wecode-ai · qdaxb · Nov 26, 2025 · coderabbitai · Nov 26, 2025
diff --git a/backend/alembic/versions/a1b2c3d4e5f6_add_skill_binaries_table.py b/backend/alembic/versions/a1b2c3d4e5f6_add_skill_binaries_table.py
@@ -0,0 +1,40 @@
+"""add skill binaries table
+
+Revision ID: a1b2c3d4e5f6
+Revises: 0c086b93f8b9
+Create Date: 2025-01-20 10:00:00.000000
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+# revision identifiers, used by Alembic.
+revision: str = 'a1b2c3d4e5f6'
+down_revision: Union[str, None] = '0c086b93f8b9'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Add skill_binaries table for storing Skill ZIP packages."""
+
+    op.execute("""
+    CREATE TABLE IF NOT EXISTS skill_binaries (
+        id INT NOT NULL AUTO_INCREMENT,
+        kind_id INT NOT NULL,
+        binary_data LONGBLOB NOT NULL COMMENT 'ZIP package binary data',
+        file_size INT NOT NULL COMMENT 'File size in bytes',
+        file_hash VARCHAR(64) NOT NULL COMMENT 'SHA256 hash',
+        created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+        PRIMARY KEY (id),
+        UNIQUE KEY idx_skill_binary_kind_id (kind_id),
+        CONSTRAINT fk_skill_binary_kind_id FOREIGN KEY (kind_id) REFERENCES kinds(id) ON DELETE CASCADE
+    ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
+    """)
+
+
+def downgrade() -> None:
+    """Drop skill_binaries table."""
+    op.drop_table('skill_binaries')
diff --git a/backend/app/api/endpoints/kind/__init__.py b/backend/app/api/endpoints/kind/__init__.py
@@ -9,11 +9,14 @@
 
 from app.api.endpoints.kind.kinds import router as kinds_router
 from app.api.endpoints.kind.batch import router as batch_router
+from app.api.endpoints.kind.skills import router as skills_router
 
