feat(skills,plugins): add agent-invocable skills and plugin packaging#3127
Merged
feat(skills,plugins): add agent-invocable skills and plugin packaging#3127
Conversation
Closes #3105, closes #2806. Adds `SkillInvokeExecutor` in `crates/zeph-core/src/skill_invoker.rs`, wired into `CompositeExecutor` after `SkillExecutor`. The agent can now call the `invoke_skill` tool during its reasoning loop to fetch a registered skill's body by name. Trust pipeline: - Blocked skills are refused at the executor level and excluded from the catalog surfaced to the LLM (assembly.rs). - Non-Trusted skill bodies pass through `sanitize_skill_text`. - Quarantined bodies additionally pass through `wrap_quarantined`. - `invoke_skill` and `load_skill` added to `QUARANTINE_DENIED`. CLI: `zeph skill invoke <name> [--args ...]` New crate `crates/zeph-plugins` with `PluginManager`. A `plugin.toml` manifest bundles SKILL.md directories, MCP server entries, and tighten-only config overlay fragments into an installable package. Security: - Skill paths in manifests are canonicalized and must resolve under the plugin root (path-traversal guard). - MCP command allowlist uses verbatim match only (no basename fallback). - `remove()` validates the plugin name before calling `remove_dir_all`. - Config overlay rejects unknown keys and only permits tightening security limits (union for blocklists, intersection for allowlists, maximum for thresholds). Install location: `~/.local/share/zeph/plugins/<name>/` (XDG). Plugin skill dirs are wired into `skill_paths()` at bootstrap and hot- reloaded via a single recursive watcher on the plugins root. CLI: `zeph plugin add|remove|list` TUI: `/plugins list|add|remove`
github-actions
bot
added
documentation
Merged
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
invoke_skilltool (SkillInvokeExecutor) inzeph-core— the agent can now self-invoke registered skills by name during its reasoning loop, with a trust-aware sanitization pipeline (closes research(skills): agent-invocable slash commands via SlashCommand tool #3105)zeph-pluginscrate withPluginManagerfor install/remove/list of plugin packages bundling SKILL.md files, MCP server entries, and config overlays (closes research(core): plugin packaging system for bundled skills, MCP configs, and integrations #2806)Details
SkillInvokeTool:
crates/zeph-core/src/skill_invoker.rs—SkillInvokeExecutorwired intoCompositeExecutorinvoke_skillandload_skilladded toQUARANTINE_DENIEDassembly.rs(two-layer defense)zeph skill invoke <name> [--args ...]Plugin packaging:
crates/zeph-plugins/—PluginManager,plugin.tomlmanifest formatstarts_with(root)at install and runtimeplugins_dirroot for hot-reloadzeph plugin list|add|remove; TUI:/plugins list|add|removeNote: Runtime merging of plugin config overlays into the live
Configstruct is deferred to a follow-up PR.Test plan
cargo nextest run --workspace --features "desktop,ide,server,chat,pdf,scheduler" --lib --bins— 8427/8427 passcargo clippy --workspace --features "desktop,ide,server,chat,pdf,scheduler" -- -D warnings— cleancargo +nightly fmt --check— clean.local/testing/playbooks/skill-invoke-and-plugins.mdregister_hub_dirfor plugin trees,copy_dir_allsymlink handling, runtime config overlay merge