Skip to content

fix(skills): sync AionUi Butler skills + rule with current backend#520

Merged
IceyLiu merged 4 commits into
mainfrom
docs/aionui-config-skill-api-sync
Jun 26, 2026
Merged

fix(skills): sync AionUi Butler skills + rule with current backend#520
IceyLiu merged 4 commits into
mainfrom
docs/aionui-config-skill-api-sync

Conversation

@IceyLiu

@IceyLiu IceyLiu commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Why

The AionUi Butler (aionui-assistant) drives three built-in skills (aionui-config, aionui-troubleshooting, aionui-webui-public) plus its own 3-locale rule. The backend REST API has moved on since these were written, so the butler's instructions had drifted from what aioncore actually does — including one silent-failure bug. This audits all three skills + the rule against current source and brings them back in sync.

What changed

aionui-config — corrected drift + documented capabilities added since it was written:

  • permission default is mode: auto|fixed with a free-form value (removed the misleading fixed-enum list)
  • ?locale= on assistant detail is optional, not mandatory
  • MCP sse/http transports take an optional headers map; streamable_http normalizes to http
  • added MCP oauth/authenticated, assistant bulk import + avatar GET + last_used_at, extra create-body fields
  • skill import vs import-symlink (parent-folder/zip is symlink-only), plus scan/info/detect/external-paths/market
  • expanded provider platform list, detect-protocol optional params, provider/bedrock connection tests, plaintext-key caveat
  • settings use PATCH; agents expose available/team_capable/handshake

aionui-troubleshooting (breaking fix)GET /api/teams now serializes the member list as assistants (the serde(alias="agents") only covers input), so aion_diag team diagnosis silently returned no members. Now reads assistants with an agents fallback.

aionui-webui-public:

  • dropped the phantom dev port 25809 (aioncore only defines DEFAULT_PORT 25808, overridable via --port)
  • spelled out the public-access risks honestly: added a pre-handoff password-strength check, and split the handoff into Availability + Security trade-offs (password is the only protection, random URL is obscurity not security and can leak, traffic transits Cloudflare, quick tunnel is for sharing/testing not production, turn it off when done)

Butler rule (en/zh/ru) — added notifications to the UI-settings line to match aionui-config scope; cross-locale consistency verified.

How it was verified

Every claim was checked against current AionCore source (routes.rs, *api-types* structs, db migrations) before editing. Endpoints/tables/auth flows that were already accurate were left untouched.

Note

These assets are compiled into the aioncore binary via include_dir!, so they ship to users on the next binary build/release — no .rs changes.

IceyLiu added 3 commits June 26, 2026 14:55
@IceyLiu
docs(skills): sync aionui-config skill with current REST API
82b8c48 
Audited the bundled aionui-config skill against current aioncore routes
and structs. Corrected drift and documented capabilities added since the
skill was last written:

- permission default is mode auto|fixed with a free-form value string,
  not a fixed enum (removed the misleading plan/acceptEdits/... list)
- ?locale= on assistant detail is optional, not mandatory
- MCP sse/http transports take an optional headers map; streamable_http
  normalizes to http in responses
- added MCP oauth/authenticated, assistant bulk import + avatar GET +
  last_used_at state, extra create-body fields
- skill import vs import-symlink (parent-folder/zip is symlink-only),
  scan/info/detect/external-paths/market endpoints
- expanded provider platform list, detect-protocol optional params,
  provider/bedrock connection tests, plaintext-key caveat
- settings use PATCH; agents expose available/team_capable/handshake
- channel/extensions are stable now (belong in a dedicated skill)
@IceyLiu
fix(skills): sync butler troubleshooting/webui-public skills + rule w…
9f568fe 
…ith current backend

Audited the rest of the AionUi Butler assistant against current aioncore
source — its other two skills and its 3-locale rule:

- troubleshooting: GET /api/teams now serializes the member list as
  \"assistants\" (the serde(alias=\"agents\") only covers input), so
  aion_diag teams diagnosis silently returned no members; read
  \"assistants\" with an \"agents\" fallback
- webui-public: drop the phantom dev port 25809 (aioncore only defines
  DEFAULT_PORT 25808, overridable via --port); steer to the curl probe
- butler rule (en/zh/ru): add \"notifications\" to the UI-settings line to
  match aionui-config scope

Everything else (conversation/provider/mcp/cron endpoints, SQLite schema,
webui credential endpoints + JWT auth, cross-locale rule consistency)
verified still accurate.
@IceyLiu
docs(skills): spell out public-access risks in webui-public skill
13447ad 
The butler exposes the local WebUI to the public internet via a Cloudflare
quick tunnel. The skill only noted it was "reasonably safe" and that the URL
was temporary — too light for opening a local app to the whole internet.

- add a pre-handoff step: check the WebUI password is strong (offer to change
  it via the existing API) before sharing a public URL
- split the handoff into Availability + Security trade-offs, stated honestly:
  password is the only protection, random URL is obscurity not security and
  can leak, traffic transits Cloudflare (TLS terminated at the edge), quick
  tunnel is for sharing/testing not production, turn it off when done
- reword the "reasonably safe" core fact and the frontmatter description to
  match
@IceyLiu IceyLiu enabled auto-merge (squash) June 26, 2026 07:20
@IceyLiu IceyLiu disabled auto-merge June 26, 2026 07:26
@IceyLiu
fix(skills): document agent_id as the real engine binding in aionui-c…
25625db 
…onfig

The skill taught setting an assistant engine via preset_agent_type, but the
current backend binds the engine through the request-body agent_id field
(an installed agent id, not a friendly name). preset_agent_type is
display/i18n only and reads back null — following the old guidance silently
leaves the assistant on the default engine (aionrs, or a 400 with no
provider). Add a "Picking the engine" subsection (read agent_id from an
existing assistants engine block, reuse it; CLI engines must be opted into
explicitly), correct the create example + field table, and fix the engines
section reference.
@IceyLiu IceyLiu merged commit 5603b9a into main Jun 26, 2026
6 checks passed
@IceyLiu IceyLiu deleted the docs/aionui-config-skill-api-sync branch June 26, 2026 07:35
@github-actions github-actions Bot mentioned this pull request Jun 26, 2026
Merged
piorpua pushed a commit that referenced this pull request Jun 26, 2026
@github-actions
chore(main): release 0.1.38 (#521)
85086cf 
🤖 I have created a release *beep* *boop*
---


##
[0.1.38](v0.1.37...v0.1.38)
(2026-06-26)


### Features

* remove single-chat team upgrade path
([#524](#524))
([5c60df3](5c60df3))


### Bug Fixes

* **agent:** expose runtime catalogs from metadata
([#523](#523))
([d9c2502](d9c2502))
* **assistant:** expose auto-inject skills and preserve assistant rules
([#525](#525))
([f2e91fd](f2e91fd))
* repair invalid UTF-8 agent metadata cache fields
([#526](#526))
([91969cd](91969cd))
* **skills:** sync AionUi Butler skills + rule with current backend
([#520](#520))
([5603b9a](5603b9a))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@IceyLiu