Class: Clacky::BrandConfig

Inherits:

Object

• Object
• Clacky::BrandConfig

Defined in:

lib/clacky/brand_config.rb

Overview

BrandConfig manages white-label branding for the OpenClacky gem.

Brand information is stored separately in ~/.clacky/brand.yml to avoid polluting the main config.yml. When no product_name is configured, the gem behaves exactly like the standard OpenClacky experience.

brand.yml structure:

product_name: "JohnAI"
package_name: "johnai"
logo_url: "https://example.com/logo.png"
support_contact: "support@johnai.com"
support_qr_url: "https://example.com/qr.png"
theme_color: "#3B82F6"
homepage_url: "https://johnai.com"
license_key: "0000002A-00000007-DEADBEEF-CAFEBABE-A1B2C3D4"
license_activated_at: "2025-03-01T00:00:00Z"
license_expires_at: "2026-03-01T00:00:00Z"
license_last_heartbeat: "2025-03-05T00:00:00Z"
device_id: "abc123def456..."

Constant Summary

CONFIG_DIR =

File.join(Dir.home, ".clacky")

BRAND_FILE =

File.join(CONFIG_DIR, "brand.yml")

HEARTBEAT_INTERVAL =

How often to send a heartbeat (seconds) — once per day

86_400

HEARTBEAT_GRACE_PERIOD =

Grace period for offline heartbeat failures (3 days)

3 * 86_400

UPLOAD_META_FILE =

Path to the upload_meta.json file that tracks which local skills have been published to the platform and what version they were uploaded as.

Format:

{
  "commit"     => { "platform_version" => "1.2.0", "uploaded_at" => "2026-04-09T..." },
  "nss-upload" => { "platform_version" => "1.0.0", "uploaded_at" => "..." }
}

File.join(Dir.home, ".clacky", "skills", "upload_meta.json").freeze

Instance Attribute Summary

• #device_id ⇒ Object readonly

  Returns the value of attribute device_id.

• #distribution_last_refreshed_at ⇒ Object readonly

  Returns the value of attribute distribution_last_refreshed_at.

• #homepage_url ⇒ Object readonly

  Returns the value of attribute homepage_url.

• #license_activated_at ⇒ Object readonly

  Returns the value of attribute license_activated_at.

• #license_expires_at ⇒ Object readonly

  Returns the value of attribute license_expires_at.

• #license_key ⇒ Object readonly

  Returns the value of attribute license_key.

• #license_last_heartbeat ⇒ Object readonly

  Returns the value of attribute license_last_heartbeat.

• #license_last_heartbeat_failure ⇒ Object readonly

  Returns the value of attribute license_last_heartbeat_failure.

• #license_user_id ⇒ Object readonly

  Returns the value of attribute license_user_id.

• #logo_url ⇒ Object readonly

  Returns the value of attribute logo_url.

• #package_name ⇒ Object readonly

  Returns the value of attribute package_name.

• #product_name ⇒ Object readonly

  Returns the value of attribute product_name.

• #support_contact ⇒ Object readonly

  Returns the value of attribute support_contact.

• #support_qr_url ⇒ Object readonly

  Returns the value of attribute support_qr_url.

• #theme_color ⇒ Object readonly

  Returns the value of attribute theme_color.

Class Method Summary

• .load ⇒ Object

  Load brand configuration from ~/.clacky/brand.yml.

• .load_upload_meta ⇒ Hash{String => Hash}

  Load upload metadata for all published local skills.

• .record_upload!(skill_name, platform_version) ⇒ Object

  Persist a single skill’s upload record.

• .version_older?(installed, latest) ⇒ Boolean

  Compare two semver strings.

Instance Method Summary

• #activate!(license_key) ⇒ Object

  Activate the license against the OpenClacky Cloud API using HMAC proof.

• #activate_mock!(license_key) ⇒ Object

  Activate the license locally without calling the remote API.

• #activated? ⇒ Boolean

  Returns true when a license key has been stored (post-activation).

• #brand_skills_dir ⇒ Object

  Path to the directory where brand skills are installed.

• #branded? ⇒ Boolean

  Returns true when this installation has a product name configured.

• #clear_brand_skills! ⇒ Object

  Remove all locally installed brand skills (encrypted files + metadata).

• #deactivate! ⇒ Object

  Remove the local license binding and wipe all brand-related fields from disk.

• #decrypt_all_scripts(skill_dir, dest_dir) ⇒ Array<String>

  Decrypt all supporting script files for a skill into a temporary directory.

• #decrypt_skill_content(encrypted_path) ⇒ String

  Decrypt an encrypted brand skill file and return its content in memory.

• #distribution_refresh_due? ⇒ Boolean

  Returns true when a public distribution refresh is due.

• #ensure_device_id! ⇒ Object
• #expired? ⇒ Boolean

  Returns true when the license has passed its expiry date.

• #fetch_brand_skills! ⇒ Object

  Fetch the brand skills list from the OpenClacky Cloud API.

• #fetch_my_skills! ⇒ Object

  Fetch the public store skills list from the OpenClacky Cloud API.

• #fetch_store_skills! ⇒ Object

  Each skill in the returned array is a hash with at minimum: “name”, “description”, “icon”, “repo”.

• #grace_period_exceeded? ⇒ Boolean

  Returns true when heartbeats have been failing continuously for longer than the grace period.

• #heartbeat! ⇒ Object

  Send a heartbeat to the API and update last_heartbeat timestamp.

• #heartbeat_due? ⇒ Boolean

  Returns true when a heartbeat should be sent (interval elapsed).

• #initialize(attrs = {}) ⇒ BrandConfig constructor

  A new instance of BrandConfig.

• #install_brand_skill!(skill_info) ⇒ Object

  Install (or update) a single brand skill by downloading and extracting its zip.

• #install_mock_brand_skill!(skill_info) ⇒ Hash

  Install a mock brand skill for brand-test mode.

• #installed_brand_skills ⇒ Object

  Read the local brand_skills.json metadata, cross-validated against the actual file system.

• #refresh_distribution! ⇒ Object

  Refresh public brand assets (logo, theme, homepage_url, support_*) for installs that have ‘package_name` configured but no activated license yet.

• #save ⇒ Object

  Save current state to ~/.clacky/brand.yml.

• #sync_brand_skills_async!(on_complete: nil) ⇒ Thread^?

  Synchronise brand skills in the background.

• #to_h ⇒ Object

  Returns a hash representation for JSON serialization (e.g. /api/brand).

• #to_yaml ⇒ Object
• #upload_skill!(skill_name, zip_data, force: false, version_override: nil) ⇒ Object

  Upload (publish) a custom skill ZIP to the OpenClacky Cloud API.

• #user_licensed? ⇒ Boolean

  Returns true when the license is bound to a specific user (user_id present).

Constructor Details

#initialize(attrs = {}) ⇒ BrandConfig

Returns a new instance of BrandConfig.

