// Package a script tool under ~/.config/agenvoy/tools/script/ into a tar.gz and publish to pkg.agenvoy.com registry. Keyword picker, dep/key detection, config-stored email (ask + lowercase + persist), ask version, email verification gate, multipart upload with downgrade/unique guards.
Install an Agenvoy extension from pkg.agenvoy.com registry (browse/pick) or local tarball into ~/.config/agenvoy/tools/.extension/<type>/<name>@<version>/. Extracts tar.gz, validates manifest (email field, type api/script only), installs deps, stores keychain keys, atomically moves staged dir. Collisions handled by Overwrite/Rename/Cancel popup.
å¾ęę°ē git tag å° HEAD ēęēµę§åč®ę“ę„čŖäø¦ęØč¦ę°ēę¬ćē¶ä½æēØč č«ę±ēęč®ę“ę„čŖćē¼č”čŖŖęęēę¬åē“ę件ęä½æēØć
Convert user-supplied API source (Swagger/OpenAPI JSON, cURL, or natural-language endpoint description) into Agenvoy APIDocumentData format and write each endpoint as a separate JSON file under `~/.config/agenvoy/tools/api/`. Triggers on requests like "add an API tool", "ę°å¢ api tool", "ęéå swagger č½ę api tool", "čØ»åäøå API ēµ¦ agent ēØ". Handles auth schema (bearer / apikey / basic) and warns on intranet/localhost hosts before write.
å°ęØ”ē³éę±ē ęåÆå·č”čØē«äø¦ē«å³å·č”ćå ē± `/plan {éę±}` é”Æå¼č§øē¼ćęµēØļ¼å¼å« `ask_user` tool ä¾éę±č¤éåŗ¦čéå¤é¢åč³čØļ¼ę øåæ 3 ē¶åŗ¦ēŗåŗļ¼ä¾é¢ØéŖļ¼äøåÆéę§ļ¼č³ęŗē¼ŗå£ę“å č³ 5-7 é”ļ¼ā å¼å« `generate_plan` tool ē¢åŗēµę§åčØē« ā č¦čØē«ē¼ŗå£ ask_user č£å ę ē“ę„éę„å·č”ćē¬¬äøå tool call ę°øé ęÆ `ask_user`ļ¼äøčŖå·±ēµčØē«ļ¼åæ čµ° `generate_plan` toolć
å»ŗē«äø¦ęēØå®ęč§øē¼ē skillć**ęęę°å¢å®ęļ¼é±ęä»»åćęéćęēØéē„ēč«ę±åæ é čµ°ę¤ skill**ļ¼ē¦ę¢ē“ę„å¼å« add_task / add_cronļ¼é£ęÆ skill å·²ååØęēęéē¶å®å·„å ·ļ¼äøč©²ä½ēŗę°å»ŗęēØēå „å£ļ¼ć åæ å®č§øē¼ēčØęÆē¹å¾µļ¼ä»»äøå³ę“»åļ¼ļ¼ - ēøå°å»¶é²ļ¼ćX åéå¾ććX å°ęå¾ććēØå¾ććå¾ ęććēäøäøć - ęē¢ŗęéļ¼ćX é»ććäøå X é»ććę天 X é»ććå¾å¤©ććYYYY-MM-DD HH:MMć - é±ęę§ļ¼ćęÆ X åéććęÆå°ęććęÆ天ććęÆé±ććęÆęććå®ęććåŗå®ć - ęé / éē„ęåļ¼ćęéęććéē„ęććåčØ“ęć+ ęéęčæ° ēÆä¾č§øē¼čØęÆļ¼ć5 åéå¾ęéęåę°“ććęÆ天ę©äø 9 é»ę HN é ę¢ććę天äøå 3 é»éęććęÆ 5 åéę„å°ē©é»č”å¹ćć **äøč§øē¼**ļ¼å³ä½æčØęÆå«ćč§øē¼ććęēØćåē¼ä¹äø activateļ¼ļ¼ - čØęÆå« `[å·č”å·²ååØ scheduler skill:` ęØčØ ā ēŗ `/sched-<name>` ęå triggerļ¼ē¶å agent ē“ę„å·č” body - čØęÆēŗäø份å®ę“ē SKILL.md bodyļ¼`# Title` + `## ä»»å` + `## č¼øåŗę ¼å¼` ēµę§ļ¼ļ¼ē”å»ŗē«ļ¼ęēØåč© ā ēŗ skill executionļ¼é creation - čØęÆå å«ćå·č” skill Xććč· Xććrun skill Xćē”ęé token ā ēŗ execution ęµēØļ¼č§£ęčØęÆę½åŗćč¦åä»éŗ¼ććä½ęč§øē¼ćā ē¼ŗé ēØ ask_user č£å ā ēę skill ęŖę”č³ ~/.config/agenvoy/skills/scheduler/<short>-<hash8>/SKILL.mdļ¼ē” scheduler- åē¶“ļ¼hash ēØę¼éæå å½åč”ēŖļ¼ā å¼å« add_task ę add_cron ē¶å®ęé ā åå ±ć
Design and scaffold a Python (or JavaScript) script tool for Agenvoy, writing `tool.json` + `script.py`/`script.js` pair under `~/.config/agenvoy/tools/script/<tool_name>/`. Triggers on requests like "add a script tool", "幫ęåÆ«äøå python tool", "åäøå script tool ēµ¦ agent ēØ", "ę°å¢č ³ę¬å·„å ·". Handles parameter schema design, stdlib-vs-third-party dependency check, keychain secret access via local `/v1/key` endpoint, sandbox awareness, and test execution before write.
