AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/app/marketplace_server/packager.py
minasarustamyan dc5e0e0d11
Marketplace UX overhaul: rich plugin/skill/agent detail + filename rename (#251) 
* Rename agnes-metadata.json to marketplace-metadata.json

Curated marketplace enrichment file (.claude-plugin/agnes-metadata.json)
becomes marketplace-metadata.json. Clean cut, no fallback — curators of
upstream marketplace repos must rename the file on their side.

Python API renames mirror the file rename: read_agnes_metadata →
read_marketplace_metadata, AGNES_METADATA_REL → MARKETPLACE_METADATA_REL,
AGNES_METADATA_MAX_BYTES → MARKETPLACE_METADATA_MAX_BYTES. Synth Claude
Code marketplace strip rule (.agnes/** + the metadata file) follows the
new filename.

* Marketplace detail polish: window cover + 715:310 aspect + helper alignment

- Plugin & item (skill/agent) detail hero: 160x160 square cover replaced
  with a macOS-style window frame (3 traffic-light dots + titlebar label
  showing the entity name). Body is constrained to 715:310 so curator-
  uploaded covers no longer crop to a square. Window is 380px wide; meta
  column and absolutely-positioned top-right install/remove actions stay
  put. Fallback when no cover_photo_url (translucent gradient + PL/SK/AG
  initials) is unchanged, just inside the window body.

- Inner skill/agent cards in the plugin detail's Internal structure
  section adopt the same 715:310 aspect (was fixed 78px tall). No window
  chrome on inner cards — just the matching proportions so covers read
  consistently across hero, grid tiles, and listing cards.

- Curated nested item helper text ("This skill is part of ... — add the
  bundle to your stack to use it") now stacks UNDER the "Open parent
  plugin" button instead of being a side-by-side flex sibling in the
  actions-row. Added align-self: flex-end so the 260px helper box
  anchors at the right edge of the 300px actions column, matching the
  button's right edge.

* Marketplace My tab: surface the same category + type filters as Flea

- Frontend: mp-cat-row and mp-type-row now show on tab=my (previously
  hidden — type was flea-only, category was flea/curated-only). Curated
  browse stays plugin-only and continues to hide the type pills.
  fetchOne() sends the `type` param for tab=my too, so the items
  endpoint's existing my-branch filter actually receives it.

- Backend categories endpoint, tab=my branch: when the type filter is
  set to skill/agent, skip counting curated subscriptions. Curated
  plugins are always type='plugin', so they wouldn't survive the items
  endpoint's type filter; including them in the category counts made
  the pill numbers overstate what users could actually see in the
  grid. type=None or type='plugin' keeps the previous behaviour.

- CHANGELOG entry under [Unreleased].

* Marketplace plugin detail: render rich content from marketplace-metadata.json

Adds five optional plugin-level fields to marketplace-metadata.json and
renders them on the curated plugin detail page + listing card:

* display_name — friendly h1 / listing-card name / mac-window titlebar
  label (overrides the technical plugin id)
* tagline — punchy 1-line value prop for the hero subtitle and the
  listing card description (replacing the verbose marketplace.json
  description on cards)
* description — multi-paragraph markdown body, server-side rendered
  through markdown-it-py and sanitized through nh3 with a
  description-scoped allowlist (no iframes / no raw HTML / no
  javascript: links). Powers the "What it does" panel.
* use_cases[] — {title, description, prompt} entries that render as a
  3-column "When to use it" card grid; each card shows the literal
  prompt as a code chip so users can copy-paste into Claude Code.
* sample_interaction — {user, assistant} dialog rendered in a Claude
  Code-style dark Catppuccin Mocha transcript panel: monospace user
  row with a green ">" prompt indicator + sans-serif assistant body
  with markdown formatting (peach bold, yellow italic, pink inline
  code, mantle-dark fenced code blocks).

All five fields are optional; UI sections only render when populated,
so plugins without enrichment look identical to before. Fields are
read on-demand from the working tree (cached by mtime per marketplace
slug) so curator edits land at the next request without waiting for
a sync cycle — same pattern as the existing inner-skill/agent
enrichment path. No DB schema bump.

Skill / agent rich-content rendering is deferred to a later phase
(needs a source-of-truth decision: extend plugin.yml? LLM-generate
from SKILL.md / agent.md?). The schema accepts the same fields at
skill/agent level today for forward compatibility but the UI ignores
them for now.

Also: stripped a stale `background-color: var(--bg)` from the global
`code` rule in style.css (was making inline code visually disappear
on the page background).

