Documentation
¶
Overview ¶
Package skills provides OCI artifact types, media types, local storage, and remote registry operations for ToolHive skill packages.
A skill is an OCI artifact containing MCP server configuration, prompt files, and metadata. This package defines the constants, data structures, storage layer, and registry client that the rest of the ToolHive ecosystem uses to package, push, pull, and cache skills as OCI images.
Media Types and Constants ¶
Standard OCI media types and ToolHive-specific annotation/label keys:
// Artifact type identifies a skill manifest skills.ArtifactTypeSkill // "dev.toolhive.skills.v1" // Annotations carry metadata in manifests skills.AnnotationSkillName skills.AnnotationSkillVersion // Labels carry metadata in OCI image configs skills.LabelSkillName skills.LabelSkillFiles
Registry Client ¶
The Registry type implements RegistryClient for pushing and pulling skill artifacts to/from OCI-compliant registries (GHCR, ECR, Docker Hub, etc.). It uses ORAS for registry operations and the Docker credential store for authentication by default:
reg, err := skills.NewRegistry() // Push an artifact err = reg.Push(ctx, store, indexDigest, "ghcr.io/myorg/my-skill:v1.0.0") // Pull an artifact digest, err := reg.Pull(ctx, store, "ghcr.io/myorg/my-skill:v1.0.0")
Use functional options to customise behaviour:
reg, err := skills.NewRegistry(
skills.WithPlainHTTP(true), // for local dev registries
skills.WithCredentialStore(myStore), // custom auth
)
Stability ¶
This package is Alpha. Breaking changes are possible between minor versions.
Index ¶
- Constants
- Variables
- func DefaultStoreRoot() string
- func ParseRequiresAnnotation(annotations map[string]string) []string
- func StoreRoot(dataHome string) string
- type FileEntry
- type GzipOptions
- type PackageOptions
- type PackageResult
- type Packager
- type Registry
- type RegistryClient
- type RegistryOption
- type SkillConfig
- type SkillPackager
- type Store
- func (s *Store) DeleteBuild(ctx context.Context, tag string) error
- func (s *Store) DeleteTag(ctx context.Context, tag string) error
- func (s *Store) GetBlob(ctx context.Context, d digest.Digest) ([]byte, error)
- func (s *Store) GetIndex(ctx context.Context, d digest.Digest) (*ocispec.Index, error)
- func (s *Store) GetManifest(ctx context.Context, d digest.Digest) ([]byte, error)
- func (s *Store) IsIndex(ctx context.Context, d digest.Digest) (bool, error)
- func (s *Store) ListTags(ctx context.Context) ([]string, error)
- func (s *Store) PutBlob(ctx context.Context, content []byte) (digest.Digest, error)
- func (s *Store) PutManifest(ctx context.Context, content []byte) (digest.Digest, error)
- func (s *Store) Resolve(ctx context.Context, tag string) (digest.Digest, error)
- func (s *Store) Root() string
- func (s *Store) Tag(ctx context.Context, d digest.Digest, tag string) error
- func (s *Store) Target() oras.Target
- type TarOptions
Constants ¶
const ( // MaxTarFileSize is the maximum size of a single file in a tar archive (100MB). // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.MaxTarFileSize. MaxTarFileSize = artifact.MaxTarFileSize // MaxDecompressedSize is the maximum size of decompressed data (100MB). // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.MaxDecompressedSize. MaxDecompressedSize = artifact.MaxDecompressedSize // MaxManifestSize is the maximum size of a manifest (1MB). // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.MaxManifestSize. MaxManifestSize = artifact.MaxManifestSize // MaxBlobSize is the maximum size of a blob (100MB). // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.MaxBlobSize. MaxBlobSize = artifact.MaxBlobSize )
Size limit constants re-exported from the artifact package.
const ( // OSLinux is the Linux OS identifier used in OCI platform specs. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.OSLinux. OSLinux = artifact.OSLinux // ArchAMD64 is the x86-64 architecture identifier used in OCI platform specs. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.ArchAMD64. ArchAMD64 = artifact.ArchAMD64 // ArchARM64 is the 64-bit ARM architecture identifier used in OCI platform specs. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.ArchARM64. ArchARM64 = artifact.ArchARM64 )
OS and architecture constants for OCI platform specifications.
const ( // AnnotationSkillName is the annotation key for skill name. AnnotationSkillName = "dev.toolhive.skills.name" // AnnotationSkillDescription is the annotation key for skill description. AnnotationSkillDescription = "dev.toolhive.skills.description" // AnnotationSkillVersion is the annotation key for skill version. AnnotationSkillVersion = "dev.toolhive.skills.version" // AnnotationSkillRequires is the annotation key for skill external dependencies (JSON array of OCI references). AnnotationSkillRequires = "dev.toolhive.skills.requires" )
Annotation keys for skill metadata in manifests.
