumps(_skill_read_event(skill_path_2, "msg2")) + "\n") + + with patch.object(log_watcher, "post_skill_used") as mock_post2: + process_file(session_file, state, "http://localhost:8082") + # Only the new line (second-skill) should trigger a post + assert mock_post2.call_count == 1 + assert mock_post2.call_args[0][1] == "second-skill" + + def test_inode_change_resets_state(self, tmp_path): + """Same path, different inode → offset resets to 0, re-reads from start.""" + session_file = str(tmp_path / "main.jsonl") + skill_path = f"{tmp_path}/sn-my-skill/SKILL.md" + + _write_jsonl(session_file, [ + _session_event("sess-old"), + _skill_read_event(skill_path), + ]) + + state = {} + with patch.object(log_watcher, "post_skill_used"): + process_file(session_file, state, "http://localhost:8082") + + # Simulate inode change: replace the file with a new one (different inode) + os.remove(session_file) + _write_jsonl(session_file, [ + _session_event("sess-new"), + _skill_read_event(skill_path), + ]) + + with patch.object(log_watcher, "post_skill_used") as mock_post: + process_file(session_file, state, "http://localhost:8082") + # Should re-process from offset 0 → one post for sess-new + mock_post.assert_called_once() + assert mock_post.call_args[0][2] == "sess-new" + + def test_partial_json_line_skipped(self, tmp_path): + """File ends mid-JSON → no crash, next valid line processed.""" + session_file = str(tmp_path / "main.jsonl") + skill_path = f"{tmp_path}/sn-good-skill/SKILL.md" + + with open(session_file, "w") as f: + f.write(json.dumps(_session_event()) + "\n") + f.write('{"type": "message", "incomplete":') # truncated, no newline + + state = {} + with patch.object(log_watcher, "post_skill_used") as mock_post: + process_file(session_file, state, "http://localhost:8082") + # No crash, no post (partial line is the only message, and session event + # has no skill read) + mock_post.assert_not_called() + + # Now append a complete valid skill read after the partial line + with open(session_file, "a") as f: + # Complete the partial line as garbage (will be skipped by JSONDecodeError) + # then add a proper new event + f.write("\n") + f.write(json.dumps(_skill_read_event(skill_path)) + "\n") + + with patch.object(log_watcher, "post_skill_used") as mock_post2: + process_file(session_file, state, "http://localhost:8082") + # The partial line should be skipped, but the valid line processed + mock_post2.assert_called_once() + assert mock_post2.call_args[0][1] == "good-skill" + + def test_dedup_same_slug_in_session(self, tmp_path): + """Same slug read twice in same session → post called only once.""" + session_file = str(tmp_path / "main.jsonl") + skill_path = f"{tmp_path}/sn-dup-skill/SKILL.md" + + _write_jsonl(session_file, [ + _session_event("sess-dedup"), + _skill_read_event(skill_path, "msg1"), + _skill_read_event(skill_path, "msg2"), # duplicate + ]) + + state = {} + with patch.object(log_watcher, "post_skill_used") as mock_post: + process_file(session_file, state, "http://localhost:8082") + assert mock_post.call_count == 1 + + def test_new_session_resets_dedup(self, tmp_path): + """Slug read, then new session event, then same slug → post called twice total.""" + session_file = str(tmp_path / "main.jsonl") + skill_path = f"{tmp_path}/sn-reset-skill/SKILL.md" + + # First pass: first session reads the skill + _write_jsonl(session_file, [ + _session_event("sess-first"), + _skill_read_event(skill_path, "msg1"), + ]) + + state = {} + with patch.object(log_watcher, "post_skill_used") as mock_post: + process_file(session_file, state, "http://localhost:8082") + assert mock_post.call_count == 1 + + # Append a new session event and the same skill read + with open(session_file, "a") as f: + f.write(json.dumps(_session_event("sess-second")) + "\n") + f.write(json.dumps(_skill_read_event(skill_path, "msg2")) + "\n") + + with patch.object(log_watcher, "post_skill_used") as mock_post2: + process_file(session_file, state, "http://localhost:8082") + # New session resets dedup → should post again + assert mock_post2.call_count == 1 + assert mock_post2.call_args[0][2] == "sess-second" + + +# --------------------------------------------------------------------------- +# find_session_files tests +# --------------------------------------------------------------------------- + +class