* Skill / agent detail: render rich content from marketplace-metadata.json

Brings the skill/agent detail pages to parity with the plugin detail
page. Same rich-content schema (display_name, tagline, description as
markdown, use_cases[], sample_interaction) plus two per-item additions:

* invocation — curator-provided literal command string. When set,
  overrides the computed "<manifest_name>:<inner_name>" chip and
  cleanly supports both "/" skill prefix and "@" agent prefix (the
  hardcoded "/" in the chip markup is hidden when the curator provides
  the invocation, so /grpn-eng:query <q> and @grpn-eng:cto-architect
  both render correctly).
* when_to_use — markdown disambiguation block ("Use this for X. For
  similar Y, see /other-skill") rendered into a new "When to use this"
  panel below the Example section.

Skill / agent category is now per-item overridable in
marketplace-metadata.json. When absent, the API keeps the parent
plugin's category as the badge so existing items don't lose their
category until curators opt in to per-item categorization.

The new "Example" Q&A panel uses the same Claude Code-style dark
Catppuccin Mocha transcript treatment as the plugin detail —
monospace user row with a green ">" prompt indicator + sans-serif
assistant body with markdown formatting.

All new fields are optional and read on-demand from the working tree.
Skills / agents whose marketplace-metadata.json doesn't carry rich
content render exactly the same way they did before (frontmatter
description + computed slash command + cover from existing v32
enrichment). No DB schema bump.

* Fix TypeError in skill / agent detail when curator sets per-item category

`curated_skill_detail` and `curated_agent_detail` were passing both
`**parent` (from `_curated_inner_parent_fields`, which returns the
parent plugin's category as a fallback) and `**enrichment` (from
`_curated_inner_enrichment`, which returns the per-item category
override when the curator set one) into `InnerDetailResponse(...)`.

Python function-call kwargs unpacking with overlapping keys raises
`TypeError: got multiple values for keyword argument 'category'`
— it doesn't merge like a literal dict does. The bug only surfaced
when the marketplace-metadata.json carried a `category` field at
skill / agent level (curator opting into per-item categorization);
items without that override hit the endpoint cleanly because only
parent provided the key.

Fix: build `merged = {**parent, **enrichment}` first (literal-dict
syntax DOES merge, with the right-hand-side winning) and unpack the
merged dict. Curator override still wins via the merge order, and
the same pattern is future-proof for any other field that lands in
both layers later.

Plus a regression test in test_marketplace_metadata.py asserting
that the inner-resolver carries `category` for downstream merging.

* Marketplace detail: tolerate partial curator JSON

Server constructed UseCase / SampleInteraction via raw dict indexing
(uc["title"], sample["assistant"]), so a curator commit missing any
required Pydantic field crashed the whole plugin / skill / agent detail
endpoint with a 500. Route both constructions through _safe_use_case /
_safe_sample_interaction helpers — partial input silently drops the
malformed card / section instead of breaking the page.

Regression test in test_marketplace_api.py covers the three shapes:
use_case missing a key, use_case with an empty string, and
sample_interaction with only user (no assistant). Sibling rich fields
still render.

* Address PR-251 review (must-fixes + S2/S3 polish) + release-cut 0.50.0

Five must-fixes from the review pass (3 from @cvrysanek's two-stage
review, 2 from my independent pass), plus the 0.50.0 release-cut as the
last commit on this PR per CLAUDE.md (CLAUDE.md "Release-cut belongs
to the PR" rule added in v0.49.1).

Must-fixes
----------

1. Cache eviction: bounded LRU instead of per-marketplace predicate.
   The previous predicate (`k[0] == marketplace_id and k[1] != mtime_ns`)
   only swept stale entries for the CURRENT marketplace; with N>100
   distinct marketplaces each holding one mtime key, the cap silently
   failed and memory grew linearly. Replaced with OrderedDict-backed
   bounded LRU at cap=256, drop oldest insert on overflow.
   Cache stress test pinned in test_marketplace_metadata.py.

2. Render CPU cap: per-field byte cap on description / when_to_use /
   sample_interaction.assistant via MARKETPLACE_METADATA_FIELD_MAX_BYTES
   (= 64 KiB). Without this, a 1 MiB curator markdown body × QPS =
   curator-controlled CPU burn through pure-Python markdown-it-py.
   Truncation respects UTF-8 boundaries and logs a warning so the
   curator sees the cap fire on the next sync. Test for cap +
   UTF-8-boundary preservation.

3. Inner-detail bypassed the metadata cache. _curated_inner_enrichment,
   _curated_inner_cover, and curated_detail all called
   read_marketplace_metadata directly, defeating the mtime cache the
   plugin listing already shared. Routed all three through
   _read_metadata_cached so skill/agent detail hits are O(1) re-parses
   per marketplace per mtime instead of O(QPS).