const ( // LabelSkillName is the label key for skill name. LabelSkillName = "dev.toolhive.skills.name" // LabelSkillDescription is the label key for skill description. LabelSkillDescription = "dev.toolhive.skills.description" // LabelSkillVersion is the label key for skill version. LabelSkillVersion = "dev.toolhive.skills.version" // LabelSkillAllowedTools is the label key for allowed tools (JSON array). LabelSkillAllowedTools = "dev.toolhive.skills.allowedTools" // LabelSkillLicense is the label key for skill license. LabelSkillLicense = "dev.toolhive.skills.license" // LabelSkillFiles is the label key for skill files (JSON array). LabelSkillFiles = "dev.toolhive.skills.files" )
Label keys for skill metadata in OCI image config.
const (
// ArtifactTypeSkill identifies skill artifacts in manifests.
ArtifactTypeSkill = "dev.toolhive.skills.v1"
)
Artifact type for skill identification.
const SkillFileName = "SKILL.md"
SkillFileName is the required metadata file name for a skill directory.
Variables ¶
var ( // DefaultTarOptions returns default options for reproducible tar archives. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.DefaultTarOptions. DefaultTarOptions = artifact.DefaultTarOptions // CreateTar creates a reproducible tar archive from the given files. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.CreateTar. CreateTar = artifact.CreateTar // ExtractTar extracts files from a tar archive. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.ExtractTar. ExtractTar = artifact.ExtractTar // ExtractTarWithLimit extracts files from a tar archive with a per-file size limit. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.ExtractTarWithLimit. ExtractTarWithLimit = artifact.ExtractTarWithLimit )
Function forwarding for tar primitives.
var ( // DefaultGzipOptions returns default options for reproducible gzip compression. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.DefaultGzipOptions. DefaultGzipOptions = artifact.DefaultGzipOptions // Compress creates a reproducible gzip compressed byte slice. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.Compress. Compress = artifact.Compress // Decompress decompresses gzip data. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.Decompress. Decompress = artifact.Decompress // DecompressWithLimit decompresses gzip data with a size limit. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.DecompressWithLimit. DecompressWithLimit = artifact.DecompressWithLimit // CompressTar creates a reproducible .tar.gz from the given files. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.CompressTar. CompressTar = artifact.CompressTar // DecompressTar extracts files from a .tar.gz archive. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.DecompressTar. DecompressTar = artifact.DecompressTar )
Function forwarding for gzip primitives.
var ( // PlatformString returns the platform in "os/arch" or "os/arch/variant" format. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.PlatformString. PlatformString = artifact.PlatformString // ParsePlatform parses a platform string in "os/arch" or "os/arch/variant" format. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.ParsePlatform. ParsePlatform = artifact.ParsePlatform // DefaultPlatforms are the default platforms for artifacts. // Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.DefaultPlatforms. DefaultPlatforms = artifact.DefaultPlatforms )
Function forwarding for platform helpers.
var ( // ErrInvalidSkillDir indicates the skill directory is missing, not a // directory, or otherwise unsafe to read (e.g. contains path traversal). ErrInvalidSkillDir = errors.New("invalid skill directory") // ErrSkillMDMissing indicates SKILL.md is not present in the skill // directory. ErrSkillMDMissing = errors.New("SKILL.md missing") // ErrInvalidFrontmatter indicates the SKILL.md YAML frontmatter is // missing, malformed, oversized, or missing required fields such as // the skill name. ErrInvalidFrontmatter = errors.New("invalid SKILL.md frontmatter") // ErrTooManyFiles indicates the skill directory exceeds the maximum // allowed number of files. ErrTooManyFiles = errors.New("too many files in skill directory") // ErrSkillTooLarge indicates the skill directory exceeds the maximum // allowed total size. ErrSkillTooLarge = errors.New("skill directory too large") // ErrInvalidSkillFile indicates a per-file issue inside the skill // directory: a symlink, a non-regular file, or an unreadable entry. ErrInvalidSkillFile = errors.New("invalid skill file") )
Sentinel errors returned (wrapped) by the packager so callers can classify failures with errors.Is instead of matching error message strings. The underlying error message is preserved at each call site via fmt.Errorf with %w; only the classification is added.
Functions ¶
func DefaultStoreRoot ¶
func DefaultStoreRoot() string
DefaultStoreRoot returns the default store root directory using XDG base directory conventions.
func ParseRequiresAnnotation ¶
ParseRequiresAnnotation parses skill dependency references from manifest annotations. Returns nil if the annotation is missing or invalid.