# File 'lib/clacky/brand_config.rb', line 49

def initialize(attrs = {})
  @product_name            = attrs["product_name"]
  @package_name            = attrs["package_name"]
  @logo_url                = attrs["logo_url"]
  @support_contact         = attrs["support_contact"]
  @support_qr_url          = attrs["support_qr_url"]
  @theme_color             = attrs["theme_color"]
  @homepage_url            = attrs["homepage_url"]
  @license_key             = attrs["license_key"]
  @license_activated_at    = parse_time(attrs["license_activated_at"])
  @license_expires_at      = parse_time(attrs["license_expires_at"])
  @license_last_heartbeat  = parse_time(attrs["license_last_heartbeat"])
  @device_id               = attrs["device_id"]
  # user_id returned by the license server when the license is bound to a specific user
  @license_user_id         = attrs["license_user_id"]
  # Tracks the last successful public distribution refresh (for installs that
  # have a package_name configured but are not yet activated — see
  # #refresh_distribution!). Persisted to brand.yml so 24h throttling
  # survives restarts.
  @distribution_last_refreshed_at = parse_time(attrs["distribution_last_refreshed_at"])
  # Tracks when heartbeats started failing continuously. Set on a failed
  # heartbeat (only if currently nil), cleared on a successful one.
  # grace_period_exceeded? uses this — NOT last_heartbeat — so a user who
  # simply hasn't run the app in days doesn't see a stale "offline" warning.
  @license_last_heartbeat_failure = parse_time(attrs["license_last_heartbeat_failure"])

  # In-memory decryption key cache: "skill_id:skill_version_id" => { key:, expires_at: }
  # Never persisted to disk. Survives across multiple skill invocations within one session.
  @decryption_keys         = {}
  # Timestamp of last successful server contact (for grace period calculation)
  @last_server_contact_at  = nil
end

Instance Attribute Details

#device_id ⇒ Object (readonly)

Returns the value of attribute device_id.

# File 'lib/clacky/brand_config.rb', line 43

def device_id
  @device_id
end

#distribution_last_refreshed_at ⇒ Object (readonly)

Returns the value of attribute distribution_last_refreshed_at.

# File 'lib/clacky/brand_config.rb', line 43

def distribution_last_refreshed_at
  @distribution_last_refreshed_at
end

#homepage_url ⇒ Object (readonly)

Returns the value of attribute homepage_url.

# File 'lib/clacky/brand_config.rb', line 43

def homepage_url
  @homepage_url
end

#license_activated_at ⇒ Object (readonly)

Returns the value of attribute license_activated_at.

# File 'lib/clacky/brand_config.rb', line 43

def license_activated_at
  @license_activated_at
end

#license_expires_at ⇒ Object (readonly)

Returns the value of attribute license_expires_at.

# File 'lib/clacky/brand_config.rb', line 43

def license_expires_at
  @license_expires_at
end

#license_key ⇒ Object (readonly)

Returns the value of attribute license_key.

# File 'lib/clacky/brand_config.rb', line 43

def license_key
  @license_key
end

#license_last_heartbeat ⇒ Object (readonly)

Returns the value of attribute license_last_heartbeat.

# File 'lib/clacky/brand_config.rb', line 43

def license_last_heartbeat
  @license_last_heartbeat
end

#license_last_heartbeat_failure ⇒ Object (readonly)

Returns the value of attribute license_last_heartbeat_failure.

# File 'lib/clacky/brand_config.rb', line 43

def license_last_heartbeat_failure
  @license_last_heartbeat_failure
end

#license_user_id ⇒ Object (readonly)

Returns the value of attribute license_user_id.

# File 'lib/clacky/brand_config.rb', line 43

def license_user_id
  @license_user_id
end

#logo_url ⇒ Object (readonly)

Returns the value of attribute logo_url.

# File 'lib/clacky/brand_config.rb', line 43

def logo_url
  @logo_url
end

#package_name ⇒ Object (readonly)

Returns the value of attribute package_name.

# File 'lib/clacky/brand_config.rb', line 43

def package_name
  @package_name
end

#product_name ⇒ Object (readonly)

Returns the value of attribute product_name.

# File 'lib/clacky/brand_config.rb', line 43

def product_name
  @product_name
end

#support_contact ⇒ Object (readonly)

Returns the value of attribute support_contact.

# File 'lib/clacky/brand_config.rb', line 43

def support_contact
  @support_contact
end

#support_qr_url ⇒ Object (readonly)

Returns the value of attribute support_qr_url.

# File 'lib/clacky/brand_config.rb', line 43

def support_qr_url
  @support_qr_url
end

#theme_color ⇒ Object (readonly)

Returns the value of attribute theme_color.

# File 'lib/clacky/brand_config.rb', line 43

def theme_color
  @theme_color
end

Class Method Details

.load ⇒ Object

Load brand configuration from ~/.clacky/brand.yml. Returns an empty BrandConfig (no brand) if the file does not exist. Always ensures a stable device_id is present and persisted.

# File 'lib/clacky/brand_config.rb', line 85

def self.load
  if File.exist?(BRAND_FILE)
    data = YAML.safe_load(File.read(BRAND_FILE)) || {}
  else
    data = {}
  end

  instance = new(data)
  instance.ensure_device_id!
  instance
rescue StandardError
  instance = new({})
  instance.ensure_device_id!
  instance
end

.load_upload_meta ⇒ Hash{String => Hash}

Load upload metadata for all published local skills.

Returns:

• (Hash{String => Hash})

# File 'lib/clacky/brand_config.rb', line 1104

def self.load_upload_meta
  return {} unless File.exist?(UPLOAD_META_FILE)

  JSON.parse(File.read(UPLOAD_META_FILE))
rescue StandardError
  {}
end

.record_upload!(skill_name, platform_version) ⇒ Object

Persist a single skill’s upload record.

Parameters:

• skill_name (String)
• platform_version (String)

# File 'lib/clacky/brand_config.rb', line 1115

def self.record_upload!(skill_name, platform_version)
  meta = load_upload_meta
  meta[skill_name] = {
    "platform_version" => platform_version,
    "uploaded_at"      => Time.now.utc.iso8601
  }
  dir = File.dirname(UPLOAD_META_FILE)
  FileUtils.mkdir_p(dir)
  File.write(UPLOAD_META_FILE, JSON.generate(meta))
rescue StandardError
  # Non-fatal — metadata write failure should not break the upload flow
end

.version_older?(installed, latest) ⇒ Boolean

Compare two semver strings. Returns true when ‘installed` is strictly older than `latest` (i.e. the server has a newer version available). Returns false when installed >= latest, or when either version is blank/nil, so a local dev build never shows a spurious “Update” badge.

Returns:

• (Boolean)

# File 'lib/clacky/brand_config.rb', line 1173

def self.version_older?(installed, latest)
  return false if installed.to_s.strip.empty? || latest.to_s.strip.empty?

