Skip to content

Commit 18e4562

Browse files
committed
Pin envelope reportlab dependency
1 parent 2f62810 commit 18e4562

5 files changed

Lines changed: 27 additions & 13 deletions

File tree

.clawhubignore

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,11 +29,11 @@ ENV/
2929

3030
.env
3131
.env.*
32-
!.env.example
3332
secrets.json
3433
*_secret.ini
3534
*_local.ini
3635
*.tmp
36+
scripts/validate_quality.py
3737
.DS_Store
3838
Thumbs.db
3939
desktop.ini

README.md

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,13 +24,13 @@ Part of the CompleteTech LLC agentic services skill library. This skill owns del
2424
## OpenClaw / ClawHub Metadata
2525

2626
- Skill key: `agentic-envelope-skill`
27-
- Version-ready metadata: `1.0.0`
27+
- Version-ready metadata: `1.0.3`
2828
- Homepage: https://github.com/CompleteTech-LLC/agentic-envelope-skill
2929
- README: https://github.com/CompleteTech-LLC/agentic-envelope-skill#readme
3030
- Runtime binaries: `python3`
31-
- Python packages: `reportlab>=4.0`
31+
- Python packages: `reportlab==4.5.1`
3232
- Intended registry/discovery tags: `latest`, `complete-tech`, `codex-skill`, `agentic-development`, `agentic-workflows`, `envelope`, `delivery-packaging`, `pdf-generator`
33-
- License: repository code, templates, and documentation use MIT; ClawHub publishing is intentionally skipped for now.
33+
- License: repository code, templates, and documentation use MIT; published by CompleteTech on ClawHub.
3434
- Brand assets: CompleteTech LLC names, logos, seals, and brand assets are reserved; see `BRAND_ASSETS.md`.
3535

3636
## Workflow Diagram
@@ -137,6 +137,10 @@ Pass multiple config files with `--config`; later files override earlier files.
137137

138138
Use envelope packaging only after the source artifact exists. Do not invent recipient names, mailing addresses, email addresses, attachment lists, billing approval, signature authority, or send approval. Keep the contract, invoice, certificate, proposal, proof asset, and email body owned by their specialist skills; this skill packages and labels the delivery.
139139

140+
## Runtime Permissions
141+
142+
This skill needs local filesystem access only for the documented envelope workflow. It reads bundled config files, recipient override INI files, and the configured local logo path, then writes only to the selected `--out` path or default `output/addressed_envelope.pdf`. It runs `generate_envelope.py` and does not require network access, credential access, persistence, privilege escalation, or destructive file operations.
143+
140144
## Source
141145

142146
This standalone skill was extracted from the envelope generator originally bundled in `CompleteTech-LLC/agentic-contract-skill`.

SKILL.md

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
name: agentic-envelope-skill
33
description: Generate branded CompleteTech LLC printable #10 addressed envelope PDFs and delivery packages with sender, recipient, optional attention line, postage box text, return-address toggle, logo, brand palette, attachment manifests, filenames, recipient metadata, and delivery-readiness checks. Use when Codex needs to package contracts, certificates, invoices, proposals, notices, or other CompleteTech artifacts for mailing or external delivery.
4-
version: 1.0.2
4+
version: 1.0.3
55
metadata:
66
openclaw:
77
skillKey: agentic-envelope-skill
@@ -11,9 +11,9 @@ metadata:
1111
- python3
1212
install:
1313
- kind: uv
14-
package: pyyaml>=6.0
14+
package: pyyaml==6.0.3
1515
- kind: uv
16-
package: reportlab>=4.0
16+
package: reportlab==4.5.1
1717
---
1818

1919
# Agentic Envelope Skill
@@ -33,6 +33,15 @@ This skill owns packaging, addressed envelopes, recipient metadata, attachment l
3333
- `examples/client_address_override.ini` - recipient address override example.
3434
- `assets/logo.png` - envelope header logo.
3535

36+
## Runtime Permissions
37+
38+
This skill needs local filesystem access only for its documented envelope workflow:
39+
40+
- Reads bundled config files, recipient override INI files, and the configured local logo path.
41+
- Writes only to the user-selected `--out` path or default `output/addressed_envelope.pdf`.
42+
- Runs the local Python entry point `generate_envelope.py`.
43+
- Does not require network access, credential access, persistence, privilege escalation, or destructive file operations.
44+
3645
## Required Inputs
3746

3847
For a normal envelope run, collect:

requirements.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
reportlab>=4.0
1+
reportlab==4.5.1

scripts/validate_quality.py

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -60,10 +60,7 @@ def run_ruff() -> None:
6060
if shutil.which("ruff"):
6161
run(["ruff", "check", "."])
6262
return
63-
if shutil.which("uvx"):
64-
run(["uvx", "ruff", "check", "."])
65-
return
66-
run([sys.executable, "-m", "ruff", "check", "."])
63+
raise RuntimeError("ruff is required for quality validation")
6764

6865

6966
def compile_python() -> None:
@@ -218,11 +215,15 @@ def publish_candidate_files(patterns: list[str]) -> list[Path]:
218215

219216
def assert_dependency(openclaw: dict[str, Any], package: str) -> None:
220217
installs = openclaw.get("install") or []
221-
packages = {str(item.get("package", "")).split(">=", 1)[0].lower() for item in installs if isinstance(item, dict)}
218+
packages = {package_name(str(item.get("package", ""))) for item in installs if isinstance(item, dict)}
222219
if package.lower() not in packages:
223220
raise RuntimeError(f"metadata.openclaw.install must declare {package}")
224221

225222

223+
def package_name(spec: str) -> str:
224+
return re.split(r"[<>=!~]", spec, 1)[0].strip().lower()
225+
226+
226227
def validate_clawhub_bundle() -> None:
227228
data = frontmatter()
228229
name = data.get("name")

0 commit comments

Comments
 (0)