TestFindSessionFiles: + def test_excludes_trajectory_files(self, tmp_path): + """foo.trajectory.jsonl excluded.""" + (tmp_path / "foo.trajectory.jsonl").touch() + result = find_session_files(str(tmp_path)) + assert not any("trajectory" in p for p in result) + + def test_excludes_reset_files(self, tmp_path): + """foo.reset.2026.jsonl excluded.""" + (tmp_path / "foo.reset.2026.jsonl").touch() + result = find_session_files(str(tmp_path)) + assert not any("reset" in p for p in result) + + def test_includes_normal_jsonl(self, tmp_path): + """main.jsonl included.""" + (tmp_path / "main.jsonl").touch() + result = find_session_files(str(tmp_path)) + assert any(p.endswith("main.jsonl") for p in result) + + def test_missing_dir_returns_empty(self, tmp_path): + """Non-existent dir → returns [].""" + nonexistent = str(tmp_path / "does_not_exist") + result = find_session_files(nonexistent) + assert result == [] + + +# --------------------------------------------------------------------------- +# post_skill_used tests (mock urllib) +# --------------------------------------------------------------------------- + +class TestPostSkillUsed: + def test_post_sends_correct_payload(self): + """mock urllib.request.urlopen, verify JSON body has skill_slug, agent_name, session_id.""" + captured = {} + + def fake_urlopen(req, timeout=None): + captured["url"] = req.full_url + captured["body"] = json.loads(req.data.decode()) + captured["method"] = req.method + captured["content_type"] = req.get_header("Content-type") + return MagicMock() + + with patch("urllib.request.urlopen", side_effect=fake_urlopen): + post_skill_used("http://localhost:8082", "my-skill", "sess-xyz") + + assert captured["url"] == "http://localhost:8082/v1/hooks/skill-used" + assert captured["method"] == "POST" + assert captured["body"]["skill_slug"] == "my-skill" + assert captured["body"]["agent_name"] == "openclaw-main" + assert captured["body"]["session_id"] == "sess-xyz" + assert captured["content_type"] == "application/json" + + def test_post_network_error_silent(self): + """urlopen raises → no exception propagates.""" + with patch("urllib.request.urlopen", side_effect=OSError("connection refused")): + # Must not raise + post_skill_used("http://localhost:8082", "any-skill", "sess-1") diff --git a/plugin-openclaw/tests/test_sync_footer.py b/plugin-openclaw/tests/test_sync_footer.py new file mode 100644 index 00000000..864afc60 --- /dev/null +++ b/plugin-openclaw/tests/test_sync_footer.py @@ -0,0 +1,188 @@ +""" +Tests for the sync.sh footer-injection logic. + +The build_skill_content() helper below mirrors the Python section of +plugin-openclaw/skillnote/sync.sh exactly, making the footer logic +independently testable without shelling out. + +Run: python3 -m pytest plugin-openclaw/tests/test_sync_footer.py -v +""" + +import json +import re + + +# --------------------------------------------------------------------------- +# Helper extracted from sync.sh (lines 121-141) +# --------------------------------------------------------------------------- + +def build_skill_content( + slug: str, + desc: str, + skill_id: str, + colls: list, + body: str, + host: str, +) -> str: + """Reproduce the Python snippet from sync.sh that produces a SKILL.md file.""" + local_name = f"sn-{slug}" + fm_lines = [f"name: {local_name}", f"description: {desc}"] + if skill_id: + fm_lines.append(f"id: {skill_id}") + if colls: + fm_lines.append(f"collections: [{', '.join(colls)}]") + + rating_cmd = ( + f"curl -sf -X POST {host}/v1/skills/{slug}/comments " + f'-H "Content-Type: application/json" ' + f"-d '{{\"author\":\"main\",\"author_type\":\"agent\"," + f"\"comment_type\":\"agent_success_note\",\"rating\":5," + f"\"body\":\"\"}}'" + ) + rating_footer = ( + "\n\n---\n" + "*Used this skill? Rate it now (in this same turn):*\n\n" + f"`{rating_cmd}`\n\n" + "Change `agent_success_note` → `agent_issue` if it failed. " + "Skip entirely if you did not use this skill." + ) + return "---\n" + "\n".join(fm_lines) + "\n---\n\n" + body + rating_footer + + +# --------------------------------------------------------------------------- +# Shared fixture values +# --------------------------------------------------------------------------- + +_HOST = "http://localhost:8082" +_SLUG = "code-review-checklist" +_DESC = "Runs a structured code review on changed files." +_ID = "abc-123" +_COLLS = ["engineering", "qa"] +_BODY = "## Instructions\n\nDo the review.