  Gem::Version.new(installed.to_s.strip) < Gem::Version.new(latest.to_s.strip)
rescue ArgumentError
  # Unparseable version strings — treat as "not older" to avoid false positives
  false
end

Instance Method Details

#activate!(license_key) ⇒ Object

Activate the license against the OpenClacky Cloud API using HMAC proof. Returns a result hash: { success: bool, message: String, data: Hash }

# File 'lib/clacky/brand_config.rb', line 195

def activate!(license_key)
  @license_key = license_key.strip
  @device_id ||= generate_device_id

  user_id  = parse_user_id_from_key(@license_key)
  key_hash = Digest::SHA256.hexdigest(@license_key)
  ts       = Time.now.utc.to_i.to_s
  nonce    = SecureRandom.hex(16)
  message  = "activate:#{key_hash}:#{user_id}:#{@device_id}:#{ts}:#{nonce}"
  proof    = OpenSSL::HMAC.hexdigest("SHA256", @license_key, message)

  payload = {
    key_hash:    key_hash,
    user_id:     user_id.to_s,
    device_id:   @device_id,
    timestamp:   ts,
    nonce:       nonce,
    proof:       proof,
    device_info: device_info
  }

  response = api_post("/api/v1/licenses/activate", payload)

  if response[:success] && response[:data]["status"] == "active"
    data = response[:data]
    @license_activated_at   = Time.now.utc
    @license_last_heartbeat = Time.now.utc
    @license_last_heartbeat_failure = nil
    @license_expires_at     = parse_time(data["expires_at"])
    server_device_id = data["device_id"].to_s.strip
    @device_id = server_device_id unless server_device_id.empty?

    # Decide whether the new key belongs to the SAME brand as the previously
    # activated one. If yes (e.g. trial → paid), keep the installed brand
    # skills — they are still decryptable and the user shouldn't have to
    # re-download. If no (switching brands), wipe them.
    prev_package_name = @package_name
    prev_product_name = @product_name
    new_dist          = data["distribution"].is_a?(Hash) ? data["distribution"] : {}
    same_brand        = brand_identity_match?(prev_package_name, prev_product_name, new_dist)

    # Clear ALL stale fields first, then apply fresh values from the new key.
    # Order matters: reset everything before re-assigning so no old value lingers.
    @product_name    = nil
    @package_name    = nil
    @logo_url        = nil
    @support_contact = nil
    @support_qr_url  = nil
    @theme_color     = nil
    @homepage_url    = nil
    @license_user_id = nil
    # Re-apply owner_user_id from the new activation response.
    # Only system (creator) licenses return a non-nil owner_user_id.
    # Brand-consumer keys return nil → @license_user_id stays nil → user_licensed? = false.
    owner_uid = data["owner_user_id"]
    @license_user_id = owner_uid.to_s.strip if owner_uid && !owner_uid.to_s.strip.empty?
    apply_distribution(data["distribution"])
    # Skills from a different brand are encrypted with that brand's keys —
    # they cannot be decrypted with the new license and must be re-downloaded.
    # Same-brand re-activation (trial→paid, key rotation) preserves them.
    clear_brand_skills! unless same_brand
    save
    { success: true, message: "License activated successfully!", product_name: @product_name,
      user_id: @license_user_id, data: data }
  else
    @license_key = nil
    { success: false, message: response[:error] || "Activation failed", data: {} }
  end
end

#activate_mock!(license_key) ⇒ Object

Activate the license locally without calling the remote API. Used in brand-test mode for development and integration testing.

The mock derives a plausible product_name from the key’s first segment (e.g. “0000002A” → user_id 42 → “Brand42”) unless one is already set. A fixed 1-year expiry is written so the UI can display a realistic date.

Returns the same { success:, message:, product_name:, data: } shape as activate!

# File 'lib/clacky/brand_config.rb', line 273

def activate_mock!(license_key)
  @license_key = license_key.strip
  # Pin a stable device_id for this activation. Once set (from a prior load or
  # a previous call), never regenerate — the same rule as activate!.
  @device_id ||= generate_device_id

  # Always derive product_name fresh from the key in mock mode,
  # so switching keys produces a different brand each time.
  user_id            = parse_user_id_from_key(@license_key)
  new_product_name   = "Brand#{user_id}"
  prev_product_name  = @product_name
  same_brand         = brand_identity_match?(@package_name, prev_product_name,
                                             { "product_name" => new_product_name })
  @product_name = new_product_name

  @license_activated_at   = Time.now.utc
  @license_last_heartbeat = Time.now.utc
  @license_last_heartbeat_failure = nil
  @license_expires_at     = Time.now.utc + (365 * 86_400)  # 1 year from now
  # Same-brand re-activation preserves installed skills; switching brands wipes them.
  clear_brand_skills! unless same_brand
  save

  {
    success:      true,
    message:      "License activated (mock mode).",
    product_name: @product_name,
    data:         { status: "active", expires_at: @license_expires_at.iso8601 }
  }
end

#activated? ⇒ Boolean

Returns true when a license key has been stored (post-activation).

Returns:

• (Boolean)

# File 'lib/clacky/brand_config.rb', line 114

def activated?
  !@license_key.nil? && !@license_key.strip.empty?
end

#brand_skills_dir ⇒ Object

Path to the directory where brand skills are installed.

# File 'lib/clacky/brand_config.rb', line 847

def brand_skills_dir
  File.join(CONFIG_DIR, "brand_skills")
end

#branded? ⇒ Boolean

Returns true when this installation has a product name configured.

Returns:

• (Boolean)

# File 'lib/clacky/brand_config.rb', line 109

def branded?
  !@product_name.nil? && !@product_name.strip.empty?
end

#clear_brand_skills! ⇒ Object

Remove all locally installed brand skills (encrypted files + metadata). Called on license activation so stale skills from a previous brand cannot linger — they are encrypted with that brand’s keys and are inaccessible under the new license anyway.

# File 'lib/clacky/brand_config.rb', line 855

def clear_brand_skills!
  dir = brand_skills_dir
  return unless Dir.exist?(dir)

  FileUtils.rm_rf(dir)
  # Also clear in-memory decryption key cache so no stale keys survive
  @decryption_keys.clear if @decryption_keys
end

#deactivate! ⇒ Object

Remove the local license binding and wipe all brand-related fields from disk. Brand skills installed from this license are also cleared. Returns { success: true }.

# File 'lib/clacky/brand_config.rb', line 171

def deactivate!
  clear_brand_skills!
  FileUtils.rm_f(BRAND_FILE)
  # Reset all in-memory state so this instance is clean after the call.
  @product_name           = nil
  @package_name           = nil
  @logo_url               = nil
  @support_contact        = nil
  @support_qr_url         = nil
  @theme_color            = nil
  @homepage_url           = nil
  @license_key            = nil
  @license_activated_at   = nil
  @license_expires_at     = nil
  @license_last_heartbeat = nil
  @license_user_id        = nil
  @device_id              = nil
  @distribution_last_refreshed_at = nil
  @license_last_heartbeat_failure = nil
  { success: true }
end

#decrypt_all_scripts(skill_dir, dest_dir) ⇒ Array<String>

Decrypt all supporting script files for a skill into a temporary directory.