| name | extension-upload |
| description | Package a script tool under ~/.config/agenvoy/tools/script/ into a tar.gz and publish to pkg.agenvoy.com registry. Keyword picker, dep/key detection, config-stored email (ask + lowercase + persist), ask version, email verification gate, multipart upload with downgrade/unique guards. |
Packages an Agenvoy script tool directory into a marketplace tarball and uploads it to pkg.agenvoy.com. The source root is fixed at ~/.config/agenvoy/tools/script/. If the user provides a keyword (e.g. yt), only matching subdirectories are listed.
keyword (optional): substring filter (case-insensitive) over subdirectories under ~/.config/agenvoy/tools/script/. Examples: yt, dlp, tts.
/extension-upload) ā list ALL subdirectories for the user to pick; do not ask for a keywordextension_dir (picker)Fixed source root:
SCRIPT_ROOT=~/.config/agenvoy/tools/script
list_files lists all first-level subdirectories under SCRIPT_ROOT (non-recursive). Skip names starting with . or _.
Branch by input:
| Has keyword? | Candidate set |
|---|---|
| No | All subdirectories |
| Yes | Subdirectories whose name (lowercased) contains keyword (lowercased) |
Branch by candidate count:
| Count | Action |
|---|---|
| 0 | Abort. With keyword: "No directory matching <keyword> under SCRIPT_ROOT". Without keyword: "SCRIPT_ROOT is empty ā run script-tool-add first to create a script tool" |
| 1 | Use that directory as extension_dir directly; report "auto-selected <basename>" |
| ā„ 2 | ask_user singleSelect listing all candidates; user picks one as extension_dir |
extension_dir is the absolute path <SCRIPT_ROOT>/<basename>, used by every step below.
Note: this skill only packages script tools (fixed
type: "script"). Packaging api tools requires a separate skill. The worker does not acceptmcptype.
list_files enumerates every file under extension_dir (relative paths, recursive).
Collect into raw_files, excluding:
.DS_Store, Thumbs.db, .git**.tar, *.tar.gz, *.tgz, *.zipmanifest.json (this skill will regenerate it)read_file reads (if present):
tool.json (required ā if missing, abort with "tool.json missing in <extension_dir>, refuse to package")script.{js,py,sh} / *.js / *.py / *.shCheck root-level files under extension_dir. Abort immediately on any violation:
| Rule | Condition |
|---|---|
| tool.json must exist | extension_dir/tool.json exists and is a regular file |
| script mutual exclusion | script.py and script.js must not coexist (both present ā abort) |
Abort message:
ā Structure check failed: script.py and script.js cannot coexist (keep only one).
Fixed type: "script" (this skill only packages tools under ~/.config/agenvoy/tools/script/).
For type: script:
| Rule | Condition |
|---|---|
| script must exist | script.py or script.js must exist (exactly one); both missing ā abort |
Abort message:
ā Structure check failed: type:script requires script.py or script.js.
Verify the script can be parsed by its interpreter so consumers don't install something that immediately crashes. Any failure aborts and prints the stderr.
Branch on the script file confirmed in Ā§2.5:
script.py:
python3 -m py_compile <extension_dir>/script.py
script.js:
node --check <extension_dir>/script.js
exit code ā 0 ā abort:
ā Health check failed: script cannot be parsed by the interpreter.
