feat: add license metadata to skill frontmatter#594
feat: add license metadata to skill frontmatter#594jack-piplabs wants to merge 14 commits intoopenclaw:mainfrom
Conversation
Add an optional `license` field to SKILL.md frontmatter, parsed in the Convex backend, displayed on skill pages, and validated with ArkType. Schema: - `SkillLicense` type with structured boolean fields for commercial use, attribution, derivatives, transferability - `SkillLicenseSchema` ArkType validator - `SkillFrontmatterSchema` defining the complete SKILL.md frontmatter shape - `LICENSE_PRESETS` mapping 18 SPDX identifiers to structured terms - Backward-compatible parser accepts both simple string (`license: MIT`) and structured object forms UI: - `LicenseSelector` component on the upload skills page with preset picker and advanced boolean controls - License badge on skill detail page and install card - CLI `inspect` command displays license info Docs: - Updated `docs/skill-format.md` with field reference and examples Tests: - 60 parser tests including backward-compat normalization - 10 LicenseSelector UI tests
|
@jack-piplabs is attempting to deploy a commit to the Amantus Machina Team on Vercel. A member of the Team first needs to authorize it. |
Greptile SummaryThis PR successfully adds optional Three UX/usability issues warrant attention before merge:
All three are presentation/UX issues; the core data model, persistence, and security are sound. Confidence Score: 3/5
Last reviewed commit: 15668ee |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 15668ee208
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
Uploading a skill License selected Option to use a custom license Skills page with license information Updating a license, overriding previous license |
Read license from skill object instead of undefined result.license in CLI inspect. Account for frontmatter license when showing the "no license declared" upload warning.
![vercel[bot]](https://avatars.githubusercontent.com/in/8329?s=60&v=4){kind=small}
Detect multi-line license block (license:\n spdx: ...) in upload frontmatter parsing so the override warning fires for both forms. Keep the "Advanced terms" button visible when the panel is open with a toggle label so users can collapse it.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 716b29cf97
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
…arnings Add license field to ApiV1SkillResponseSchema in both schema packages so CLI inspect reads it from the top-level API response instead of casting through result.skill. Fix frontmatter regex to use horizontal whitespace only so multi-line license blocks fall through to the spdx extractor. Visually distinguish validation warnings from errors with muted italic styling.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d274a032e5
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
…ense in inspect Stop resetting license to bare SPDX when hiding the advanced panel so customized terms persist until the user changes the dropdown. Prefer version-specific license from the version detail API over the skill-level latest when --version or --tag is provided in clawhub inspect.
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a5190f4129
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
…sion When a version is fetched, use only that version's license (even if null) so clawhub inspect --version accurately reports "not declared" instead of silently showing the latest version's license.
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 376050dadf
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Pass parsed.license through toPublicSkillListVersion so the /api/v1/skills list endpoint returns license data. Handle \r\n line endings in the frontmatter delimiter regex so Windows-authored SKILL.md files are parsed correctly.
Replace fragile regex-based license extraction in upload UI with the yaml package parser, handling both string and structured object forms reliably. Remove inaccurate docs claim that custom SPDX identifiers show a warning during clawhub publish.
Warnings (like "No license declared") are advisory and should not prevent the "All checks passed" message from appearing. Render them in a separate list below the validation status.
Default the upload form license selector to MIT instead of empty. Remove the "No license declared" warning and associated warning rendering infrastructure since it's no longer needed. Drop hint labels from MIT and Apache-2.0 in the license dropdown.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9b548d95a7
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
If args.license is non-null but parseLicenseField returns undefined, fall through to the frontmatter license instead of silently dropping it.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d86f1e49a3
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Track whether the user touched the license selector; if not, omit license from the publish payload so the backend uses the SKILL.md frontmatter value. Also guard the legacy derivatives fallback on derivativesReciprocal being unset to prevent it from overwriting an explicitly provided value.
…from current value Only include license in the publish payload for skill mode when the user interacted with the selector, preventing Convex argument validation errors in soul mode. Seed advanced license editor controls from the current value prop instead of static presets so customizations persist across open/close cycles.
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 53a574b077
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Send null (not undefined) when the user selects "No license declaration" after touching the selector. Update resolveLicense to distinguish undefined (not provided, use frontmatter) from null (explicitly cleared).
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 272cc74186
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| if (raw && typeof raw === 'object' && !Array.isArray(raw)) { | ||
| const spdx = (raw as Record<string, unknown>).spdx | ||
| if (typeof spdx === 'string' && spdx.trim()) { | ||
| setFrontmatterLicense({ spdx: spdx.trim() }) |
There was a problem hiding this comment.
This parser collapses object-form frontmatter licenses down to { spdx }, which means later conflict checks only compare SPDX strings and treat license: { spdx: MIT, commercialUse: false } as equivalent to selecting plain MIT in the form. In that flow, submit sends an explicit { spdx: 'MIT' } override and drops the restrictive terms from SKILL.md without showing the “will override” warning, so publishers can unintentionally relax license terms.
Useful? React with 👍 / 👎.
1 participant
Summary
licensefield to SKILL.md frontmatter for declaring licensing terms on published skillsSkillLicenseSchema(ArkType) andSkillFrontmatterSchemaas the canonical schema for the complete SKILL.md frontmatter shapeLicenseSelectorcomponent on the upload skills page with 18 SPDX presets and advanced per-field controlsinspectoutputlicense: MIT) and structured object form with boolean fields (commercialUse,derivativesAllowed,transferable, etc.)commercial,attribution,derivatives,url) are still accepted and normalized automaticallyWhat's included
SkillLicensetype,SkillLicenseSchema,SkillFrontmatterSchema,LICENSE_PRESETSfor 18 SPDX identifiersparseLicenseField()with backward compat, Convex schema updateLicenseSelectoron upload page, license badge on detail/install cardclawhub inspectshows license termsdocs/skill-format.mdupdated with field reference and deprecation tableTest plan
npx vitest run convex/lib/skills.test.ts— 60 tests passnpx vitest run src/components/LicenseSelector.test.tsx— 10 tests passlicense: MITand verify badge appearsclawhub inspect <slug>and verify license output