Scans ‘skill_dir` recursively for `*.enc` files, skipping SKILL.md.enc and MANIFEST.enc.json. Each file is decrypted in memory and written to the corresponding relative path under `dest_dir`. The decryption key is fetched once (cached) for all files belonging to the same skill version.

For mock/plain skills (no MANIFEST.enc.json) the raw bytes are used as-is.

Parameters:

• skill_dir (String) —

  Absolute path to the installed brand skill directory

• dest_dir (String) —

  Absolute path to the destination directory (tmpdir)

Returns:

• (Array<String>) —

  Relative paths of all files written to dest_dir

Raises:

• (RuntimeError) —

  If license is not activated or decryption fails

# File 'lib/clacky/brand_config.rb', line 982

def decrypt_all_scripts(skill_dir, dest_dir)
  raise "License not activated — cannot decrypt brand skill" unless activated?

  manifest_path = File.join(skill_dir, "MANIFEST.enc.json")
  manifest      = File.exist?(manifest_path) ? JSON.parse(File.read(manifest_path)) : nil

  written = []

  # Find all .enc files that are not SKILL.md.enc or the manifest itself
  Dir.glob(File.join(skill_dir, "**", "*.enc")).each do |enc_path|
    basename = File.basename(enc_path)
    next if basename == "SKILL.md.enc"
    next if basename == "MANIFEST.enc.json"

    # Relative path from skill_dir, stripping the .enc suffix
    rel_enc  = enc_path.sub("#{skill_dir}/", "")  # e.g. "scripts/analyze.rb.enc"
    rel_plain = rel_enc.sub(/\.enc\z/, "")          # e.g. "scripts/analyze.rb"

    plaintext = if manifest
      # Read manifest entry using the relative plain path
      file_meta = manifest["files"] && manifest["files"][rel_plain]
      raise "File '#{rel_plain}' not found in MANIFEST.enc.json" unless file_meta

      skill_id         = manifest["skill_id"]
      skill_version_id = manifest["skill_version_id"]
      key = fetch_decryption_key(skill_id: skill_id, skill_version_id: skill_version_id)

      ciphertext = File.binread(enc_path)

      if ciphertext.nil? || ciphertext.empty?
        # AES-GCM of empty data still produces 16+ bytes (auth tag + IV).
        # A 0-byte file means the skill package is corrupted; skip
        # decryption and produce an empty output so the skill can still run.
        ""
      else
        pt = aes_gcm_decrypt(key, ciphertext, file_meta["iv"], file_meta["tag"])

        # Integrity check
        actual   = Digest::SHA256.hexdigest(pt)
        expected = file_meta["original_checksum"]
        if expected && actual != expected
          raise "Checksum mismatch for #{rel_plain}: expected #{expected}, got #{actual}"
        end

        pt
      end
    else
      # Mock/plain skill: raw bytes
      File.binread(enc_path).force_encoding("UTF-8")
    end

    out_path = File.join(dest_dir, rel_plain)
    FileUtils.mkdir_p(File.dirname(out_path))
    File.write(out_path, plaintext)
    # Preserve executable permission hint from extension
    File.chmod(0o700, out_path)
    written << rel_plain
  end

  written
rescue Errno::ENOENT => e
  raise "Brand skill file not found: #{e.message}"
rescue JSON::ParserError => e
  raise "Invalid MANIFEST.enc.json: #{e.message}"
end

#decrypt_skill_content(encrypted_path) ⇒ String

Decrypt an encrypted brand skill file and return its content in memory.

Security model:

- Skill files are AES-256-GCM encrypted. Each skill directory contains a
  MANIFEST.enc.json that stores per-file IV, auth tag, checksum, and the
  skill_version_id needed to request the decryption key from the server.
- Decryption keys are requested from the server once and cached in memory
  (never written to disk). Subsequent calls for the same skill version are
  served entirely from cache without network I/O.
- Decrypted content exists only in memory and is never written to disk.

Fallback for mock/plain skills:

When no MANIFEST.enc.json exists in the skill directory, the method falls
back to reading the .enc file as raw UTF-8 bytes (mock/dev mode).

Parameters:

• encrypted_path (String) —

  Path to the .enc file on disk (e.g. “…/name/SKILL.md.enc”)

Returns:

• (String) —

  Decrypted file content (UTF-8)

Raises:

• (RuntimeError) —

  If license is not activated or decryption fails

# File 'lib/clacky/brand_config.rb', line 919

def decrypt_skill_content(encrypted_path)
  raise "License not activated — cannot decrypt brand skill" unless activated?

  skill_dir    = File.dirname(encrypted_path)
  manifest_path = File.join(skill_dir, "MANIFEST.enc.json")

  # Fall back to plain-bytes mode when no MANIFEST present (mock skills).
  unless File.exist?(manifest_path)
    raw = File.binread(encrypted_path)
    return raw.force_encoding("UTF-8")
  end

  # Read and parse the manifest
  manifest = JSON.parse(File.read(manifest_path))

  skill_id         = manifest["skill_id"]
  skill_version_id = manifest["skill_version_id"]

  raise "MANIFEST.enc.json missing skill_id"         unless skill_id
  raise "MANIFEST.enc.json missing skill_version_id" unless skill_version_id

  # Derive the relative file path (e.g. "SKILL.md") from the .enc filename
  enc_basename = File.basename(encrypted_path)                 # "SKILL.md.enc"
  file_path    = enc_basename.sub(/\.enc\z/, "")               # "SKILL.md"

  file_meta = manifest["files"] && manifest["files"][file_path]
  raise "File '#{file_path}' not found in MANIFEST.enc.json" unless file_meta

  # Fetch decryption key — served from in-memory cache when available
  key = fetch_decryption_key(skill_id: skill_id, skill_version_id: skill_version_id)

  # Decrypt using AES-256-GCM
  ciphertext = File.binread(encrypted_path)
  plaintext  = aes_gcm_decrypt(key, ciphertext, file_meta["iv"], file_meta["tag"])

  # Integrity check
  actual   = Digest::SHA256.hexdigest(plaintext)
  expected = file_meta["original_checksum"]
  if expected && actual != expected
    raise "Checksum mismatch for #{file_path}: " \
          "expected #{expected}, got #{actual}"
  end

  plaintext
rescue Errno::ENOENT => e
  raise "Brand skill file not found: #{e.message}"
rescue JSON::ParserError => e
  raise "Invalid MANIFEST.enc.json: #{e.message}"
end

#distribution_refresh_due? ⇒ Boolean

Returns true when a public distribution refresh is due.

Refresh is needed only when the install has a package_name configured but is not yet activated — activated licenses already get fresh distribution data via #heartbeat! (once per 24h).

Rate limit: once every HEARTBEAT_INTERVAL (24h), measured from the last SUCCESSFUL refresh. A failed refresh does not advance the clock so we’ll keep trying on subsequent startups / status polls.