 # Create main kind API router
 k_router = APIRouter(prefix="/v1")
 
 # Include batch router first to avoid path conflicts
 k_router.include_router(batch_router, tags=["kinds-batch"])
+# Include skills router
+k_router.include_router(skills_router, prefix="/kinds/skills", tags=["skills"])
 # Include unified kinds router after batch router
 k_router.include_router(kinds_router, tags=["kinds"])
diff --git a/backend/app/api/endpoints/kind/skills.py b/backend/app/api/endpoints/kind/skills.py
@@ -0,0 +1,176 @@
+# SPDX-FileCopyrightText: 2025 Weibo, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+Skills API endpoints for Claude Code Skills management
+"""
+from fastapi import APIRouter, Depends, UploadFile, File, Form, status
+from fastapi.responses import StreamingResponse
+from sqlalchemy.orm import Session
+import io
+
+from app.api.dependencies import get_db
+from app.core import security
+from app.models.user import User
+from app.schemas.kind import Skill, SkillList
+from app.services.skill_service import SkillService
+
+router = APIRouter()
+
+
+@router.post("/upload", response_model=Skill, status_code=status.HTTP_201_CREATED)
+async def upload_skill(
+    file: UploadFile = File(...),
+    name: str = Form(...),
+    namespace: str = Form("default"),
+    current_user: User = Depends(security.get_current_user),
+    db: Session = Depends(get_db)
+):
+    """
+    Upload and create a new Skill
+
+    - **file**: ZIP package containing SKILL.md (max 10MB)
+    - **name**: Unique Skill name
+    - **namespace**: Namespace (default: "default")
+    """
+    # Validate file type
+    if not file.filename.endswith('.zip'):
+        from fastapi import HTTPException
+        raise HTTPException(status_code=400, detail="File must be a ZIP archive")
+
+    # Read file content
+    file_content = await file.read()
+
+    # Create skill
+    skill = SkillService.create_skill(
+        db=db,
+        user_id=current_user.id,
+        name=name.strip(),
+        namespace=namespace,
+        file_content=file_content
+    )
+
+    return skill
+
+
+@router.get("", response_model=SkillList)
+def list_skills(
+    skip: int = 0,
+    limit: int = 100,
+    current_user: User = Depends(security.get_current_user),
+    db: Session = Depends(get_db)
+):
+    """
+    List all Skills for the current user
+
+    - **skip**: Number of items to skip (for pagination)
+    - **limit**: Maximum number of items to return
+    """
+    return SkillService.list_skills(
+        db=db,
+        user_id=current_user.id,
+        skip=skip,
+        limit=limit
+    )
+
+
+@router.get("/{skill_id}", response_model=Skill)
+def get_skill(
+    skill_id: int,
+    current_user: User = Depends(security.get_current_user),
+    db: Session = Depends(get_db)
+):
+    """
+    Get Skill details by ID
+    """
+    return SkillService.get_skill(
+        db=db,
+        user_id=current_user.id,
+        skill_id=skill_id
+    )
+
+
+@router.get("/{skill_id}/download")
+def download_skill(
+    skill_id: int,
+    current_user: User = Depends(security.get_current_user),
+    db: Session = Depends(get_db)
+):
+    """
+    Download Skill ZIP package
+
+    Used by Executor to download Skills for deployment
+    """
+    binary_data = SkillService.get_skill_binary(
+        db=db,
+        user_id=current_user.id,
+        skill_id=skill_id
+    )
+
+    # Get skill name for filename
+    skill = SkillService.get_skill(
+        db=db,
+        user_id=current_user.id,
+        skill_id=skill_id
+    )
+
+    return StreamingResponse(
+        io.BytesIO(binary_data),
+        media_type="application/zip",
+        headers={
+            "Content-Disposition": f"attachment; filename={skill.metadata.name}.zip"
+        }
+    )
+
+
+@router.put("/{skill_id}", response_model=Skill)
+async def update_skill(
+    skill_id: int,
+    file: UploadFile = File(...),
+    current_user: User = Depends(security.get_current_user),
+    db: Session = Depends(get_db)
+):
+    """
+    Update Skill with new ZIP package
+
+    - **file**: New ZIP package containing SKILL.md (max 10MB)
+    """
+    # Validate file type
+    if not file.filename.endswith('.zip'):
+        from fastapi import HTTPException
+        raise HTTPException(status_code=400, detail="File must be a ZIP archive")
+
+    # Read file content
+    file_content = await file.read()
+
+    # Update skill
+    skill = SkillService.update_skill(
+        db=db,
+        user_id=current_user.id,
+        skill_id=skill_id,
+        file_content=file_content
+    )
+
+    return skill
+
+
+@router.delete("/{skill_id}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_skill(
+    skill_id: int,
+    current_user: User = Depends(security.get_current_user),
+    db: Session = Depends(get_db)
+):
+    """
+    Delete Skill
+
+    Will check if Skill is referenced by any Ghost.
+    If referenced, deletion will be rejected.
+    """
+    SkillService.delete_skill(
+        db=db,
+        user_id=current_user.id,
+        skill_id=skill_id
+    )
+
+    return None
diff --git a/backend/app/models/__init__.py b/backend/app/models/__init__.py
@@ -13,10 +13,12 @@
 )
 from app.models.subtask import Subtask
 from app.models.shared_team import SharedTeam
+from app.models.skill_binary import SkillBinary
 