4. Truthy-vs-presence trap in plugin/inner enrichment merge. API-layer
   writers used `if resolved.get(k):` which silently dropped any
   future falsy-but-valid resolver field (bool featured=False, int
   priority=0, str category=''). Switched to presence check
   (`if k in resolved`) so the resolver is the authority on field
   presence; `{**parent, **enrichment}` merge respects whatever the
   resolver decided to ship.

5. Vendor-agnostic OSS cleanup. Removed operator-specific token
   references (/grpn-eng:, @grpn-eng:, .foundryai/) from
   src/marketplace_metadata.py docstring, app/web/templates/
   marketplace_item_detail.html JS comment, docs/curated-marketplace-
   format.md, and tests/test_marketplace_metadata.py fixtures. Replaced
   with generic /my-plugin:tool / @my-agent:role / .example/ placeholders.

CHANGELOG
---------
- New "### Fixed (PR #251 follow-ups)" section documenting all 4
  code-side must-fixes
- New "### Internal" section noting the vendor cleanup + new tests
- BREAKING bullet for the file rename now covers operator-side
  migration: running instances see plugin enrichment disappear from
  the UI until upstream curator renames + nightly sync overwrites the
  working tree; POST /api/marketplaces/{id}/sync forces refresh sooner
- Stripped /grpn-eng: leaks from the existing skill/agent rich-content
  bullet

Tests
-----
128 targeted tests pass (test_marketplace_metadata, test_marketplace_api,
test_marketplace, test_markdown_render, test_marketplace_synth_strip,
test_marketplace_filter). New tests added:
- 6 XSS regression tests on render_safe (javascript:/data:/vbscript:
  schemes via autolink, reference link, and mixed-case + positive
  http/https/mailto + noopener noreferrer rel)
- 3 byte-cap tests (truncation + UTF-8 boundary + under-cap pass-through)
- 1 cache eviction stress test (>256 marketplaces -> bounded at cap)
- 1 truthy-vs-presence resolver-contract test

Release-cut
-----------
- pyproject.toml 0.49.1 -> 0.50.0 (minor; BREAKING file rename per
  pre-1.0 CHANGELOG note: "breaking changes called out under Changed
  or Removed with the BREAKING marker")
- CHANGELOG [Unreleased] -> [0.50.0] - 2026-05-12, new empty
  [Unreleased] on top.

---------

Co-authored-by: Minas Arustamyan <arustamyan.minas@gmail.com>
Co-authored-by: ZdenekSrotyr <zdenek.srotyr@keboola.com>
2026-05-12 08:38:39 +00:00