Returns:

• (Boolean)

# File 'lib/clacky/brand_config.rb', line 357

def distribution_refresh_due?
  return false unless branded?
  return false if activated?
  return true  if @distribution_last_refreshed_at.nil?

  elapsed = Time.now.utc - @distribution_last_refreshed_at
  elapsed >= HEARTBEAT_INTERVAL
end

#ensure_device_id! ⇒ Object

# File 'lib/clacky/brand_config.rb', line 101

def ensure_device_id!
  return if @device_id && !@device_id.strip.empty?

  @device_id = generate_device_id
  save
end

#expired? ⇒ Boolean

Returns true when the license has passed its expiry date.

Returns:

• (Boolean)

# File 'lib/clacky/brand_config.rb', line 119

def expired?
  return false if @license_expires_at.nil?

  Time.now.utc > @license_expires_at
end

#fetch_brand_skills! ⇒ Object

Fetch the brand skills list from the OpenClacky Cloud API. Requires an activated license. Returns { success: bool, skills: [], error: }.

# File 'lib/clacky/brand_config.rb', line 582

def fetch_brand_skills!
  return { success: false, error: "License not activated", skills: [] } unless activated?

  user_id   = parse_user_id_from_key(@license_key)
  key_hash  = Digest::SHA256.hexdigest(@license_key)
  ts        = Time.now.utc.to_i.to_s
  nonce     = SecureRandom.hex(16)
  message   = "#{user_id}:#{@device_id}:#{ts}:#{nonce}"
  signature = OpenSSL::HMAC.hexdigest("SHA256", @license_key, message)

  payload = {
    key_hash:  key_hash,
    user_id:   user_id.to_s,
    device_id: @device_id,
    timestamp: ts,
    nonce:     nonce,
    signature: signature
  }

  response = api_post("/api/v1/licenses/skills", payload)

  if response[:success]
    body = response[:data]
    # Merge local installed version info into each skill
    installed = installed_brand_skills
    skills = (body["skills"] || []).map do |skill|
      # Normalize name to valid skill name format; prefer the matching local installed dir name
      normalized   = skill["name"].to_s.downcase.gsub(/[\s_]+/, "-").gsub(/[^a-z0-9-]/, "").gsub(/-+/, "-")
      name         = installed.keys.find { |k| k == normalized } || normalized
      local        = installed[name]
      # The authoritative "latest" version lives in latest_version.version when present,
      # falling back to the top-level version field for older API responses.
      latest_ver   = (skill["latest_version"] || {})["version"] || skill["version"]
      # Only flag needs_update when the server has a strictly newer version than local.
      # If local >= latest (e.g. a dev build), suppress the update badge.
      needs_update = local ? version_older?(local["version"], latest_ver) : false
      skill.merge(
        "name"              => name,
        "installed_version" => local ? local["version"] : nil,
        "needs_update"      => needs_update
      )
    end
    { success: true, skills: skills, expires_at: body["expires_at"] }
  else
    { success: false, error: response[:error] || "Failed to fetch skills", skills: [] }
  end
end

#fetch_my_skills! ⇒ Object

Fetch the public store skills list from the OpenClacky Cloud API. Requires an activated license for HMAC authentication. Passes scope: “store” to retrieve platform-wide published public skills (not filtered by the authenticated user’s own skills). Returns { success: bool, skills: [], error: }.

Fetch the creator’s own published skills from the platform API. Uses GET /api/v1/client/skills (HMAC-signed, system license only). Returns { success: bool, skills: [], error: }.

# File 'lib/clacky/brand_config.rb', line 515

def fetch_my_skills!
  return { success: false, error: "License not activated", skills: [] } unless activated?
  return { success: false, error: "User license required", skills: [] } unless user_licensed?

  user_id   = @license_user_id.to_s
  key_hash  = Digest::SHA256.hexdigest(@license_key)
  ts        = Time.now.utc.to_i.to_s
  nonce     = SecureRandom.hex(16)
  message   = "#{user_id}:#{@device_id}:#{ts}:#{nonce}"
  signature = OpenSSL::HMAC.hexdigest("SHA256", @license_key, message)

  query = URI.encode_www_form(
    key_hash:  key_hash,
    user_id:   user_id,
    device_id: @device_id,
    timestamp: ts,
    nonce:     nonce,
    signature: signature
  )

  response = platform_client.get("/api/v1/client/skills?#{query}")

  if response[:success]
    skills = response[:data]["skills"] || []
    { success: true, skills: skills }
  else
    { success: false, error: response[:error] || "Failed to fetch skills", skills: [] }
  end
rescue StandardError => e
  { success: false, error: "Network error: #{e.message}", skills: [] }
end

#fetch_store_skills! ⇒ Object

Each skill in the returned array is a hash with at minimum:

"name", "description", "icon", "repo"

# File 'lib/clacky/brand_config.rb', line 549

def fetch_store_skills!
  return { success: false, error: "License not activated", skills: [] } unless activated?

  user_id   = parse_user_id_from_key(@license_key)
  key_hash  = Digest::SHA256.hexdigest(@license_key)
  ts        = Time.now.utc.to_i.to_s
  nonce     = SecureRandom.hex(16)
  message   = "#{user_id}:#{@device_id}:#{ts}:#{nonce}"
  signature = OpenSSL::HMAC.hexdigest("SHA256", @license_key, message)

  payload = {
    key_hash:  key_hash,
    user_id:   user_id.to_s,
    device_id: @device_id,
    timestamp: ts,
    nonce:     nonce,
    signature: signature,
    scope:     "store"
  }

  response = api_post("/api/v1/licenses/skills", payload)

  if response[:success]
    body   = response[:data]
    skills = body["skills"] || []
    { success: true, skills: skills }
  else
    { success: false, error: response[:error] || "Failed to fetch store skills", skills: [] }
  end
end

#grace_period_exceeded? ⇒ Boolean

Returns true when heartbeats have been failing continuously for longer than the grace period. Only considers ACTUAL failure streaks — a user who hasn’t launched the app in a week is NOT in violation, since no heartbeat attempt has actually failed.