Types ¶
type FileEntry ¶
FileEntry represents a file to include in a tar archive. Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.FileEntry.
type GzipOptions ¶
type GzipOptions = artifact.GzipOptions
GzipOptions configures reproducible gzip compression. Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.GzipOptions.
type PackageOptions ¶
type PackageOptions struct {
// Epoch is the timestamp to use for reproducible builds.
Epoch time.Time
// Platforms specifies target platforms for the image index.
// If empty, defaults to DefaultPlatforms.
Platforms []ocispec.Platform
}
PackageOptions configures skill packaging.
func DefaultPackageOptions ¶
func DefaultPackageOptions() PackageOptions
DefaultPackageOptions returns default packaging options. Respects SOURCE_DATE_EPOCH for reproducible builds.
type PackageResult ¶
type PackageResult struct {
IndexDigest digest.Digest
ManifestDigest digest.Digest
ConfigDigest digest.Digest
LayerDigest digest.Digest
Config *SkillConfig
Platforms []ocispec.Platform
}
PackageResult contains the result of packaging a skill.
type Packager ¶
type Packager struct {
// contains filtered or unexported fields
}
Packager creates reproducible OCI artifacts from skill directories.
func NewPackager ¶
NewPackager creates a new packager with the given store. Panics if store is nil.
func (*Packager) Package ¶
func (p *Packager) Package(ctx context.Context, skillDir string, opts PackageOptions) (*PackageResult, error)
Package packages a skill directory into an OCI artifact in the local store.
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry provides operations for pushing and pulling skills from OCI registries.
func NewRegistry ¶
func NewRegistry(opts ...RegistryOption) (*Registry, error)
NewRegistry creates a new registry client with the given options. By default it uses the Docker credential store for authentication.
type RegistryClient ¶
type RegistryClient interface {
// Push pushes an artifact from the local store to a remote registry.
Push(ctx context.Context, store *Store, manifestDigest digest.Digest, ref string) error
// Pull pulls an artifact from a remote registry into the local store.
Pull(ctx context.Context, store *Store, ref string) (digest.Digest, error)
}
RegistryClient provides remote OCI registry operations for skills.
type RegistryOption ¶
type RegistryOption func(*Registry)
RegistryOption configures a Registry.
func WithCredentialStore ¶
func WithCredentialStore(store credentials.Store) RegistryOption
WithCredentialStore sets a custom credential store for registry authentication. If not provided, the default Docker credential store is used.
func WithPlainHTTP ¶
func WithPlainHTTP(enabled bool) RegistryOption
WithPlainHTTP configures whether the registry client uses plain HTTP (insecure) connections.
type SkillConfig ¶
type SkillConfig struct {
Name string `json:"name"`
Description string `json:"description"`
Version string `json:"version,omitempty"`
AllowedTools []string `json:"allowedTools,omitempty"`
License string `json:"license,omitempty"`
Compatibility string `json:"compatibility,omitempty"`
Metadata map[string]string `json:"metadata,omitempty"`
Files []string `json:"files"`
}
SkillConfig represents skill metadata extracted from OCI image config labels.
func SkillConfigFromImageConfig ¶
func SkillConfigFromImageConfig(imgConfig *ocispec.Image) (*SkillConfig, error)
SkillConfigFromImageConfig extracts SkillConfig from OCI image config labels.
type SkillPackager ¶
type SkillPackager interface {
// Package packages a skill directory into an OCI artifact in the local store.
Package(ctx context.Context, skillDir string, opts PackageOptions) (*PackageResult, error)
}
SkillPackager creates OCI artifacts from skill directories.
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
Store provides local OCI artifact storage backed by an OCI Image Layout.
func NewStore ¶
NewStore creates a new local OCI store at the given root directory. The directory is initialized as an OCI Image Layout with blobs/, oci-layout, and index.json.
func (*Store) DeleteBuild ¶ added in v0.0.14
DeleteBuild removes a tag and, if no other tag shares the same digest, deletes all associated blobs (config, layers, manifest, and index if applicable). Use DeleteTag when tag-only removal is desired and blob cleanup is not needed.
func (*Store) DeleteTag ¶ added in v0.0.14
DeleteTag removes a tag from the store index without deleting the underlying blobs.
func (*Store) GetManifest ¶
GetManifest retrieves a manifest by digest.
func (*Store) PutManifest ¶
PutManifest stores a manifest and returns its digest.
type TarOptions ¶
type TarOptions = artifact.TarOptions
TarOptions configures reproducible tar archive creation. Deprecated: use github.com/stacklok/toolhive-core/oci/artifact.TarOptions.