294 lines
11 KiB
Python
Raw Blame History

"""Build a deterministic ZIP + per-request info for the aggregated marketplace.
The ZIP is the delivery artifact for the non-git channel. Its layout:
.claude-plugin/marketplace.json ← merged, prefixed-name manifest
plugins/<prefixed_name>/... ← copy of ${DATA_DIR}/marketplaces/<slug>/
plugins/<plugin_name>/...
.agnes/version.json ← per-request diagnostics
Determinism requirements:
- Members sorted by arcname
- Fixed DOS timestamp (1980-01-01)
- ZIP_DEFLATED
- UNIX mode 0o644
Two users with the same allowed plugin set therefore produce byte-identical
ZIPs (modulo `.agnes/version.json`, which carries `generated_at`; this is why
the git channel strips that file — see git_backend).
"""
from __future__ import annotations
import io
import json
import os
import threading
import zipfile
from datetime import datetime, timezone
from typing import Any, Dict, List, Optional, Tuple
import duckdb
from cachetools import TTLCache
from src import marketplace_filter
MARKETPLACE_NAME = "agnes"
# In-process TTL cache for compute_etag() results. The expensive part of
# compute_etag is a SHA256 over every plugin file on disk; for a stable
# marketplace this hash doesn't change between requests. We key on the
# resolved plugin set (prefixed_name + version + plugin_dir path) so two
# users with the same allowed view share the same cache entry.
#
# TTL bounds drift between cache and on-disk content. Marketplace sync runs
# nightly; the default 120s TTL means the first session-start in a cold
# minute pays the SHA cost and the next ~120s of session-starts (across all
# users with the same view) hit the cache. Override with
# AGNES_MARKETPLACE_ETAG_TTL=<seconds> for tests / tighter staleness bounds;
# set 0 to disable.
_ETAG_CACHE_TTL = int(os.environ.get("AGNES_MARKETPLACE_ETAG_TTL", "120"))
_ETAG_CACHE: Optional[TTLCache] = (
TTLCache(maxsize=512, ttl=_ETAG_CACHE_TTL) if _ETAG_CACHE_TTL > 0 else None
)
_ETAG_CACHE_LOCK = threading.Lock()
MARKETPLACE_OWNER = {"name": "Agnes AI Analyst"}
MARKETPLACE_DESCRIPTION = (
"Aggregated per-user Claude Code marketplace — served by agnes-the-ai-analyst"
)
DETERMINISTIC_TIMESTAMP = (1980, 1, 1, 0, 0, 0)
def _merged_manifest(plugins: List[dict], etag: str) -> Dict[str, Any]:
"""Synthesize .claude-plugin/marketplace.json over the filtered plugin set.
Each entry copies the plugin's cached `raw` manifest, then overrides:
- `name` = manifest_name (from the plugin's own plugin.json — must
match the loaded plugin's identity, or the
`/plugin` UI Components panel can't link
the loaded plugin back to its catalog
entry; see src.marketplace_filter)
- `source` = "./plugins/<prefixed_name>" (slug-prefixed dir avoids
cross-marketplace file collisions in the
flat ZIP / git tree layout)
All other fields (version, description, author, homepage, keywords, ...)
are preserved so Claude Code UI looks the same as if the user pulled from
the upstream marketplace directly.
"""
entries: List[dict] = []
for plugin in plugins:
entry = dict(plugin["raw"]) # shallow copy — we only override two keys
entry["name"] = plugin["manifest_name"]
entry["source"] = f"./plugins/{plugin['prefixed_name']}"
# Always honor the cached version on the aggregated manifest — the
# plugin_dir on disk might have drifted if sync fetched a new commit
# after marketplace_plugins was written, but this is the authoritative
# record.
if plugin.get("version") and "version" not in entry:
entry["version"] = plugin["version"]
entries.append(entry)
return {
"name": MARKETPLACE_NAME,
"owner": MARKETPLACE_OWNER,
"metadata": {
"description": MARKETPLACE_DESCRIPTION,
"version": etag,
},
"plugins": entries,
}
def build_info(conn: duckdb.DuckDBPyConnection, user: dict) -> Dict[str, Any]:
"""Return a JSON-serializable summary for diagnostic / admin endpoints.
Mirrors the PoC's /marketplace/info contract; v24 splits the plugin list
by ``source`` so operators can tell at a glance whether a user's
marketplace view is admin-curated, Store-installed, or both.
"""
plugins = marketplace_filter.resolve_user_marketplace(conn, user)
etag = marketplace_filter.compute_etag(plugins)
def _entry(p: dict) -> Dict[str, Any]:
return {
"name": p["manifest_name"],
"original_name": p["original_name"],
"prefixed_name": p["prefixed_name"],
"marketplace_slug": p["marketplace_slug"],
"version": p.get("version"),
"description": p["raw"].get("description"),
"source": p.get("source", "marketplace"),
}
return {
"user_id": user.get("id"),
"email": user.get("email"),
"groups": marketplace_filter.resolve_user_groups(conn, user),
"marketplace_name": MARKETPLACE_NAME,
"etag": etag,
"plugin_count": len(plugins),
"plugins": [_entry(p) for p in plugins if p.get("source") != "store"],
"store_plugins": [_entry(p) for p in plugins if p.get("source") == "store"],
"generated_at": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"),
}
def _collect_members(plugins: List[dict], etag: str) -> List[Tuple[str, bytes]]:
"""Collect (arcname, bytes) pairs for everything that goes into the ZIP.