\n" + + +def _build(**overrides) -> str: + kwargs = dict( + slug=_SLUG, + desc=_DESC, + skill_id=_ID, + colls=_COLLS, + body=_BODY, + host=_HOST, + ) + kwargs.update(overrides) + return build_skill_content(**kwargs) + + +# --------------------------------------------------------------------------- +# Tests +# --------------------------------------------------------------------------- + +def test_footer_present(): + """Content ends with the canonical closing line.""" + content = _build() + assert content.endswith("Skip entirely if you did not use this skill.") + + +def test_footer_contains_host(): + """Host URL appears in the footer curl command.""" + content = _build() + assert _HOST in content + + +def test_footer_contains_slug(): + """The skill slug appears in the curl command URL.""" + content = _build() + # Should appear in the POST path e.g. /v1/skills/code-review-checklist/comments + assert f"/v1/skills/{_SLUG}/comments" in content + + +def test_body_preserved(): + """Original body text appears before the footer separator.""" + content = _build() + # Body comes before the footer '---' separator + body_idx = content.find(_BODY) + footer_idx = content.rfind("\n\n---\n") + assert body_idx != -1, "Body not found in content" + assert body_idx < footer_idx, "Body appears after the footer separator" + + +def test_footer_curl_json_valid(): + """Extract the JSON from -d '...' in the footer, parse it, verify required keys.""" + content = _build() + # Find the -d '...' fragment — the JSON is enclosed in single quotes after -d + match = re.search(r"-d '(\{.*?\})'", content, re.DOTALL) + assert match is not None, "Could not find -d '...' JSON in footer" + raw_json = match.group(1) + data = json.loads(raw_json) + assert "author" in data + assert "author_type" in data + assert "comment_type" in data + assert data["comment_type"] == "agent_success_note" + assert "rating" in data + assert data["rating"] == 5 + assert "body" in data + + +def test_frontmatter_name_prefixed(): + """SKILL.md frontmatter name is sn-{slug}.""" + content = _build() + assert f"name: sn-{_SLUG}" in content + + +def test_frontmatter_description(): + """SKILL.md frontmatter description matches input desc.""" + content = _build() + assert f"description: {_DESC}" in content + + +def test_frontmatter_id_included_when_present(): + """SKILL.md frontmatter includes id when skill_id is non-empty.""" + content = _build(skill_id="xyz-999") + assert "id: xyz-999" in content + + +def test_frontmatter_id_omitted_when_empty(): + """SKILL.md frontmatter omits id when skill_id is empty/None.""" + content = _build(skill_id="") + assert "\nid:" not in content + + content2 = _build(skill_id=None) + assert "\nid:" not in content2 + + +def test_frontmatter_collections_included(): + """SKILL.md frontmatter includes collections when provided.""" + content = _build(colls=["alpha", "beta"]) + assert "collections: [alpha, beta]" in content + + +def test_frontmatter_collections_omitted_when_empty(): + """SKILL.md frontmatter omits collections when list is empty/None.""" + content = _build(colls=[]) + assert "collections:" not in content + + content2 = _build(colls=None) + assert "collections:" not in content2 + + +def test_different_hosts_produce_different_content(): + """Two different hosts produce distinct content (URL not hardcoded).""" + c1 = _build(host="http://server-a:8082") + c2 = _build(host="http://server-b:9000") + assert c1 != c2 + assert "server-a:8082" in c1 + assert "server-b:9000" in c2 + + +def test_rating_anchor_text_present(): + """The user-facing prompt text is present in the footer.""" + content = _build() + assert "Used this skill? Rate it now" in content + + +def test_footer_change_instruction_present(): + """The instruction to change agent_success_note to agent_issue is present.""" + content = _build() + assert "agent_success_note" in content + assert "agent_issue" in content diff --git a/src/app/(app)/integrations/page.tsx b/src/app/(app)/integrations/page.tsx index ebc260f0..cf664bb2 100644 --- a/src/app/(app)/integrations/page.tsx +++ b/src/app/(app)/integrations/page.tsx @@ -1,7 +1,12 @@ 'use client' import { useState, useEffect } from 'react' -import { Copy, Check, RefreshCw, Target, BarChart3, Zap, Wrench, Bell, FolderOpen, Shield, Layers, Terminal, ExternalLink } from 'lucide-react' +import { + Copy, Check, RefreshCw, Target, BarChart3, Zap, Wrench, Bell, + FolderOpen, Shield, Layers, Terminal, ExternalLink, + FileText, Activity, Star, BookOpen, Download, Radio, + Package, MessageSquare, +} from 'lucide-react' import { TopBar } from '@/components/layout/topbar' import { getApiBaseUrl } from '@/lib/api/client' import { cn } from '@/lib/utils' @@ -21,7 +26,26 @@ async function copyText(text: string): Promise { return false } -const FEATURES = [ +type Agent = 'claude-code' | 'openclaw' + +type ConnectionStatus = + | { kind: 'loading' } + | { kind: 'connected'; label: string } + | { kind: 'idle' } + | { kind: 'error' } + +const SEVEN_DAYS_MS = 7 * 24 * 60 * 60 * 1000 + +function formatRelative(iso: string): string { + const rtf = new Intl.RelativeTimeFormat('en', { numeric: 'auto' }) + const ageMin = Math.round((Date.now() - new Date(iso).getTime()) / 60000) + if (ageMin < 1) return rtf.format(0, 'minute') + if (ageMin < 60) return rtf.format(-ageMin, 'minute') + if (ageMin < 1440) return rtf.format(-Math.round(ageMin / 60), 'hour') + return rtf.format(-Math.round(ageMin / 1440), 'day') +} + +const CC_FEATURES = [ { icon: RefreshCw, title: 'Auto-sync', desc: 'Skills sync at session start and on collection change' }, { icon: Target, title: 'Collection Picker', desc: 'Full-screen TUI to scope skills per project' }, { icon: BarChart3, title: 'Usage Analytics', desc: 'Track which skills are used and rated by agents' }, @@ -30,18 +54,281 @@ const FEATURES = [ { icon: Bell, title: '6 Hooks', desc: 'SessionStart, FileChanged, PostToolUse, PostCompact, SubagentStart, Stop' }, ] -export default function IntegrationsPage() { - const [copied, setCopied] = useState(false) - const [apiBase, setApiBase] = useState('http://localhost:8082') +const OC_FEATURES = [ + { icon: RefreshCw, title: 'Auto-sync', desc: 'Skills sync every 60s — available before each task' }, + { icon: Radio, title: 'Log-watcher', desc: 'Parses session JSONL to track which skills agents actually read' }, + { icon: Star, title: 'In-turn ratings', desc: 'Pre-filled curl command in every skill — rate without cross-session memory' }, + { icon: FileText, title: 'AGENTS.md graft', desc: 'Persistent block keeps registry active across sessions' }, + { icon: Download, title: 'Self-update', desc: 'Daily version check — auto-installs when a newer plugin is available' }, + { icon: Activity, title: 'Usage logging', desc: 'Agent reports task outcomes and skill IDs back to analytics' }, +] - useEffect(() => { setApiBase(getApiBaseUrl()) }, []) +const CC_STEPS = [ + { text: 'Run the install command above' }, + { text: <>Run source ~/.zshrc or open a new terminal }, + { text: <>Run claude — the collection picker appears }, + { text: 'Start coding — skills activate automatically' }, +] - const setupCmd = `curl -sf ${apiBase}/setup | bash` +const OC_STEPS = [ + { text: 'Run the install command above' }, + { text: 'Start OpenClaw — SkillNote prompts for your server URL on first load' }, + { text: <>Approve the AGENTS.md graft when prompted (adds the registry block) }, + { text: 'Start using — skills sync before every task, usage tracked automatically' }, +] +function CodeBlock({ content, label = 'terminal', multiline = false }: { content: string; label?: string; multiline?: boolean }) { + const [copied, setCopied] = useState(false) const handleCopy = async () => { - const ok = await copyText(setupCmd) + const ok = await copyText(content) if (ok) { setCopied(true); setTimeout(() => setCopied(false), 2000) } } + return ( +
+
+
+
+ + + + {label} +
+ +
+ {multiline ? ( + 
{content}
+ ) : ( +
+ $ + {content} +
+ )} +
+
+ ) +} + + +function StatusPill({ status }: { status: ConnectionStatus }) { + const dotCls = + status.kind === 'connected' ? 'bg-emerald-500' : + status.kind === 'error' ? 'bg-yellow-500' : + status.kind === 'loading' ? 'bg-muted-foreground/40 animate-pulse' : + 'bg-muted-foreground/25' + + const text = + status.kind === 'loading' ? 'Checking…' : + status.kind === 'connected' ? `Connected · last activity ${status.label}` : + status.kind === 'error' ? 'Cannot reach backend' : + 'Not yet connected' + + return ( +
+ + {text} +