<first line of stderr>
Note: only syntax-level. Top-level code is not executed; import errors / runtime errors / missing API keys are not checked. The author must test runtime behavior before packaging.
dependence and api_key_nameScan every script file for these patterns to extract binaries:
spawn("X" / exec("X" / execSync("X" / spawnSync("X"subprocess.run(["X" / subprocess.Popen(["X" / os.system("X " / shell=True + "X "Exclude:
cd, echo, test, [, export, set, shift, pwd, true, falsenode, python, python3, bash, sh, /usr/bin/envls, cat, head, tail, mkdir, cp, mv, rm, grep, sed, awk, find, jq, which, date, git (almost always present; not counted as a dependence)What remains (e.g. yt-dlp, ffmpeg, imagemagick, pandoc, tesseract) is the dependence candidate set.
Scan every script file for these patterns to extract key names:
localhost:17989/v1/key?key=([A-Z][A-Z0-9_]*_API_KEY)process\.env\.([A-Z][A-Z0-9_]*_API_KEY)os\.environ\[["']([A-Z][A-Z0-9_]*_API_KEY)["']\]os\.environ\.get\(["']([A-Z][A-Z0-9_]*_API_KEY)["']\$([A-Z][A-Z0-9_]*_API_KEY) (shell scripts)Dedupe and sort all hits.
Call ask_user. Put the detection list in the detail field (hint-style subtitle); keep question short:
{
"questions": [
{
"question": "Are the detections above correct?",
"detail": "dependence: [yt-dlp, ffmpeg]\napi_key_name: []",
"options": ["Yes, continue", "No, let me edit dependence", "No, let me edit api_key_name", "No, edit both"]
}
]
}
detail is multi-line hint text; question is the short prompt. The popup renders detail with hint style (subtitle) and question with bold (title). Never stuff detail content into question ā they will render together and become unreadable.
name and summary from tool.jsonUse tool.json as the source of truth ā do not ask_user to confirm:
manifest.name = tool.json::name verbatimmanifest.summary = first line of tool.json::description, truncated to 120 charsIf either fails Ā§6 validation (name pattern / summary length), Ā§6 will ask_user to fix. Do not prompt proactively here.
Pre-read <extension_dir>/manifest.json if it exists and use its version as the default; otherwise default to 1.0.0.
ask_user (single free-text):
Enter version (semver `MAJOR.MINOR.PATCH`, e.g. 1.0.0; blank = use default <default>):
default: <existing manifest version or 1.0.0>
Reply handling:
| Reply | Action |
|---|---|
| Blank / whitespace-only / empty | Use default as manifest.version ā not an error, do not re-prompt |
Matches ^\d+\.\d+\.\d+$ | Accept as-is |
Anything else (incl. v prefix, pre-release like 1.0.0-beta, build metadata +sha, etc.) | Re-prompt; abort after 3 attempts with "version format invalid, upload cancelled" |
Never treat blank as an error ā a deliberate blank means "use default".
Call get_user_email:
{"email": "<stored value>"} ā use directly, do not re-prompt, jump to Ā§6{"email": ""} ā fall through to Ā§5.2 first-time setupask_user (single free-text):
First publish needs a marketplace registry email (stored in ~/.config/agenvoy/config.json, reused next time):
Validate against ^[^@\s]+@[^@\s]+\.[^@\s]+$:
set_user_email(email=<lowercased>) to persist (worker normalizes to lowercase, client must match)The entire username / git config user.name chain is gone ā marketplace identity uses email only. The manifest uses the email field (not author); its value is the lowercased pure email string.
Assemble the candidate manifest:
{
"name": "<tool.json::name>",
"type": "script",
"version": "<from Ā§4.5>",
"summary": "<first line of tool.json::description, truncated to 120>",
"email": "<Ā§5.1/5.2 registry email, lowercased>",
"dependence": <confirmed in Ā§3>,
"api_key_name": <confirmed in Ā§3>,
"files": <raw_files from Ā§1>
}
Validate field by field; any failure triggers ask_user to fix that field:
| Field | Condition |
|---|---|
name | non-empty, matches ^[a-z0-9][a-z0-9_-]*$ |
type | ā {api, script} (worker rejects mcp) |
version | strict semver ^\d+\.\d+\.\d+$ (no pre-release suffix) |
summary | non-empty, ā¤ 120 chars |
email | non-empty, matches ^[^@\s]+@[^@\s]+\.[^@\s]+$ (already guaranteed by Ā§5) |
dependence | array, elements non-empty (empty array OK) |
api_key_name | array, each element matches [A-Z][A-Z0-9_]*_API_KEY (empty array OK) |
files | array, length ā„ 1, must include tool.json |
Re-validate after each fix; only proceed once everything passes.
