oxios-kernel 1.8.0

Oxios kernel: supervisor, event bus, state store
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

//! Skill system: multi-format SKILL.md parsing with format detection,
//! plus multi-registry marketplace sources (ClawHub, Skills.sh).

pub mod clawhub;
pub mod format;
pub mod frontmatter;
pub mod manager;
pub mod prompt;
pub mod requirements;
pub mod skills_sh;
pub mod types;

pub use format::SkillFormat;
pub use manager::SkillManager;
pub use prompt::{compact_path, escape_xml};
pub use requirements::check_requirements;
pub use types::{
    ConfigCheck, InstallKind, Requirements, RequirementsCheck, Skill, SkillConfig, SkillEntry,
    SkillInstallSpec, SkillInvocationPolicy, SkillMeta, SkillMetadata, SkillRef, SkillSnapshot,
    SkillSource, SkillState, SkillStatus,
};

/// Returns true if `rel` is a safe relative path: no parent/root/prefix
/// components that could escape a target directory (Zip Slip / path traversal).
///
/// Used by skill installers (ClawHub zip extraction, skills.sh file writes)
/// to reject archive entries whose names contain `..`, absolute paths, or
/// Windows drive prefixes.
pub(crate) fn is_safe_relative_path(rel: &str) -> bool {
    let p = std::path::Path::new(rel);
    !p.components().any(|c| {
        matches!(
            c,
            std::path::Component::ParentDir
                | std::path::Component::RootDir
                | std::path::Component::Prefix(_)
        )
    })
}