+ ) +} + +function useClaudeCodeStatus(apiBase: string): ConnectionStatus { + const [status, setStatus] = useState({ kind: 'loading' }) + useEffect(() => { + if (!apiBase) return + let cancelled = false + fetch(`${apiBase}/v1/analytics/skill-calls?limit=1`) + .then(r => r.ok ? r.json() : Promise.reject()) + .then((data: { last_called_at?: string }[]) => { + if (cancelled) return + if (Array.isArray(data) && data.length > 0 && data[0].last_called_at) { + const ageMs = Date.now() - new Date(data[0].last_called_at).getTime() + if (ageMs <= SEVEN_DAYS_MS) { + setStatus({ kind: 'connected', label: formatRelative(data[0].last_called_at) }) + return + } + } + setStatus({ kind: 'idle' }) + }) + .catch(() => { if (!cancelled) setStatus({ kind: 'error' }) }) + return () => { cancelled = true } + }, [apiBase]) + return status +} + +function useOpenClawStatus(apiBase: string): ConnectionStatus { + const [status, setStatus] = useState({ kind: 'loading' }) + useEffect(() => { + if (!apiBase) return + let cancelled = false + fetch(`${apiBase}/v1/openclaw/usage?limit=1`) + .then(r => r.ok ? r.json() : Promise.reject()) + .then((data: { created_at: string }[]) => { + if (cancelled) return + if (Array.isArray(data) && data.length > 0) { + const ageMs = Date.now() - new Date(data[0].created_at).getTime() + if (ageMs <= SEVEN_DAYS_MS) { + setStatus({ kind: 'connected', label: formatRelative(data[0].created_at) }) + return + } + } + setStatus({ kind: 'idle' }) + }) + .catch(() => { if (!cancelled) setStatus({ kind: 'error' }) }) + return () => { cancelled = true } + }, [apiBase]) + return status +} + +type InstallMethod = 'prompt' | 'clawhub' | 'curl' | 'manual' + +// Hook: fetch the personalized agent prompt from the backend (with apiBase +// already substituted in). Returns null while loading, the markdown text +// once ready, or an error message on failure. +function useAgentPrompt(apiBase: string, agent: 'openclaw' | 'claude-code') { + const [text, setText] = useState(null) + const [error, setError] = useState(null) + useEffect(() => { + if (!apiBase) return + let cancelled = false + setText(null); setError(null) + fetch(`${apiBase}/setup/agent-prompt?agent=${agent}`) + .then(r => r.ok ? r.text() : Promise.reject(new Error(`HTTP ${r.status}`))) + .then(t => { if (!cancelled) setText(t) }) + .catch(e => { if (!cancelled) setError(String(e)) }) + return () => { cancelled = true } + }, [apiBase, agent]) + return { text, error } +} + +function OpenClawInstall({ apiBase }: { apiBase: string }) { + // Default tab is 'prompt' — the api2cli-style copy-prompt is the dominant + // OpenClaw install UX today, and it's the most robust path because the + // agent does the install (handles missing prereqs, env vars, etc.). + const [method, setMethod] = useState('prompt') + const { text: promptText, error: promptError } = useAgentPrompt(apiBase, 'openclaw') + + const clawhubScript = `# Tell the skill where your SkillNote backend is, then install via clawhub. +# (clawhub itself doesn't take a host arg — env var is the recommended way.) +export SKILLNOTE_BASE_URL="${apiBase}" +clawhub install skillnote + +# Then in your shell rc (~/.zshrc or ~/.bashrc) make it persistent: +echo 'export SKILLNOTE_BASE_URL="${apiBase}"' >> ~/.zshrc` + + const curlCmd = `curl -sf ${apiBase}/setup/agent | bash -s -- --agent openclaw` + + const manualScript = `# 1. Download bundle and extract into ~/.openclaw/skills/ +mkdir -p ~/.openclaw/skills ~/.openclaw/skillnote +curl -sf ${apiBase}/v1/openclaw-bundle.zip -o /tmp/skillnote.zip +unzip -qo /tmp/skillnote.zip -d ~/.openclaw/skills/ +rm /tmp/skillnote.zip + +# 2. Write config with your SkillNote URL +echo '{"host":"${apiBase}","user_id":"openclaw-main"}' \\ + > ~/.openclaw/skillnote/config.json + +# 3. Make sync.sh executable +chmod +x ~/.openclaw/skills/skillnote/sync.sh + +# 4. Restart OpenClaw to pick up the new skill` + + return ( +
+ {/* Method selector */} +
+ {([ + { id: 'prompt' as InstallMethod, label: 'Copy prompt', icon: MessageSquare }, + { id: 'clawhub' as InstallMethod, label: 'clawhub', icon: Package }, + { id: 'curl' as InstallMethod, label: 'curl', icon: Terminal }, + { id: 'manual' as InstallMethod, label: 'Manual', icon: FileText }, + ] as const).map(({ id, label, icon: Icon }) => ( + + ))} +
+ + {method === 'prompt' && ( + <> + {promptError && ( +

