diff --git a/Cargo.lock b/Cargo.lock index 624366a94..92bc1dd4e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -634,6 +634,7 @@ dependencies = [ "semver", "serde", "serde_json", + "serde_yaml", "tempfile", "thiserror 2.0.18", "tokio", diff --git a/Cargo.toml b/Cargo.toml index 3cb002297..4ffb81916 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -70,6 +70,7 @@ http = "1" # Serialization serde = { version = "1", features = ["derive"] } serde_json = "1" +serde_yaml = "0.9" # Async utilities futures-util = "0.3" diff --git a/crates/aionui-app/assets/builtin-skills/aionui-config/SKILL.md b/crates/aionui-app/assets/builtin-skills/aionui-config/SKILL.md index 7307988ad..049676f84 100644 --- a/crates/aionui-app/assets/builtin-skills/aionui-config/SKILL.md +++ b/crates/aionui-app/assets/builtin-skills/aionui-config/SKILL.md @@ -1,6 +1,7 @@ --- name: aionui-config -description: Configure AionUi itself through its backend API — create and edit assistants (name, avatar, system prompt, quick-start prompts, engine), import and attach skills, manage MCP servers, configure LLM providers (add/edit a model endpoint, set the API key, fetch the model list, pick the default model), and change app/UI settings (language, theme, font size, zoom, notifications). Use when the user wants you to set up an AionUi assistant, sink a skill into AionUi's skill registry, attach skills to an assistant, change an assistant's avatar or system prompt, add or configure an MCP server, add an LLM/model provider or API key, switch the default model, change the theme or language, or otherwise configure their AionUi installation. This is "Agent-assisted AionUi configuration": you act on the user's behalf via the local backend. +description: >- + Configure AionUi itself through its backend API — create and edit assistants (name, avatar, system prompt, quick-start prompts, engine), import and attach skills, manage MCP servers, configure LLM providers (add/edit a model endpoint, set the API key, fetch the model list, pick the default model), and change app/UI settings (language, theme, font size, zoom, notifications). Use when the user wants you to set up an AionUi assistant, sink a skill into AionUi's skill registry, attach skills to an assistant, change an assistant's avatar or system prompt, add or configure an MCP server, add an LLM/model provider or API key, switch the default model, change the theme or language, or otherwise configure their AionUi installation. This is "Agent-assisted AionUi configuration": you act on the user's behalf via the local backend. --- > **⚠️ Platform note — read before running any command.** The shell snippets in this skill are written for **macOS / Linux** (bash/zsh). Always check which OS you are on first. On **Windows** do **not** run them verbatim — the underlying tool/CLI commands are usually cross-platform, but the surrounding shell syntax is not. Translate it to PowerShell before running: diff --git a/crates/aionui-app/assets/builtin-skills/aionui-troubleshooting/SKILL.md b/crates/aionui-app/assets/builtin-skills/aionui-troubleshooting/SKILL.md index c346d2770..8638abfba 100644 --- a/crates/aionui-app/assets/builtin-skills/aionui-troubleshooting/SKILL.md +++ b/crates/aionui-app/assets/builtin-skills/aionui-troubleshooting/SKILL.md @@ -1,6 +1,7 @@ --- name: aionui-troubleshooting -description: Diagnose a running AionUi installation — locate and inspect conversations (including stuck/running ones), read aioncore logs, check LLM provider health, list scheduled cron jobs and their last run status, inspect teams and member state, and check MCP server health. Use when the user reports that AionUi is misbehaving: a conversation is stuck or errored, an LLM/provider call is failing, a scheduled task did not run, an MCP server has no tools, a team member is hung, or they just ask "what's wrong with AionUi" / "排查一下 aionui". Engine-agnostic — works the same for claude / aionrs / gemini / openclaw conversations. +description: >- + Diagnose a running AionUi installation — locate and inspect conversations (including stuck/running ones), read aioncore logs, check LLM provider health, list scheduled cron jobs and their last run status, inspect teams and member state, and check MCP server health. Use when the user reports that AionUi is misbehaving: a conversation is stuck or errored, an LLM/provider call is failing, a scheduled task did not run, an MCP server has no tools, a team member is hung, or they just ask "what's wrong with AionUi" / "排查一下 aionui". Engine-agnostic — works the same for claude / aionrs / gemini / openclaw conversations. --- > **⚠️ Platform note — read before running any command.