Returns:

• (Boolean)

# File 'lib/clacky/brand_config.rb', line 142

def grace_period_exceeded?
  if @license_last_heartbeat_failure.nil?
    Clacky::Logger.debug("[Brand] grace_period_exceeded? => false (no active failure streak)")
    return false
  end

  elapsed = Time.now.utc - @license_last_heartbeat_failure
  exceeded = elapsed >= HEARTBEAT_GRACE_PERIOD
  Clacky::Logger.debug("[Brand] grace_period_exceeded? failing_since=#{@license_last_heartbeat_failure.iso8601} elapsed=#{elapsed.to_i}s grace=#{HEARTBEAT_GRACE_PERIOD}s => #{exceeded}")
  exceeded
end

#heartbeat! ⇒ Object

Send a heartbeat to the API and update last_heartbeat timestamp. Returns a result hash: { success: bool, message: String }

# File 'lib/clacky/brand_config.rb', line 306

def heartbeat!
  unless activated?
    Clacky::Logger.debug("[Brand] heartbeat! skipped — license not activated")
    return { success: false, message: "License not activated" }
  end

  Clacky::Logger.info("[Brand] heartbeat! sending — last_heartbeat=#{@license_last_heartbeat&.iso8601 || "nil"} expires_at=#{@license_expires_at&.iso8601 || "nil"}")

  user_id   = parse_user_id_from_key(@license_key)
  key_hash  = Digest::SHA256.hexdigest(@license_key)
  ts        = Time.now.utc.to_i.to_s
  nonce     = SecureRandom.hex(16)
  message   = "#{user_id}:#{@device_id}:#{ts}:#{nonce}"
  signature = OpenSSL::HMAC.hexdigest("SHA256", @license_key, message)

  payload = {
    key_hash:  key_hash,
    user_id:   user_id.to_s,
    device_id: @device_id,
    timestamp: ts,
    nonce:     nonce,
    signature: signature
  }

  response = api_post("/api/v1/licenses/heartbeat", payload)

  if response[:success]
    @license_last_heartbeat = Time.now.utc
    @license_last_heartbeat_failure = nil
    @license_expires_at = parse_time(response[:data]["expires_at"]) if response[:data]["expires_at"]
    apply_distribution(response[:data]["distribution"])
    save
    Clacky::Logger.info("[Brand] heartbeat! success — expires_at=#{@license_expires_at&.iso8601} last_heartbeat=#{@license_last_heartbeat.iso8601}")
    { success: true, message: "Heartbeat OK" }
  else
    @license_last_heartbeat_failure ||= Time.now.utc
    save
    Clacky::Logger.warn("[Brand] heartbeat! failed — #{response[:error]} (failing_since=#{@license_last_heartbeat_failure.iso8601})")
    { success: false, message: response[:error] || "Heartbeat failed" }
  end
end

#heartbeat_due? ⇒ Boolean

Returns true when a heartbeat should be sent (interval elapsed).

Returns:

• (Boolean)

# File 'lib/clacky/brand_config.rb', line 126

def heartbeat_due?
  if @license_last_heartbeat.nil?
    Clacky::Logger.debug("[Brand] heartbeat_due? => true (never sent)")
    return true
  end

  elapsed = Time.now.utc - @license_last_heartbeat
  due = elapsed >= HEARTBEAT_INTERVAL
  Clacky::Logger.debug("[Brand] heartbeat_due? elapsed=#{elapsed.to_i}s interval=#{HEARTBEAT_INTERVAL}s => #{due}")
  due
end

#install_brand_skill!(skill_info) ⇒ Object

Install (or update) a single brand skill by downloading and extracting its zip. skill_info: a hash from fetch_brand_skills! with at least name + latest_version.download_url + version

# File 'lib/clacky/brand_config.rb', line 632

def install_brand_skill!(skill_info)
  require "net/http"
  require "uri"

  slug    = skill_info["name"].to_s.strip
  version = (skill_info["latest_version"] || {})["version"] || skill_info["version"]
  url     = (skill_info["latest_version"] || {})["download_url"]

  return { success: false, error: "Missing skill name" } if slug.empty?

  if url.nil?
    FileUtils.mkdir_p(File.join(brand_skills_dir, slug))
    return { success: false, error: "No download URL" }
  end

  require "zip"

  dest_dir = File.join(brand_skills_dir, slug)
  FileUtils.mkdir_p(dest_dir)

  # Download the zip file to a temp path via PlatformHttpClient so the
  # primary → fallback host failover applies uniformly to every download.
  tmp_zip = File.join(brand_skills_dir, "#{slug}.zip")
  dl = platform_client.download_file(url, tmp_zip)
  raise dl[:error].to_s unless dl[:success]

  # Extract into dest_dir (overwrite existing files).
  # Auto-detect whether the zip has a single root folder to strip.
  # Uses get_input_stream instead of entry.extract to avoid rubyzip 3.x
  # path-safety restrictions on absolute destination paths.
  # Uses chunked read + size verification for robustness.
  Zip::File.open(tmp_zip) do |zip|
    entries  = zip.entries.reject(&:directory?)
    top_dirs = entries.map { |e| e.name.split("/").first }.uniq
    has_root = top_dirs.length == 1 && entries.any? { |e| e.name.include?("/") }

    entries.each do |entry|
      rel_path = if has_root
                   parts = entry.name.split("/")
                   parts[1..].join("/")
                 else
                   entry.name
                 end

      next if rel_path.nil? || rel_path.empty?

      out = File.join(dest_dir, rel_path)
      FileUtils.mkdir_p(File.dirname(out))

      # Chunked copy with size verification
      written = 0
      File.open(out, "wb") do |f|
        entry.get_input_stream do |input|
          while (chunk = input.read(65536))
            f.write(chunk)
            written += chunk.bytesize
          end
        end
      end

      # Verify file size matches ZIP entry declaration
      if written != entry.size
        raise "Size mismatch for #{entry.name}: expected #{entry.size}, got #{written}"
      end
    end
  end

  FileUtils.rm_f(tmp_zip)

  # Record installed version in brand_skills.json (including description for
  # offline display when the remote API is unreachable).
  # encrypted: true because the ZIP contains MANIFEST.enc.json + AES-256-GCM encrypted files.
  record_installed_skill(slug, version, skill_info["description"], encrypted: true, description_zh: skill_info["description_zh"], name_zh: skill_info["name_zh"])

  { success: true, name: slug, version: version }
rescue StandardError, ScriptError => e
  { success: false, error: e.message }
end

#install_mock_brand_skill!(skill_info) ⇒ Hash

Install a mock brand skill for brand-test mode.

Writes a realistic (but unencrypted) SKILL.md.enc file to the brand skills directory so the full load → decrypt → invoke code-path can be exercised without a real server. The file format intentionally mirrors what the production server will deliver: a binary blob stored with a .enc extension.

In the current mock implementation the “encryption” is an identity transformation (plain UTF-8 bytes) because BrandConfig#decrypt_skill_content is also mocked. Both sides will be replaced together during backend integration.

Parameters:

• skill_info (Hash) —

  Must include “name”, “description”, and optionally “version” and “emoji”.

Returns:

• (Hash) —

  { success: bool, name:, version: }

# File 'lib/clacky/brand_config.rb', line 726

def install_mock_brand_skill!(skill_info)
  slug           = skill_info["name"].to_s.strip
  version        = (skill_info["latest_version"] || {})["version"] || skill_info["version"] || "1.0.0"
  name           = slug
  description    = skill_info["description"] || "A private brand skill."
  description_zh = skill_info["description_zh"] || "私有品牌技能。"
  emoji          = skill_info["emoji"] || "⭐"

  return { success: false, error: "Missing skill name" } if slug.empty?

  dest_dir = File.join(brand_skills_dir, slug)
  FileUtils.mkdir_p(dest_dir)

  # Build a realistic SKILL.md that exercises argument substitution and
  # the privacy-protection code path.
  mock_content = <<~SKILL
    ---
    name: #{slug}
    description: "#{description}"
    ---

    # #{emoji} #{name}

    > This is a proprietary brand skill. Its contents are confidential.