Failed to load prompt: {promptError}

+ )} + {!promptText && !promptError && ( +

Loading personalized prompt…

+ )} + {promptText && } +

+ Recommended · zero terminal. Paste this into a fresh OpenClaw session — your URL ({apiBase}) is already baked in. The agent handles install, config, and verification end-to-end. +

+ + )} + + {method === 'clawhub' && ( + <> + +

+ For users who already have clawhub. Versioned + auto-updates via daily check. +

+

+ Note: clawhub doesn't accept a host argument — set SKILLNOTE_BASE_URL first so the skill knows where to talk to. +

+ + )} + + {method === 'curl' && ( + <> + +

+ Unified installer · Same command works for any agent — pass --agent claude-code or --agent openclaw. Pre-fills config with your URL and runs the first sync. +

+ + )} + + {method === 'manual' && ( + <> + +

+ Step-by-step · For air-gapped environments or when you want full control over the install +

+ + )} +
+ ) +} + + +export default function IntegrationsPage() { + const [agent, setAgent] = useState('claude-code') + const [apiBase, setApiBase] = useState('http://localhost:8082') + useEffect(() => { setApiBase(getApiBaseUrl()) }, []) + + const ccStatus = useClaudeCodeStatus(apiBase) + const ocStatus = useOpenClawStatus(apiBase) + + const ccCmd = `curl -sf ${apiBase}/setup/agent | bash -s -- --agent claude-code` + const ocCmd = `curl -sf ${apiBase}/setup/openclaw | bash` + + const isCC = agent === 'claude-code' return ( <> @@ -49,76 +336,78 @@ export default function IntegrationsPage() {
- {/* Page title — Notion style */} + {/* Page title */}
-

Connect Claude Code

+

Connect

- Install the SkillNote plugin to sync skills, pick collections, and track usage. + Install the SkillNote plugin to sync skills and track usage.

