feat(skills): add skill upload/download with zip and folder support by furtherref · Pull Request #68 · furtherref/multica

furtherref · 2026-05-23T14:06:42Z

Summary

Add a new Upload file method to the skill creation dialog, supporting local .zip archives and folder uploads containing SKILL.md
Multi-skill zip archives trigger a bulk import flow with checkboxes, progress bar, cancel support, and result summary
Add a download button on the skill detail page that exports the skill (SKILL.md + supporting files) as a .zip file
Full i18n support (en + zh-Hans) for all new UI strings and error messages

Details

Upload (create-skill-dialog)

Browser-side zip parsing via fflate (new catalog dependency)
Client-side SKILL.md frontmatter extraction for name/description pre-fill
Drag-and-drop for .zip files + folder picker via webkitdirectory
Single-skill mode: editable name/description fields before submit
Bulk mode (2+ skills in zip): select-all toggle, per-skill checkbox list, sequential import with progress and summary
Submits via existing POST /api/skills endpoint — no backend changes needed

Download (skill-detail-page)

Download button visible to all viewers (not gated by edit permission)
Generates zip in-browser with skill name as root folder, containing SKILL.md + supporting files
Zip format matches upload format for round-trip compatibility

Security hardening (from code review)

Reject dotfiles at any path level (.env, .config, etc.)
Sanitize skill names in zip entries to prevent path traversal (/, ..)
Cancel in-flight bulk imports on component unmount
Show truncation warning when supporting files exceed size/count limits

Test plan

🤖 Generated with Claude Code

vercel · 2026-05-23T14:06:47Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
multica-web	Ready	Preview, Comment	May 24, 2026 1:41pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
multica-docs	Ignored	Preview	May 24, 2026 1:41pm

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b8358a3f0e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 42e6139252

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a2f532b50a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7cd50c7247

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Add "Upload file" method to skill creation dialog for importing from .zip archives or folders. Multi-skill zips trigger bulk import. Download button on skill detail page exports as .zip. - fflate zip parsing; SKILL.md frontmatter extraction - Drag-and-drop .zip, folder picker, bulk import with progress - Upload and download use updateFrontmatter with YAML-safe escaping to sync edited name/description into SKILL.md content - File.size check before arrayBuffer() for zip size guard - Full i18n (en + zh-Hans) - Path policy: rejects traversal/control chars/drive letters/SKILL.md variants/dot-prefixed directories/sensitive dotfiles (.env, .npmrc, .netrc); allows safe dot-prefixed leaf files (.gitignore etc.); case-insensitive collision detection; hidden SKILL.md root rejection with subtree suppression; zip inflation filter; 50 MiB cap; binary blocklist - 62 unit tests Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

vercel Bot deployed to Preview – multica-web May 23, 2026 14:07 View deployment

chatgpt-codex-connector Bot reviewed May 23, 2026

View reviewed changes

furtherref force-pushed the feat/skill-upload-download branch from b8358a3 to 42e6139 Compare May 24, 2026 06:12

vercel Bot deployed to Preview – multica-web May 24, 2026 06:14 View deployment

chatgpt-codex-connector Bot reviewed May 24, 2026

View reviewed changes

furtherref force-pushed the feat/skill-upload-download branch from 42e6139 to a2f532b Compare May 24, 2026 07:17

vercel Bot deployed to Preview – multica-web May 24, 2026 07:20 View deployment

chatgpt-codex-connector Bot reviewed May 24, 2026

View reviewed changes

Comment thread packages/views/skills/components/skill-detail-page.tsx Outdated

Comment thread packages/views/skills/lib/parse-skill-bundle.ts Outdated

Comment thread packages/views/skills/components/create-skill-dialog.tsx

Comment thread packages/views/skills/lib/parse-skill-bundle.ts Outdated

furtherref force-pushed the feat/skill-upload-download branch from a2f532b to 7cd50c7 Compare May 24, 2026 13:08

vercel Bot deployed to Preview – multica-web May 24, 2026 13:09 View deployment

chatgpt-codex-connector Bot reviewed May 24, 2026

View reviewed changes

furtherref force-pushed the feat/skill-upload-download branch from 7cd50c7 to b8fd732 Compare May 24, 2026 13:39

vercel Bot deployed to Preview – multica-web May 24, 2026 13:41 View deployment

furtherref merged commit db8d0a7 into main May 24, 2026
7 checks passed

furtherref deleted the feat/skill-upload-download branch May 24, 2026 13:45

Conversation

furtherref commented May 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Details

Test plan

Uh oh!

vercel Bot commented May 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

furtherref commented May 23, 2026 •

edited

Loading

vercel Bot commented May 23, 2026 •

edited

Loading