    You are an expert assistant specialising in: **#{name}**.

    ## Instructions

    When the user asks you to use this skill, follow these steps:

    1. Understand the user's request: $ARGUMENTS
    2. Apply your expertise to deliver a high-quality result.
    3. Summarise what you did and ask if the user needs adjustments.
  SKILL

  # Write as .enc (mock: plain bytes — real encryption added post-backend)
  enc_path = File.join(dest_dir, "SKILL.md.enc")
  File.binwrite(enc_path, mock_content.encode("UTF-8"))

  # encrypted: false — mock skills store plain bytes in .enc, no MANIFEST needed.
  record_installed_skill(slug, version, description, encrypted: false, description_zh: description_zh, name_zh: skill_info["name_zh"])
  { success: true, name: slug, version: version }
rescue StandardError => e
  { success: false, error: e.message }
end

#installed_brand_skills ⇒ Object

Read the local brand_skills.json metadata, cross-validated against the actual file system. A skill is only considered installed when:

1. It has an entry in brand_skills.json, AND
2. Its skill directory exists under brand_skills_dir, AND
3. That directory contains at least one file (SKILL.md or SKILL.md.enc).

If the JSON record exists but the directory is missing or empty the entry is silently dropped from the result and the JSON file is cleaned up so subsequent installs start from a clean state.

Returns a hash keyed by name: { “version” => “1.0.0”, “name” => “…” }

# File 'lib/clacky/brand_config.rb', line 1059

def installed_brand_skills
  path = File.join(brand_skills_dir, "brand_skills.json")
  return {} unless File.exist?(path)

  raw = JSON.parse(File.read(path))

  # Validate each entry against the actual file system.
  valid   = {}
  changed = false

  raw.each do |name, meta|
    skill_dir = File.join(brand_skills_dir, name)
    has_files = Dir.exist?(skill_dir) &&
                Dir.glob(File.join(skill_dir, "SKILL.md{,.enc}")).any?

    if has_files
      valid[name] = meta
    else
      # JSON record exists but files are missing — mark for cleanup.
      changed = true
    end
  end

  # Persist the cleaned-up JSON so stale records don't accumulate.
  if changed
    File.write(path, JSON.generate(valid))
  end

  valid
rescue StandardError
  {}
end

#refresh_distribution! ⇒ Object

Refresh public brand assets (logo, theme, homepage_url, support_*) for installs that have ‘package_name` configured but no activated license yet.

Motivation: ‘install.sh –brand-name=X –command=X` only writes product_name + package_name to brand.yml. The rest of the distribution is only delivered via the license activation / heartbeat flow, which requires a license key. This method closes that gap by calling the anonymous public lookup endpoint.

Behaviour:

* No-op (returns { success: false, message: "..." }) when not branded,
  already activated, or package_name is blank.
* On success: apply_distribution + save + stamp
  @distribution_last_refreshed_at.
* On failure: log and return without touching the timestamp (so we
  retry on next trigger).

Returns { success: Boolean, message: String }.

# File 'lib/clacky/brand_config.rb', line 384

def refresh_distribution!
  unless branded?
    return { success: false, message: "Not branded" }
  end
  if activated?
    return { success: false, message: "License activated — use heartbeat! instead" }
  end
  if @package_name.nil? || @package_name.strip.empty?
    return { success: false, message: "package_name not configured" }
  end

  encoded_pkg = URI.encode_www_form_component(@package_name.strip)
  path        = "/api/v1/distributions/lookup?package_name=#{encoded_pkg}"

  Clacky::Logger.info("[Brand] refresh_distribution! fetching — package_name=#{@package_name}")
  response = platform_client.get(path)

  if response[:success] && response[:data].is_a?(Hash) && response[:data]["distribution"].is_a?(Hash)
    apply_distribution(response[:data]["distribution"])
    @distribution_last_refreshed_at = Time.now.utc
    save
    Clacky::Logger.info("[Brand] refresh_distribution! success — product_name=#{@product_name}")
    { success: true, message: "Distribution refreshed" }
  else
    Clacky::Logger.warn("[Brand] refresh_distribution! failed — #{response[:error]}")
    { success: false, message: response[:error] || "Refresh failed" }
  end
end

#save ⇒ Object

Save current state to ~/.clacky/brand.yml

# File 'lib/clacky/brand_config.rb', line 162

def save
  FileUtils.mkdir_p(CONFIG_DIR)
  File.write(BRAND_FILE, to_yaml)
  FileUtils.chmod(0o600, BRAND_FILE)
end

#sync_brand_skills_async!(on_complete: nil) ⇒ Thread^?

Synchronise brand skills in the background.

Fetches the remote skills list and installs any skill whose remote version differs from the locally installed version. The work runs in a daemon Thread so it never blocks the caller (typically Agent startup).

If the license is not activated the method returns immediately without spawning a thread.

Parameters:

• on_complete (Proc, nil) (defaults to: nil) —

  Optional callback called with the sync results array once all downloads finish (useful for tests / UI feedback).

Returns:

• (Thread, nil) —

  The background thread, or nil if skipped.

# File 'lib/clacky/brand_config.rb', line 785

def sync_brand_skills_async!(on_complete: nil)
  return nil unless activated?
  return nil if ENV["CLACKY_TEST"] == "1"

  Thread.new do
    Thread.current.abort_on_exception = false

    begin
      result = fetch_brand_skills!
      next unless result[:success]

      # Remove locally installed skills that have been deleted on the remote.
      # Compare the set of remote skill names against what is installed locally
      # and delete any skill that no longer exists in the remote catalogue.
      remote_skill_names = result[:skills].map { |s| s["name"] }
      installed_brand_skills.each_key do |local_name|
        delete_brand_skill!(local_name) unless remote_skill_names.include?(local_name)
      end

      # Auto-sync is intentionally limited to skills the user has already
      # installed and that have a newer version available.
      # New skills are never auto-installed — the user must click Install/Update
      # explicitly from the Brand Skills panel.
      installed = installed_brand_skills
      skills_needing_update = result[:skills].select { |s| s["needs_update"] }
      results = skills_needing_update.map do |skill_info|
        install_brand_skill!(skill_info)
      end

      # Even when the version hasn't changed, display metadata (name_zh,
      # description_zh, description) may have been updated on the platform.
      # Patch brand_skills.json in-place without re-downloading the ZIP.
      result[:skills].each do |skill_info|
        name = skill_info["name"]
        next unless installed.key?(name)
        next if skill_info["needs_update"] # already being reinstalled above

        local = installed[name]
        next if local["name_zh"]        == skill_info["name_zh"].to_s &&
                local["description_zh"] == skill_info["description_zh"].to_s &&
                local["description"]    == skill_info["description"].to_s

        # Metadata changed — update brand_skills.json without reinstalling.
        record_installed_skill(
          name,
          local["version"],
          skill_info["description"].to_s,
          encrypted:      local["encrypted"] != false,
          description_zh: skill_info["description_zh"].to_s,
          name_zh:        skill_info["name_zh"].to_s
        )
      end

      on_complete&.call(results)
    rescue StandardError
      # Background sync failures are intentionally swallowed — the agent
      # continues to work with whatever skills are already installed.
    end
  end
end

#to_h ⇒ Object

Returns a hash representation for JSON serialization (e.g. /api/brand).