Intentionally returns unsorted — caller sorts for deterministic order.
Bundle entries (``bundle_dirs`` set, ``plugin_dir`` is None) get a synth
``.claude-plugin/plugin.json`` and content merged from every source dir
minus each source's own ``.claude-plugin/`` (the bundle ships its own).
"""
members: List[Tuple[str, bytes]] = []
manifest = _merged_manifest(plugins, etag)
members.append(
(
".claude-plugin/marketplace.json",
json.dumps(manifest, indent=2, sort_keys=False).encode("utf-8"),
)
)
for plugin in plugins:
prefix = plugin["prefixed_name"]
if plugin.get("bundle_dirs"):
members.append(
(
f"plugins/{prefix}/.claude-plugin/plugin.json",
_bundle_plugin_json_bytes(plugin),
)
)
from src.marketplace_filter import _bundle_files
for rel, abs_path in _bundle_files(plugin["bundle_dirs"]):
members.append(
(f"plugins/{prefix}/{rel}", abs_path.read_bytes())
)
continue
plugin_dir = plugin["plugin_dir"]
if plugin_dir is None or not plugin_dir.is_dir():
continue
for f in sorted(p for p in plugin_dir.rglob("*") if p.is_file()):
rel_parts = f.relative_to(plugin_dir).parts
# v32: strip Agnes-only files (`.agnes/**` and `marketplace-metadata.json`)
# from the synth Claude Code marketplace so user instances never
# see enrichment metadata they don't need. ETag is computed from
# the same filtered set (compute_etag in marketplace_filter), so
# adding/removing these files never busts user-side caches.
if marketplace_filter.is_agnes_only_path(rel_parts):
continue
rel = f.relative_to(plugin_dir).as_posix()
arc = f"plugins/{prefix}/{rel}"
members.append((arc, f.read_bytes()))
return members
def _bundle_plugin_json_bytes(plugin: dict) -> bytes:
"""Synth plugin.json for a bundle entry — uses the same fields as the
served marketplace.json plugin entry so Claude Code's catalog lookup
matches the loaded plugin's identity."""
payload = {
"name": plugin["manifest_name"],
"version": plugin.get("version") or "",
"description": plugin["raw"].get("description") or "",
}
return json.dumps(payload, indent=2).encode("utf-8")
def _write_zip_entry(zf: zipfile.ZipFile, arcname: str, data: bytes) -> None:
info = zipfile.ZipInfo(filename=arcname, date_time=DETERMINISTIC_TIMESTAMP)
info.compress_type = zipfile.ZIP_DEFLATED
info.external_attr = 0o644 << 16
zf.writestr(info, data)
def _etag_cache_key(plugins: List[dict]) -> tuple:
return tuple(
sorted(
(p["prefixed_name"], p.get("version") or "", str(p["plugin_dir"]))
for p in plugins
)
)
def compute_etag_for_user(
conn: duckdb.DuckDBPyConnection, user: dict
) -> Tuple[str, List[dict]]:
"""Resolve the user's served plugin set (admin grants minus opt-outs,
plus Store installs) and compute its content-addressed ETag.
Returns (etag, plugins) so callers that proceed to build_zip can reuse
the resolved plugin set and skip the second DB query.
"""
plugins = marketplace_filter.resolve_user_marketplace(conn, user)
if _ETAG_CACHE is None:
return marketplace_filter.compute_etag(plugins), plugins
cache_key = _etag_cache_key(plugins)
with _ETAG_CACHE_LOCK:
cached = _ETAG_CACHE.get(cache_key)
if cached is not None:
return cached, plugins
etag = marketplace_filter.compute_etag(plugins)
with _ETAG_CACHE_LOCK:
_ETAG_CACHE[cache_key] = etag
return etag, plugins
def invalidate_etag_cache() -> None:
"""Drop all cached etags. Called by marketplace sync after refresh so the
next request re-hashes against the new on-disk content instead of waiting
for TTL expiry."""
if _ETAG_CACHE is None:
return
with _ETAG_CACHE_LOCK:
_ETAG_CACHE.clear()
def build_zip(
conn: duckdb.DuckDBPyConnection,
user: dict,
*,
plugins: Optional[List[dict]] = None,
etag: Optional[str] = None,
) -> Tuple[bytes, str]:
"""Build the deterministic ZIP for this user. Returns (bytes, etag).
The `.agnes/version.json` entry carries `generated_at` for diagnostics and
therefore makes the ZIP non-byte-identical on every request. That's fine
for the ZIP channel (the ETag gate is computed from content hashes *before*
that file is added). The git channel uses file_set_for_user() instead,
which deliberately omits this diagnostic file.
Callers that already resolved plugins + etag (e.g. the router after an
If-None-Match miss) pass them as kwargs so we don't redo the work.
"""
if plugins is None or etag is None:
etag, plugins = compute_etag_for_user(conn, user)
members = _collect_members(plugins, etag)
version_payload = {
"user_id": user.get("id"),
"email": user.get("email"),
"groups": marketplace_filter.resolve_user_groups(conn, user),
"marketplace_name": MARKETPLACE_NAME,
"etag": etag,
"plugin_count": len(plugins),
"generated_at": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"),
}
members.append(
(
".agnes/version.json",
json.dumps(version_payload, indent=2, sort_keys=True).encode("utf-8"),
)
)
members.sort(key=lambda m: m[0])
buf = io.BytesIO()
with zipfile.ZipFile(buf, "w", compression=zipfile.ZIP_DEFLATED) as zf:
for arc, data in members:
_write_zip_entry(zf, arc, data)
return buf.getvalue(), etag
Reference in a new issue View git blame Copy permalink