+ {/* Agent selector */} +
+
+ {([ + { id: 'claude-code' as Agent, label: 'Claude Code' }, + { id: 'openclaw' as Agent, label: 'OpenClaw' }, + ] as const).map(({ id, label }) => ( + + ))} +
+
+ + {/* Connection status */} +
+ +
+ {/* Install command */}

Install

-
-
-
-
- - - - terminal -
- -
-
- $ - {setupCmd} -
-
-
-

- Installs to ~/.claude/plugins/skillnote · No sudo required · macOS + Linux -

+ {isCC ? ( + <> + +

+ Installs to ~/.claude/plugins/skillnote · No sudo required · macOS + Linux +

+ + ) : ( + + )}
- {/* Setup steps — inline, compact */} + {/* Setup steps */}

Setup

- {[ - { n: '1', text: 'Run the install command above' }, - { n: '2', text: <>Run source ~/.zshrc or open a new terminal }, - { n: '3', text: <>Run claude — the collection picker appears }, - { n: '4', text: 'Start coding — skills activate automatically' }, - ].map(({ n, text }) => ( -
- {n} + {(isCC ? CC_STEPS : OC_STEPS).map(({ text }, i) => ( +
+ {i + 1}

{text}

))}
- {/* Features — 2-column property-style */} + {/* Features */}

Included

- {FEATURES.map(({ icon: Icon, title, desc }) => ( + {(isCC ? CC_FEATURES : OC_FEATURES).map(({ icon: Icon, title, desc }) => (
@@ -132,34 +421,57 @@ export default function IntegrationsPage() {
- {/* Collections callout */} -
-

Why collections?

-
-
- -

- Collections group skills by purpose and scope them per project. Each project gets one active collection. + {/* Collections callout — Claude Code only */} + {isCC && ( +

+

Why collections?

+
+
+ +

+ Collections group skills by purpose and scope them per project. Each project gets one active collection. +

+
+
+ {[ + { icon: Layers, value: '15', label: 'skills per collection' }, + { icon: Shield, value: '~8k', label: 'char description budget' }, + { icon: FolderOpen, value: '1:1', label: 'collection per project' }, + ].map(({ icon: Icon, value, label }) => ( +
+ +

{value}

+

{label}

+
+ ))} +
+

+ Too many active skills = descriptions get truncated = skills stop triggering reliably. Collections keep Claude fast and accurate.

-
- {[ - { icon: Layers, value: '15', label: 'skills per collection' }, - { icon: Shield, value: '~8k', label: 'char description budget' }, - { icon: FolderOpen, value: '1:1', label: 'collection per project' }, - ].map(({ icon: Icon, value, label }) => ( -
- -

{value}

-

{label}

-
- ))} +
+ )} + + {/* OpenClaw: how analytics work */} + {!isCC && ( +
+

How analytics work

+
+
+ +

+ Log-watcher runs as a background daemon and reads your OpenClaw session JSONL files. Every time a skill is read, it fires a POST /v1/hooks/skill-used event — fully automatic, no agent involvement. +

+
+
+ +

+ Rating footer appended to every synced skill gives the agent a pre-filled curl command to rate the skill in the same turn — no cross-session memory needed. +

+
-

- Too many active skills = descriptions get truncated = skills stop triggering reliably. Collections keep Claude fast and accurate. -

-
+ )} {/* Links */}
diff --git a/src/app/(app)/settings/page.tsx b/src/app/(app)/settings/page.tsx index aefbc7ca..a96692d1 100644 --- a/src/app/(app)/settings/page.tsx +++ b/src/app/(app)/settings/page.tsx @@ -5,6 +5,7 @@ import { ExternalLink, Info } from 'lucide-react' import { toast } from 'sonner' import { TopBar } from '@/components/layout/topbar' import { fetchSettings, updateSettings } from '@/lib/api/settings' +import { OpenClawSetupCard } from '@/components/settings/openclaw-setup-card' function Toggle({ checked, onChange, disabled }: { checked: boolean; onChange: (v: boolean) => void; disabled?: boolean }) { return ( @@ -159,6 +160,8 @@ export default function SettingsPage() { )} + + {/* About */}