Fixed output directory: ~/.config/agenvoy/tools/.extension/.package/ ā not $HOME/Downloads, not ~/.config/agenvoy/download/, not the current work dir, not the source dir.
Fixed filename format: <name>@<version>.tar.gz (e.g. yt-dlp-info@1.0.0.tar.gz).
write_file:
<extension_dir>/manifest.jsonrun_command:
mkdir -p ~/.config/agenvoy/tools/.extension/.package
tar --no-xattrs -czf ~/.config/agenvoy/tools/.extension/.package/<name>@<version>.tar.gz -C <extension_dir>/.. <basename(extension_dir)>/
Where <basename> is the last segment of extension_dir (e.g. yt_dlp_youtube_downloader).
--no-xattrs: mandatory. macOS bsdtar tries to read xattrs (e.g. com.apple.quarantine) by default; the sandbox can't read them and prints "Operation not permitted" warnings. Marketplace packages shouldn't carry OS-local metadata anyway.-C <parent>: points to the parent so the tarball stores <basename>/<file>... rather than absolute paths.run_command returns a merged stdout+stderr string to the LLM. The LLM cannot see the exit code by itself, and must not guess from stderr substrings like "not permitted" / "error" / "warning". tar can print xattr/ACL warnings yet still exit 0 with a valid tarball.
The only reliable check:
ls -l ~/.config/agenvoy/tools/.extension/.package/<name>@<version>.tar.gz
| ls result | Verdict |
|---|---|
| File exists, size > 0 bytes | Packaging succeeded. Record the size, proceed to Ā§8. Ignore every stderr warning from the tar step. |
No such file or directory or size 0 | Actually failed. Print the tar stderr to the user and abort. |
Do not branch on "stderr contains a warning ā failure". A tarball on disk = success.
If tar is not in the whitelist / blocked by the sandbox, tell the user:
ā ļø tar is not in the whitelist. Run /allow-cmd tar and retry, or have the maintainer add tar to configs/jsons/white_list.json.
Fixed endpoint: https://pkg.agenvoy.com/upload (do not let the user change the URL; never ask_user for an endpoint).
manifest.email is the registration email (pure email string); keep it for the Ā§9 report. read_file <extension_dir>/manifest.json to obtain the full JSON string for fields.manifest below (the worker will JSON.parse(manifest) and re-validate).
Call send_http_request. All four fields are required (url / method / content_type / body); missing any one of them and the worker returns multipart parse failed:
{
"url": "https://pkg.agenvoy.com/upload",
"method": "POST",
"content_type": "multipart",
"body": {
"fields": {
"manifest": "<full JSON string written in Ā§7>"
},
"files": [
{
"name": "tar",
"path": "~/.config/agenvoy/tools/.extension/.package/<name>@<version>.tar.gz",
"content_type": "application/gzip"
}
]
}
}
Do not simplify the payload:
content_type: "multipart" (defaults to json, worker won't see multipart, fails)body (must contain both fields and files)files[] (manifest is a text field, goes under fields.manifest)fields (tar is binary, goes under files[].path and is read from disk by the handler)Response is the send_http_request envelope: {status_code, headers, body}. status_code is the only branching signal ā do not guess from the body string.
| status_code | Expected body | Action |
|---|---|---|
| 202 | {"ok":false,"error":"verification_sent","email":"...","ttl_seconds":60} | Proceed to Ā§8.2 |
| 400 | schema error | Abort, print the error in the body |
| 413 | tar_too_large | Abort |
| 502 | email_send_failed | Abort |
| Other | Shouldn't happen on first POST without a code (always expect 202) | Abort, print the raw body |
ask_user (single free-text):
A verification code was sent to <email> (valid 60s). Enter the 6-digit code:
If blank or not 6 digits ā re-prompt up to 3 times; abort with "verification code format invalid, upload cancelled".
Do not swap ask_user for code guessing / pre-fill / popupSecret ā the code is not a secret, expires in 60s, and plaintext echo helps the user paste it correctly.