 __all__ = [
     "User",
     "Kind",
     "Subtask",
-    "SharedTeam"
+    "SharedTeam",
+    "SkillBinary"
 ]
diff --git a/backend/app/models/skill_binary.py b/backend/app/models/skill_binary.py
@@ -0,0 +1,26 @@
+# SPDX-FileCopyrightText: 2025 Weibo, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+"""
+Skill binary storage model for Claude Code Skills ZIP packages
+"""
+from sqlalchemy import Column, Integer, String, LargeBinary, ForeignKey, DateTime
+from datetime import datetime
+from app.db.base import Base
+
+
+class SkillBinary(Base):
+    """Model for storing Skill ZIP package binary data"""
+    __tablename__ = "skill_binaries"
+
+    id = Column(Integer, primary_key=True, index=True)
+    kind_id = Column(Integer, ForeignKey("kinds.id", ondelete="CASCADE"), nullable=False, unique=True)
+    binary_data = Column(LargeBinary, nullable=False)  # ZIP package binary data
+    file_size = Column(Integer, nullable=False)  # File size in bytes
+    file_hash = Column(String(64), nullable=False)  # SHA256 hash
+    created_at = Column(DateTime, default=datetime.now)
+
+    __table_args__ = (
+        {"mysql_charset": "utf8mb4", "mysql_collate": "utf8mb4_unicode_ci"},
+    )
diff --git a/backend/app/schemas/bot.py b/backend/app/schemas/bot.py
@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 from datetime import datetime
-from typing import Any, Optional
+from typing import Any, Optional, List
 
 from pydantic import BaseModel
 
@@ -16,6 +16,7 @@ class BotBase(BaseModel):
     agent_config: dict[str, Any]
     system_prompt: Optional[str] = None
     mcp_servers: Optional[dict[str, Any]] = None
+    skills: Optional[List[str]] = None  # List of Skill names to associate
     is_active: bool = True
 
 class BotCreate(BotBase):
@@ -29,6 +30,7 @@ class BotUpdate(BaseModel):
     agent_config: Optional[dict[str, Any]] = None
     system_prompt: Optional[str] = None
     mcp_servers: Optional[dict[str, Any]] = None
+    skills: Optional[List[str]] = None  # List of Skill names to associate
     is_active: Optional[bool] = None
 
 class BotInDB(BotBase):
@@ -50,6 +52,7 @@ class BotDetail(BaseModel):
     agent_config: dict[str, Any]
     system_prompt: Optional[str] = None
     mcp_servers: Optional[dict[str, Any]] = None
+    skills: Optional[List[str]] = None
     is_active: bool = True
     created_at: datetime
     updated_at: datetime

diff --git a/backend/app/schemas/kind.py b/backend/app/schemas/kind.py
@@ -30,6 +30,7 @@ class GhostSpec(BaseModel):
     """Ghost specification"""
     systemPrompt: str
     mcpServers: Optional[Dict[str, Any]] = None
+    skills: Optional[List[str]] = None  # List of Skill names to associate
 
 
 class GhostStatus(Status):
@@ -285,4 +286,36 @@ class BatchResponse(BaseModel):
     """Batch operation response"""
     success: bool
     message: str
-    results: List[Dict[str, Any]]
+    results: List[Dict[str, Any]]
+
+
+# Skill CRD schemas
+class SkillSpec(BaseModel):
+    """Skill specification"""
+    description: str  # Description extracted from SKILL.md YAML frontmatter
+    version: Optional[str] = None  # Skill version
+    author: Optional[str] = None  # Author
+    tags: Optional[List[str]] = None  # Tags
+
+
+class SkillStatus(Status):
+    """Skill status"""
+    state: str = "Available"  # Available, Unavailable
+    fileSize: Optional[int] = None  # ZIP package size in bytes
+    fileHash: Optional[str] = None  # SHA256 hash
+
+
+class Skill(BaseModel):
+    """Skill CRD"""
+    apiVersion: str = "agent.wecode.io/v1"
+    kind: str = "Skill"
+    metadata: ObjectMeta
+    spec: SkillSpec
+    status: Optional[SkillStatus] = None
+
+
+class SkillList(BaseModel):
+    """Skill list"""
+    apiVersion: str = "agent.wecode.io/v1"
+    kind: str = "SkillList"
+    items: List[Skill]