** The shell snippets in this skill are written for **macOS / Linux** (bash/zsh). Always check which OS you are on first. On **Windows** do **not** run them verbatim — the underlying tool/CLI commands are usually cross-platform, but the surrounding shell syntax is not. Translate it to PowerShell before running: diff --git a/crates/aionui-app/assets/builtin-skills/aionui-webui-public/SKILL.md b/crates/aionui-app/assets/builtin-skills/aionui-webui-public/SKILL.md index 562d5bc10..76cd9cf62 100644 --- a/crates/aionui-app/assets/builtin-skills/aionui-webui-public/SKILL.md +++ b/crates/aionui-app/assets/builtin-skills/aionui-webui-public/SKILL.md @@ -1,6 +1,7 @@ --- name: aionui-webui-public -description: Expose the user's local AionUi WebUI to the public internet with a near-zero-effort flow. Detects whether the WebUI is running, guides the user to switch it on if needed (the only manual step), self-installs cloudflared cross-platform, opens a Cloudflare quick tunnel, verifies the public URL actually works, then explains the limitations (URL is temporary, must stay running). Use whenever the user wants to reach their AionUi from outside the LAN, over the internet, or share a public link. Distinct from aionui-webui-setup (which covers manual LAN / Tailscale / server config through the settings UI): this skill produces a one-click public link via an automatic tunnel. +description: >- + Expose the user's local AionUi WebUI to the public internet with a near-zero-effort flow. Detects whether the WebUI is running, guides the user to switch it on if needed (the only manual step), self-installs cloudflared cross-platform, opens a Cloudflare quick tunnel, verifies the public URL actually works, then explains the limitations (URL is temporary, must stay running). Use whenever the user wants to reach their AionUi from outside the LAN, over the internet, or share a public link. Distinct from aionui-webui-setup (which covers manual LAN / Tailscale / server config through the settings UI): this skill produces a one-click public link via an automatic tunnel. --- > **⚠️ Platform note — read before running any command.** The shell snippets in this skill are written for **macOS / Linux** (bash/zsh). Always check which OS you are on first. On **Windows** do **not** run them verbatim — the underlying tool/CLI commands are usually cross-platform, but the surrounding shell syntax is not. Translate it to PowerShell before running: diff --git a/crates/aionui-extension/Cargo.toml b/crates/aionui-extension/Cargo.toml index a4ad49b58..d617988a1 100644 --- a/crates/aionui-extension/Cargo.toml +++ b/crates/aionui-extension/Cargo.toml @@ -19,6 +19,7 @@ notify.workspace = true tokio.workspace = true serde.workspace = true serde_json.workspace = true +serde_yaml.workspace = true thiserror.workspace = true tracing.workspace = true mime_guess.workspace = true diff --git a/crates/aionui-extension/src/skill_service.rs b/crates/aionui-extension/src/skill_service.rs index b9ba3cc96..bc2e2d9bc 100644 --- a/crates/aionui-extension/src/skill_service.rs +++ b/crates/aionui-extension/src/skill_service.rs @@ -1223,32 +1223,55 @@ fn zip_error(err: zip::result::ZipError) -> ExtensionError { /// Body content here... /// ``` fn parse_frontmatter_fields(content: &str) -> Option<(String, String)> { - let trimmed = content.trim_start(); - if !trimmed.starts_with("---") { + #[derive(serde::Deserialize)] + struct SkillFrontmatter { + #[serde(default)] + name: String, + description: String, + } + + let frontmatter = extract_frontmatter_text(content)?; + let parsed = serde_yaml::from_str::(frontmatter).ok()?; + let description = parsed.description.trim().to_string(); + + if description.is_empty() { return None; } - let after_open = &trimmed[3..]; - let close_idx = after_open.find("---")?; - let frontmatter = &after_open[..close_idx]; + Some((parsed.name.trim().to_string(), description)) +} - let mut name = String::new(); - let mut description = String::new(); +fn extract_frontmatter_text(content: &str) -> Option<&str> { + let after_open = content + .strip_prefix("---\n") + .or_else(|| content.strip_prefix("---\r\n"))?; - for line in frontmatter.lines() { - let line = line.trim(); - if let Some(val) = line.strip_prefix("name:") { - name = val.trim().to_string(); - } else if let Some(val) = line.strip_prefix("description:") { - description = val.trim().to_string(); + let mut pos = 0; + for line in after_open.lines() { + let raw = &after_open[pos..]; + let line_len = line.len(); + let line_with_ending_len = if raw[line_len..].starts_with("\r\n") { + line_len + 2 + } else if raw[line_len..].starts_with('\n') { + line_len + 1 + } else { + line_len + }; + + if line == "---" { + let yaml_text = &after_open[..pos]; + return Some( + yaml_text + .strip_suffix("\r\n") + .or_else(|| yaml_text.strip_suffix('\n')) + .unwrap_or(yaml_text), + ); } - } - if description.is_empty() { - return None; + pos += line_with_ending_len; } - Some((name, description)) + None } /// Recursively copy a directory. @@ -1418,6 +1441,43 @@ mod tests { assert_eq!(desc, "A useful skill"); } + #[test] + fn parse_frontmatter_rejects_invalid_yaml() { + let content = "---\nname: video-skill\ndescription: Download video: supports batch URLs\n---\nBody"; + assert!(parse_frontmatter_fields(content).is_none()); + } + + #[test] + fn parse_frontmatter_accepts_quoted_yaml_description() { + let content = "---\nname: video-skill\ndescription: \"Download video: supports batch URLs\"\n---\nBody"; + let (name, desc) = parse_frontmatter_fields(content).unwrap(); + assert_eq!(name, "video-skill"); + assert_eq!(desc, "Download video: supports batch URLs"); + } + + #[test] + fn parse_frontmatter_accepts_block_scalar_description() { + let content = "---\nname: douyin-downloader\ndescription: |\n Download Douyin videos without watermark.\n Supports batch downloads.\n---\nBody"; + let (name, desc) = parse_frontmatter_fields(content).unwrap(); + assert_eq!(name, "douyin-downloader"); + assert_eq!( + desc, + "Download Douyin videos without watermark.\nSupports batch downloads." + ); + } + + #[test] + fn parse_frontmatter_requires_opening_fence_line() { + let content = " ---\nname: test\ndescription: desc\n---\nbody"; + assert!(parse_frontmatter_fields(content).is_none()); + } + + #[test] + fn parse_frontmatter_requires_closing_fence_line() { + let content = "---\nname: test\ndescription: this has --- inside\nbody"; + assert!(parse_frontmatter_fields(content).is_none()); + } + #[test] fn parse_frontmatter_empty_name() { let content = "---\nname: \ndescription: Has description\n---\nBody"; @@ -1973,6 +2033,24 @@ mod tests { assert!(matches!(result, Err(ExtensionError::PathTraversal(_)))); } + #[tokio::test] + async fn import_skill_with_symlink_rejects_invalid_yaml_frontmatter() { + let tmp = TempDir::new().unwrap(); + let paths = make_test_paths(tmp.path()); + + let source_dir = tmp.path().join("invalid-frontmatter"); + std::fs::create_dir_all(&source_dir).unwrap(); + std::fs::write( + source_dir.join(SKILL_MANIFEST_FILE), + "---\nname: invalid-frontmatter\ndescription: Download video: supports batch URLs\n---\nBody", + ) + .unwrap(); + + let result = import_skill_with_symlink(&paths, &source_dir).await; + assert!(matches!(result, Err(ExtensionError::InvalidSkillPath(_)))); + assert!(!paths.user_skills_dir.join("invalid-frontmatter").exists()); + } + #[tokio::test] async fn delete_custom_skill() { let tmp = TempDir::new().unwrap(); @@ -2148,6 +2226,50 @@ mod tests { // Embedded corpus // ----------------------------------------------------------------------- + #[test] + fn embedded_builtin_skill_frontmatter_is_valid_yaml() { + let mut checked = 0; + let mut failures = Vec::new(); + + assert_embedded_skill_frontmatter(&BUILTIN_SKILLS, &mut checked, &mut failures); + + assert!( + checked >= 20, + "expected builtin skill corpus to contain many SKILL.md files, got {checked}" + ); + assert!( + failures.is_empty(), + "invalid embedded builtin SKILL.md frontmatter:\n{}", + failures.join("\n") + ); + } + + fn assert_embedded_skill_frontmatter(dir: &Dir<'static>, checked: &mut usize, failures: &mut Vec) { + for file in dir.files() { + if file.path().file_name().and_then(|name| name.to_str()) != Some(SKILL_MANIFEST_FILE) { + continue; + } + + *checked += 1; + let path = file.path().display(); + let content = match std::str::from_utf8(file.contents()) { + Ok(content) => content, + Err(err) => { + failures.push(format!("{path}: not UTF-8: {err}")); + continue; + } + }; + + if parse_frontmatter_fields(content).is_none() { + failures.push(format!("{path}: invalid YAML frontmatter or missing description")); + } + } + + for subdir in dir.dirs() { + assert_embedded_skill_frontmatter(subdir, checked, failures); + } + } + #[tokio::test] async fn embedded_lists_auto_inject_from_corpus() { let tmp = TempDir::new().unwrap();