About

diff --git a/src/components/settings/openclaw-setup-card.tsx b/src/components/settings/openclaw-setup-card.tsx new file mode 100644 index 00000000..ef0dc328 --- /dev/null +++ b/src/components/settings/openclaw-setup-card.tsx @@ -0,0 +1,181 @@ +'use client' + +import { useEffect, useMemo, useState } from 'react' +import Link from 'next/link' +import { ArrowRight, Check, Copy } from 'lucide-react' +import { toast } from 'sonner' +import { useClipboard } from '@/lib/hooks' +import { getApiBaseUrl } from '@/lib/api/client' + +type Status = + | { kind: 'loading' } + | { kind: 'connected'; lastIso: string } + | { kind: 'idle' } + | { kind: 'error' } + +type UsageEvent = { + id: string + created_at: string +} + +const SEVEN_DAYS_MS = 7 * 24 * 60 * 60 * 1000 + +function formatRelative(iso: string): string { + const rtf = new Intl.RelativeTimeFormat('en', { numeric: 'auto' }) + const ageMin = Math.round((Date.now() - new Date(iso).getTime()) / 60000) + if (ageMin < 1) return rtf.format(0, 'minute') + if (ageMin < 60) return rtf.format(-ageMin, 'minute') + if (ageMin < 1440) return rtf.format(-Math.round(ageMin / 60), 'hour') + return rtf.format(-Math.round(ageMin / 1440), 'day') +} + +export function OpenClawSetupCard() { + // Lazy initializer keeps this SSR-safe (`getApiBaseUrl` checks `typeof window`) + // while avoiding a setState-in-effect that would trigger a cascading render. + const [apiBase] = useState(() => getApiBaseUrl()) + const [status, setStatus] = useState({ kind: 'loading' }) + const { copied, copy } = useClipboard() + + const installCommand = useMemo( + () => (apiBase ? `curl -sf ${apiBase}/setup/openclaw | bash` : ''), + [apiBase], + ) + + // Probe the usage endpoint to determine connection status. + useEffect(() => { + if (!apiBase) return + let cancelled = false + const controller = new AbortController() + + const run = async () => { + try { + const res = await fetch(`${apiBase}/v1/openclaw/usage?limit=1`, { + signal: controller.signal, + }) + if (!res.ok) { + if (!cancelled) setStatus({ kind: 'error' }) + return + } + const data: UsageEvent[] = await res.json() + if (cancelled) return + if (Array.isArray(data) && data.length > 0) { + const latest = data[0] + const ageMs = Date.now() - new Date(latest.created_at).getTime() + if (ageMs <= SEVEN_DAYS_MS) { + setStatus({ kind: 'connected', lastIso: latest.created_at }) + return + } + } + setStatus({ kind: 'idle' }) + } catch { + if (!cancelled) setStatus({ kind: 'error' }) + } + } + + run() + return () => { + cancelled = true + controller.abort() + } + }, [apiBase]) + + const handleCopy = () => { + if (!installCommand) return + copy(installCommand) + toast.success('Copied install command') + } + + return ( +
+

+ OpenClaw Integration +

+ +

+ Give your OpenClaw agent access to this SkillNote registry. +

+ + {/* Status indicator */} +
+ + + + +
+ + {/* Install command */} +

+ Install command +

+
+ 
+          {installCommand || ' '}
+
+ +
+ + {/* What gets installed */} +
    +
  • Drops 2 skills into ~/.openclaw/skills/
    • +
  • Writes config to ~/.openclaw/skillnote/config.json
    • +
  • Asks for one-time confirmation before installing
    • +
+ + {/* Learn more */} + + Learn more + + +
+ ) +} + +function StatusDot({ status }: { status: Status }) { + const cls = + status.kind === 'connected' + ? 'bg-green-500' + : status.kind === 'error' + ? 'bg-yellow-500' + : status.kind === 'loading' + ? 'bg-muted-foreground/40 animate-pulse' + : 'bg-muted-foreground/40' + return +} + +function StatusText({ status }: { status: Status }) { + switch (status.kind) { + case 'loading': + return <>Checking connection… + case 'connected': + return <>Connected (last activity: {formatRelative(status.lastIso)}) + case 'idle': + return <>Not yet connected. Run the install command to wire up your OpenClaw agent. + case 'error': + return <>Status check failed (check your SkillNote backend is reachable). + } +}