feat(#3311): add dynamic plugin packaging and skills marketplace routes#3584
Conversation
Configure boost-backend, boost-backend-module-llamastack, and boost-backend-module-kagenti for RHDH dynamic plugin export (OCI) by adding janus-cli export-dynamic scripts and dist-dynamic to published files (tasks 6.1, 6.2). Create dynamic-plugins.yaml with example configuration for deploying boost as a dynamic plugin in RHDH (task 6.3). Add skills marketplace proxy routes (GET /skills, /skills/runtimes, /skills/domains) that forward requests to an external skills catalog backend configured via boost.skillsMarketplace.endpoint (task 5.1). Add POST /skills/deploy for K8s manifest generation with OCI init containers (task 5.3) and GET /skills/deployments/:id for deployment progress polling (task 5.4). Chat routing via chatEndpoint is returned in the deploy response (task 5.6). Enrich Zod schema definitions with detailed descriptions and inline .describe() annotations for all 17 configurable keys (tasks 3.1, 3.2). Add boost.encryptionSecret field documenting the AES-256-GCM encryption secret (task 8.2 documentation). All skills routes are gated by boost.features.skillsMarketplace feature flag and permissions. Tests cover feature gating, permission checks, deployment manifest generation, and input validation (25 tests pass). Closes #3311
Missing ChangesetsThe following package(s) are changed by this PR but do not have a changeset:
See CONTRIBUTING.md for more information about how to add changesets. Changed Packages
|
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #3584 +/- ##
=======================================
Coverage 54.22% 54.23%
=======================================
Files 2307 2308 +1
Lines 88341 88439 +98
Branches 24595 24611 +16
=======================================
+ Hits 47907 47965 +58
- Misses 40166 40204 +38
- Partials 268 270 +2
*This pull request uses carry forward flags. Click here to find out more. Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
|
🤖 Finished Review · ✅ Success · Started 5:34 PM UTC · Completed 5:50 PM UTC |
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ReviewFindingsMedium
Low
Previous runReviewFindingsHigh
Medium
Low
Previous run (2)ReviewFindingsHigh
Medium
Low
Previous run (3)ReviewFindingsHigh
Medium
Low
Labels: PR modifies the boost workspace skills marketplace backend plugin. Previous run (4)ReviewReason: stale-head The review agent reviewed commit |
|
/fs-review |
|
🤖 Finished Review · ✅ Success · Started 5:54 PM UTC · Completed 6:14 PM UTC |
- Fix URL resolution in proxyToSkillsCatalog: use URL pathname join instead of new URL(path, base) which discards base path per RFC 3986 - Add try/catch around response.json() for non-JSON upstream responses - Remove unused boost.skillsMarketplace.enabled config key (the actual feature toggle is boost.features.skillsMarketplace) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
CI Feedback 🧐A test triggered by this PR failed. Here is an AI-generated analysis of the failure:
|
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
🤖 Finished Review · ✅ Success · Started 6:30 PM UTC · Completed 6:41 PM UTC |
…penspec - Replace @janus-idp/cli with @red-hat-developer-hub/cli in all three boost package.json files (boost-backend, module-llamastack, module-kagenti) and update export-dynamic scripts to use rhdh-cli - Split dynamic-plugins.yaml into two reference files: dynamic-plugins-filesystem-reference.yaml (local dev paths) and dynamic-plugins-image-reference.yaml (OCI registry paths) - Add skills marketplace config examples (commented out) to both files - Add section 8 (Skills Marketplace Integration) to boost openspec tasks.md with design decisions from grill-me review session - Deduplicate yarn.lock after dependency changes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
🤖 Finished Review · ❌ Failure · Started 11:56 PM UTC · Completed 12:13 AM UTC |
- Remove stale boost.skillsMarketplace.enabled from config.d.ts and runtime-config spec.md (consolidated into boost.features.skillsMarketplace) - Use InputError instead of res.status(400) in skills deploy route - Add InputError mapping to test error handler - Fix task ID references in plugin.ts comment (section 8, not 5.x) - Add issue 16 (skills route improvements) to staged-issues.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
🤖 Finished Review · ✅ Success · Started 1:50 AM UTC · Completed 2:07 AM UTC |
|


Configure boost-backend, boost-backend-module-llamastack, and boost-backend-module-kagenti for RHDH dynamic plugin export using @red-hat-developer-hub/cli (
rhdh-cli plugin export) and dist-dynamic to published files (tasks 6.1, 6.2).Create dynamic-plugins-filesystem-reference.yaml and dynamic-plugins-image-reference.yaml with example configurations for deploying boost as a dynamic plugin in RHDH — local filesystem paths for development and OCI container images for production (task 6.3).
Add skills marketplace proxy routes (GET /skills, /skills/runtimes, /skills/domains) that forward requests to an external skills catalog backend configured via boost.skillsMarketplace.endpoint (task 8a.1, 8a.2). Add POST /skills/deploy for K8s manifest generation with OCI init containers (task 8c) and GET /skills/deployments/:id for deployment progress polling (task 8e). The chatEndpoint field is stored passively in deploy responses for future chat routing support (task 8d.3).
Enrich Zod schema definitions with detailed descriptions and inline .describe() annotations for all configurable keys (tasks 3.1, 3.2). Add boost.encryptionSecret field documenting the AES-256-GCM encryption secret (task 8.2 documentation).
All skills routes are gated by boost.features.skillsMarketplace feature flag and permissions. Tests cover feature gating, permission checks, deployment manifest generation, and input validation.
Add openspec section 8 (Skills Marketplace Integration) documenting design decisions and follow-up tasks for skills route improvements (runtimes from config, runtimeId resolution, manifestBuilder extraction).
Closes #3311
Post-script verification
agent/3311-boost-packaging-deployment)709a7203bb9a6c9cd2f939d6b89e22014e3d4fa9..HEAD)