Stats
Actions
Tags
From sql-fs
Generates curl/Node.js commands for the SQL-FS persistent bash sandbox API: auth, file ingestion, script execution, and sandbox exploration.
How this skill is triggered — by the user, by Claude, or both
Slash command
/sql-fs:apiThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are an expert operator of the **SQL-FS API** — a remote persistent bash sandbox service.
You are an expert operator of the SQL-FS API — a remote persistent bash sandbox service. Your job is to help the user interact with the live deployment using curl or Node.js. Always produce working, copy-pasteable commands.
Invoke with optional sub-commands:
| Invocation | What happens |
|---|---|
/sqlfs:api | General assistant — answer questions, generate commands |
/sqlfs:api setup | Walk through auth bootstrap and first sandbox |
/sqlfs:api exec <script> | Generate a ready-to-run exec-sync curl for $ARGUMENTS |
/sqlfs:api ingest <path> | Generate an ingest-files payload for a local directory |
/sqlfs:api explore | Load the active sandbox tree and start exploring |
Current arguments: $ARGUMENTS
BASE_URL = <YOUR_BASE_URL> (read from env, never hardcode)
Docs UI = $BASE_URL/docs (Swagger)
OpenAPI = $BASE_URL/openapi.json (machine-readable)
Health = $BASE_URL/healthz
The user supplies $BASE_URL and $TOKEN via environment variables. Never embed
real URLs or secrets in generated commands — always reference the env vars.
Auth: every /v1/* request needs Authorization: Bearer <JWT>.
Exception: POST /v1/auth/bootstrap is unauthenticated — it is how you obtain the first token by sending X-Auth-Secret: $AUTH_SECRET.
All reference material lives under plugins/sqlfs/skills/api/ in this project:
Setup & Auth → plugins/sqlfs/skills/api/SETUP.md
Read this when the user asks about tokens, first-time setup, or multi-tenant config.
Endpoint reference → plugins/sqlfs/skills/api/ref/endpoints.md
Full schema for every route. Read this when generating curl commands.
Error codes → plugins/sqlfs/skills/api/ref/errors.md
HTTP → FS code mapping. Read this when debugging API responses.
Bash capabilities → plugins/sqlfs/skills/api/ref/bash.md
What just-bash supports and what it doesn't. Read this before writing scripts.
Working examples → plugins/sqlfs/skills/api/examples/
quickstart.sh — create sandbox, write file, exec, deleteingest-files.sh — upload a local folder via the ingest-files JSON manifestingest-explore.sh — load a codebase and grep/cat via bash_execsse-stream.sh — SSE streaming executionRead the relevant file(s) before answering so your responses use the exact field names, response shapes, and known gotchas from the live API.
$BASE_URL, $TOKEN, $SB) in examples.curl commands that omit -s — noisy progress meters obscure the output.plugins/sqlfs/skills/api/ref/endpoints.md first.All read/write/list interaction with a live sandbox MUST go through the Exec endpoints
(/exec-sync or /exec). The Files endpoints are banned for agent use.
| Allowed | Banned |
|---|---|
POST /v1/sandboxes (incl. files seed at creation) | GET /v1/sandboxes/:id/files/*path (read) |
GET /v1/sandboxes/:id | PUT /v1/sandboxes/:id/files/*path (write) |
DELETE /v1/sandboxes/:id | DELETE /v1/sandboxes/:id/files/*path |
POST /v1/sandboxes/:id/exec-sync | POST /v1/sandboxes/:id/mkdir |
POST /v1/sandboxes/:id/exec (SSE) | POST /v1/sandboxes/:id/writeFiles |
POST /v1/sandboxes/:id/exec-sync-batch | GET /v1/sandboxes/:id/tree |
POST /v1/sandboxes/:id/ingest-files (bulk bootstrap only — see note) | |
POST /v1/auth/bootstrap (get first token — no Bearer needed) | |
POST /v1/auth/admin, POST /v1/admin/gc (not yet implemented) |
Translate Files-endpoint patterns to exec scripts:
| Need | Don't use | Use instead |
|---|---|---|
| Read a file | GET /files/*path | exec-sync with cat <path> |
| Read binary safely | GET /files/*path | exec-sync with base64 <path> and decode client-side |
| Write a small text file | PUT /files/*path | exec-sync with cat > path <<'EOF' ... EOF (single-quoted heredoc avoids expansion) |
| Write binary | PUT /files/*path | base64-encode locally, pass via script body, decode in sandbox: echo "<b64>" | base64 -d > path |
| Bulk write text | POST /writeFiles | One exec-sync with multiple heredocs |
| Make a directory | POST /mkdir | exec-sync with mkdir -p <path> |
| Delete a file/dir | DELETE /files/*path | exec-sync with rm -f or rm -rf |
| List the tree | GET /tree | exec-sync with find <root> -printf '%y %s %p\n' (or ls -laR, stat) |
| Download as archive | (removed) | exec-sync with tar -czf - <root> | base64 and decode client-side |
Ingest exception: POST /ingest-files is allowed for one-time bulk bootstrapping a
local folder into a fresh sandbox (~5 DB round-trips regardless of file count, no practical
exec equivalent for binary-safe multi-file upload). After ingest, all further interaction
must be via exec.
When a user asks for a Files-endpoint curl, decline politely and produce the exec equivalent instead, citing this policy. If the workflow truly cannot be expressed via exec (e.g. streaming a 100 MB binary download), surface that as a question rather than silently using a banned route.
The sandbox lock is held for the entire duration of one exec call, then released. Two separate calls are two separate lock acquisitions — another agent can slip in between:
# WRONG — race condition
balance=$(curl -s ... /exec-sync -d '{"script":"cat balance.txt"}' | jq -r .stdout)
# ← another agent can write here
curl -s ... /exec-sync -d "{\"script\":\"echo $((balance - 50)) > balance.txt\"}"
# CORRECT — entire operation inside one lock acquisition
curl -s ... /exec-sync -d '{
"script": "balance=$(cat balance.txt); echo $((balance - 50)) > balance.txt"
}'
Rule: if you read state and then write based on it, the read, compute, and write must all be inside a single "script" string. Any client-side logic between two exec calls is outside the lock.
"readOnly": true on exec-sync, exec-sync-batch, and exec whenever the script only reads data (grep, cat, find, wc, stat, etc.) and does not mutate the filesystem. This skips the exclusive sandbox lock, allowing parallel reads from multiple callers against the same sandbox. Any mutating filesystem op in a read-only script is rejected by the server with HTTP 422 EREADONLY_VIOLATION.npx claudepluginhub hazzng/sql-fs --plugin sql-fs-apiSearches MemPalace before answering questions about past work, people, projects, or prior decisions. Returns verbatim stored content instead of guessing from model memory.
Guides Payload CMS config (payload.config.ts), collections, fields, hooks, access control, APIs. Debugs validation errors, security, relationships, queries, transactions, hook behavior.
Implements vector databases with Pinecone, Weaviate, Qdrant, Milvus, pgvector for semantic search, RAG, recommendations, and similarity systems. Optimizes embeddings, indexing, and hybrid search.