# File 'lib/clacky/brand_config.rb', line 1129

def to_h
  {
    product_name:       @product_name,
    package_name:       @package_name,
    logo_url:           @logo_url,
    support_contact:    @support_contact,
    support_qr_url:     @support_qr_url,
    theme_color:        @theme_color,
    homepage_url:       @homepage_url,
    branded:            branded?,
    activated:          activated?,
    expired:            expired?,
    license_expires_at: @license_expires_at&.iso8601,
    user_licensed:      user_licensed?,
    license_user_id:    @license_user_id
  }
end

#to_yaml ⇒ Object

# File 'lib/clacky/brand_config.rb', line 1148

def to_yaml
  data = {}
  data["product_name"]           = @product_name           if @product_name
  data["package_name"]           = @package_name           if @package_name
  data["logo_url"]               = @logo_url               if @logo_url
  data["support_contact"]        = @support_contact        if @support_contact
  data["support_qr_url"]         = @support_qr_url         if @support_qr_url
  data["theme_color"]            = @theme_color            if @theme_color
  data["homepage_url"]           = @homepage_url           if @homepage_url
  data["license_key"]            = @license_key            if @license_key
  data["license_activated_at"]   = @license_activated_at.iso8601   if @license_activated_at
  data["license_expires_at"]     = @license_expires_at.iso8601     if @license_expires_at
  data["license_last_heartbeat"] = @license_last_heartbeat.iso8601 if @license_last_heartbeat
  data["device_id"]              = @device_id              if @device_id
  # Persist user_id so user-licensed features remain available across restarts
  data["license_user_id"]        = @license_user_id        if @license_user_id && !@license_user_id.strip.empty?
  data["distribution_last_refreshed_at"] = @distribution_last_refreshed_at.iso8601 if @distribution_last_refreshed_at
  data["license_last_heartbeat_failure"] = @license_last_heartbeat_failure.iso8601 if @license_last_heartbeat_failure
  YAML.dump(data)
end

#upload_skill!(skill_name, zip_data, force: false, version_override: nil) ⇒ Object

Upload (publish) a custom skill ZIP to the OpenClacky Cloud API. Calls POST /api/v1/client/skills (system-license endpoint). zip_data is the raw binary content of the ZIP file. Returns { success: bool, error: String }. Upload a skill ZIP to the OpenClacky cloud. skill_name: skill name string (slug format) zip_data: binary ZIP content force: when true, use PATCH to overwrite an existing skill instead of POST

Returns { success: true, skill: … } or { success: false, error: “…”, already_exists: true/false }

# File 'lib/clacky/brand_config.rb', line 423

def upload_skill!(skill_name, zip_data, force: false, version_override: nil)
  return { success: false, error: "License not activated" } unless activated?
  return { success: false, error: "User license required to upload skills" } unless user_licensed?

  # The client skills API uses @license_user_id (the platform owner user id),
  # NOT the user_id embedded in the license key structure.
  user_id   = @license_user_id.to_s
  key_hash  = Digest::SHA256.hexdigest(@license_key)
  ts        = Time.now.utc.to_i.to_s
  nonce     = SecureRandom.hex(16)
  message   = "#{user_id}:#{@device_id}:#{ts}:#{nonce}"
  signature = OpenSSL::HMAC.hexdigest("SHA256", @license_key, message)

  # POST /api/v1/client/skills         → create (first upload)
  # PATCH /api/v1/client/skills/:name → update (force overwrite)
  path = if force
           "/api/v1/client/skills/#{URI.encode_www_form_component(skill_name)}"
         else
           "/api/v1/client/skills"
         end

  boundary = "----ClackySkillUpload#{SecureRandom.hex(8)}"
  crlf     = "\r\n"

  # Build multipart body as a binary string so that null bytes in the ZIP
  # data are preserved. All parts are joined as binary before sending.
  parts = []
  fields = {
    "key_hash"  => key_hash,
    "user_id"   => user_id,
    "device_id" => @device_id,
    "timestamp" => ts,
    "nonce"     => nonce,
    "signature" => signature,
    "name"      => skill_name.to_s
  }
  # Include version override when bumping an existing skill version
  fields["version"] = version_override.to_s if version_override

  fields.each do |field, value|
    parts << "--#{boundary}#{crlf}"
    parts << "Content-Disposition: form-data; name=\"#{field}\"#{crlf}#{crlf}"
    parts << value.to_s
    parts << crlf
  end
  # Binary file part
  parts << "--#{boundary}#{crlf}"
  parts << "Content-Disposition: form-data; name=\"skill_zip\"; filename=\"#{skill_name}.zip\"#{crlf}"
  parts << "Content-Type: application/zip#{crlf}#{crlf}"
  parts << zip_data.b
  parts << "#{crlf}--#{boundary}--#{crlf}"

  body_bytes = parts.map(&:b).join

  # Delegate sending (with retry + failover) to PlatformHttpClient.
  # Uploads can be slow so we allow a generous 60-second read timeout.
  result = if force
             platform_client.multipart_patch(path, body_bytes, boundary, read_timeout: 60)
           else
             platform_client.multipart_post(path, body_bytes, boundary, read_timeout: 60)
           end

  if result[:success]
    parsed = result[:data]
    { success: true, skill: parsed["skill"] }
  else
    # Propagate structured error from PlatformHttpClient
    body   = result[:data] || {}
    code   = body["code"] || body["error"]
    errors = body["errors"]&.join(", ")
    msg    = result[:error] || [code, errors].compact.join(": ")
    msg    = "Upload failed" if msg.to_s.strip.empty?

    # Detect "already exists" conflicts so the caller can offer an overwrite option.
    already_exists = body["code"].to_s.include?("name_taken") ||
                     body["code"].to_s.include?("already") ||
                     result[:error].to_s.include?("HTTP 409")
    { success: false, error: msg, already_exists: already_exists }
  end
rescue StandardError => e
  { success: false, error: "Network error: #{e.message}" }
end

#user_licensed? ⇒ Boolean

Returns true when the license is bound to a specific user (user_id present). User-licensed installations gain additional capabilities such as the ability to upload custom skills via the web UI.

Returns:

• (Boolean)

# File 'lib/clacky/brand_config.rb', line 157

def user_licensed?
  activated? && !@license_user_id.nil? && !@license_user_id.to_s.strip.empty?
end