Call send_http_request ā same four-field structure as Ā§8.1, only difference is fields now also has code:
{
"url": "https://pkg.agenvoy.com/upload",
"method": "POST",
"content_type": "multipart",
"body": {
"fields": {
"manifest": "<same as 8.1>",
"code": "<6-digit code>"
},
"files": [
{
"name": "tar",
"path": "<same as 8.1>",
"content_type": "application/gzip"
}
]
}
}
| status_code | Action |
|---|---|
| 200 | Success ā parse body for r2_key / sha256 / size_bytes, proceed to Ā§9 |
| 401 | verification_failed (wrong / expired) ā loop back to Ā§8.2; abort after 3 retries |
| 409 | version_already_exists or type_mismatch ā abort, print body existing info, suggest the user run /version-generate to bump or align type |
| 422 | downgrade_not_allowed ā abort, print body latest, ask user to bump version |
| 413 | tar_too_large ā abort |
| 5xx | internal / email_send_failed ā abort, print raw body |
| Other | Abort, print raw body |
Success (Ā§8.3 returned 200):
ā
packaged & published
- manifest: <extension_dir>/manifest.json
- tarball: ~/.config/agenvoy/tools/.extension/.package/<name>@<version>.tar.gz
- size: <bytes>
- registry: pkg.agenvoy.com
- r2_key: <body.r2_key>
- sha256: <body.sha256>
size was captured by ls in Ā§7.5 ā do not re-run.
Upload-stage failure (Ā§8.1 / Ā§8.2 / Ā§8.3) ā show ā
packaged plus ā publish failed with the worker error; the local tarball stays in .package/ so the user can fix and retry.
Ā§7.5 disk-verify failure (tarball missing or size 0) ā show ā packaging failed with the tar stderr; do not proceed to Ā§8.
email; it must come from get_user_email (and Ā§5.2 ask_user + set_user_email if missing)git config user.name / git config user.email; marketplace identity uses only the config registry emailauthor field in the manifest; the worker expects email (a pure email string, not <name> (<email>))<safe-author> / <email-local> prefix; the filename is just <name>@<version>.tar.gz with no prefixdependence / api_key_name that weren't detected in the scripts; the user can add them in Ā§3, but the LLM must not embellishmanifest.json itself in the files array (the marketplace client fetches the manifest separately)-C <parent> in Ā§7 ā the tarball would contain absolute paths otherwise--no-xattrs in Ā§7 ā macOS sandbox can't read xattrs and would flood warningsls -l <tarball> is the only success checkrun_command returns merged stdout+stderr and the LLM has no exit code ā disk state is the source of truthā
packaged and ā publish failed while stopping at the packaging step ā that's a contradiction; once Ā§7.5 passes, packaging succeeded and Ā§8 must run~/Downloads, ~/.config/agenvoy/download/, the source dir, tmp, or any path from ask_user; the output location is fixed at ~/.config/agenvoy/tools/.extension/.package/<safe-author>- / <email-local>- to the filename; fixed <name>@<version>.tar.gzzip for tar.gz (the marketplace only accepts tar.gz)1.0, v1.0.0, 1.0.0-beta etc.extension_dir; the source root is fixed at ~/.config/agenvoy/tools/script/ ā do not scan .extension/ / api/ / anywhere elseask_user to collect a keyword when the skill is invoked without one ā list all subdirectories directly (the user explicitly wants to browse everything)type via path inference or ask_user; this skill only packages type:scriptpy_compile / node --check in Ā§2.7 with "run the whole script" ā top-level reads on stdin would hangask_user for name or summary in Ā§4; tool.json is the source of truth, Ā§6 handles validation fallbackversion in the main flow ā do not hardcode 1.0.0 or rely on Ā§6 fallbackv prefix, pre-release suffix, or build metadata (+sha) in Ā§4.5; strict ^\d+\.\d+\.\d+$https://pkg.agenvoy.com/upload; do not ask_user for a URL or fall back to staging / custom domainspopupSecret to collect the code in Ā§8.2; the code is not a secret, expires in 60s, plaintext echo helps the user paste itrun_command with curl / wget; uploads must use send_http_request with content_type=multipart, binary read from files[].pathsend_http_request payload ā all four fields (url/method/content_type/body) are required, and body must contain both fields and filescontent_type: "multipart" (defaults to json, worker won't see multipart)files[] (it's a text field, goes under fields.manifest); never put tar bytes into fields (binary goes under files[].path and the handler reads from disk)status_code; use the send_http_request envelope status_code as the only branch signal/version-generate or manual adjustment, then re-run the whole skill