The official Magenta Voice Skill SDK used to develop skills for the Magenta Voice Assistant using Voice Platform!

Last update: Nov 19, 2022

Overview

Magenta Voice Skill SDK

Development • Support • Contribute • Contributors • Licensing

Magenta Voice Skill SDK for Python is a package that assists in creating Voice Applications for Magenta Voice Platform.

About

This is a reworked stack with explicit async/await concurrency and based on FastAPI ASGI framework.

Old stable (Bottle/Gevent) 0.xx branch

Installation

Runtime

Runtime installation: python -m pip install skill-sdk.

Runtime (full)

Runtime installation with Prometheus metrics exporter and distributed tracing adapter: python -m pip install skill-sdk[all].

Development

Development installation: python -m pip install skill-sdk[dev].

Quickstart

To bootstrap a new project, install SDK for development:

pip install skill-sdk[dev]

Initialize a new project with vs command:

vs init

Run the skill in development mode:

vs develop

Click http://localhost:4242 to access Designer UI.

Hello World

from skill_sdk import skill, Response


@skill.intent_handler("HELLO_WORLD__INTENT")
async def handler() -> Response:
    return Response("Hello World!")

app = skill.init_app()

app.include(handler=handler)

Code of Conduct

This project has adopted the Contributor Covenant in version 2.0 as our code of conduct. Please see the details in our CODE_OF_CONDUCT.md. All contributors must abide by the code of conduct.

Working Language

We decided to apply English as the primary project language.

Consequently, all content will be made available primarily in English. We also ask all interested people to use English as language to create issues, in their code (comments, documentation etc.) and when you send requests to us. The application itself and all end-user facing content will be made available in other languages as needed.

Support and Feedback

The following channels are available for discussions, feedback, and support requests:

Type	Channel
Issues
Other Requests

How to Contribute

Contribution and feedback is encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our Contribution Guidelines. By participating in this project, you agree to abide by its Code of Conduct at all times.

Contributors

Our commitment to open source means that we are enabling -in fact encouraging- all interested parties to contribute and become part of its developer community.

Licensing

Licensed under the MIT License (the "License"); you may not use this file except in compliance with the License.

You may obtain a copy of the License by reviewing the file LICENSE in the repository.

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the LICENSE for the specific language governing permissions and limitations under the License.

Comments

Issue after using vs init

I tried to use the command vs init after installing the voice skill sdk. But i get the following issue: Traceback (most recent call last): File "/home/buffy/.pyenv/versions/3.9.6/bin/vs", line 8, in <module> sys.exit(main()) File "/home/buffy/.pyenv/versions/3.9.6/lib/python3.9/site-packages/skill_sdk/__main__.py", line 62, in main arguments.command(arguments) File "/home/buffy/.pyenv/versions/3.9.6/lib/python3.9/site-packages/skill_sdk/cli/init.py", line 26, in execute import questionary ModuleNotFoundError: No module named 'questionary'

opened by buffy93 2

Add a high level functional API for creating responses and making http calls

As a developer I want to be able to do this (or similar stuff):

def handle():
  # ... some other magic intent handler code
  c = card(_("CARD_TITLE")).sub_title(_("CARD_SUB_TITLE")).action("https://google.de",_("ACTION_TITLE"))
  return response(message).card(c)

and

with session() as http:
  res = http.get("https://example.com")
  res.raise_for_status()

instead of using Javaesque CircuitBreaker API.

enhancement help wanted

opened by 4thel00z 2

Add documentation for the external developers
Convert this document: https://gard.telekom.de/gardwiki/pages/viewpage.action?pageId=341421514 into markdown and add it to /docs/external_developers

[x] add all the images

[x] convert the text
opened by 4thel00z 2
Bump url-parse from 1.5.1 to 1.5.7 in /skill-ui
Bumps url-parse from 1.5.1 to 1.5.7.

Commits

8b3f5f2 1.5.7

ef45a13 [fix] Readd the empty userinfo to url.href (#226)

88df234 [doc] Add soft deprecation notice

78e9f2f [security] Fix nits

e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability

4c9fa23 1.5.6

7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo

e4a5807 1.5.5

193b44b [minor] Simplify whitespace regex

319851b [fix] Remove CR, HT, and LF

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1
Bump follow-redirects from 1.14.1 to 1.14.7 in /skill-ui
Bumps follow-redirects from 1.14.1 to 1.14.7.

Commits

2ede36d Release version 1.14.7 of the npm package.

8b347cb Drop Cookie header across domains.

6f5029a Release version 1.14.6 of the npm package.

af706be Ignore null headers.

d01ab7a Release version 1.14.5 of the npm package.

40052ea Make compatible with Node 17.

86f7572 Fix: clear internal timer on request abort to avoid leakage

2e1eaf0 Keep Authorization header on subdomain redirects.

2ad9e82 Carry over Host header on relative redirects (#172)

77e2a58 Release version 1.14.4 of the npm package.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1
Bump url-parse from 1.5.1 to 1.5.3 in /skill-ui
Bumps url-parse from 1.5.1 to 1.5.3.

Commits

ad44493 [dist] 1.5.3

c798461 [fix] Fix host parsing for file URLs (#210)

201034b [dist] 1.5.2

2d9ac2c [fix] Sanitize only special URLs (#209)

fb128af [fix] Use 'null' as origin for non special URLs

fed6d9e [fix] Add a leading slash only if the URL is special

94872e7 [fix] Do not incorrectly set the slashes property to true

81ab967 [fix] Ignore slashes after the protocol for special URLs

ee22050 [ci] Use GitHub Actions

d2979b5 [fix] Special case the file: protocol (#204)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1
Bump postcss from 7.0.35 to 7.0.36 in /skill-ui
Bumps postcss from 7.0.35 to 7.0.36.

Release notes

Sourced from postcss's releases.

7.0.36

Backport ReDoS vulnerabilities from PostCSS 8.

Changelog

Sourced from postcss's changelog.

7.0.36

Backport ReDoS vulnerabilities from PostCSS 8.

Commits

67e3d7b Release 7.0.36 version

54cbf3c Backport ReDoS vulnerabilities from PostCSS 8

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1
Bump fastapi from 0.65.1 to 0.65.2
Bumps fastapi from 0.65.1 to 0.65.2.

Release notes

Sourced from fastapi's releases.

0.65.2

Security fixes

🔒 Check Content-Type request header before assuming JSON. Initial PR #2118 by @patrickkwang.

This change fixes a CSRF security vulnerability when using cookies for authentication in path operations with JSON payloads sent by browsers.

In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if the content-type header sent was not set to application/json or a compatible JSON media type (e.g. application/geo+json).

So, a request with a content type of text/plain containing JSON data would be accepted and the JSON data would be extracted.

But requests with content type text/plain are exempt from CORS preflights, for being considered Simple requests. So, the browser would execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application.

See CVE-2021-32677 for more details.

Thanks to Dima Boger for the security report! 🙇🔒

Internal

🔧 Update sponsors badge, course bundle. PR #3340 by @tiangolo.

🔧 Add new gold sponsor Jina 🎉. PR #3291 by @tiangolo.

🔧 Add new banner sponsor badge for FastAPI courses bundle. PR #3288 by @tiangolo.

👷 Upgrade Issue Manager GitHub Action. PR #3236 by @tiangolo.

Commits

4d91f97 🔖 Release version 0.65.2

aabe2c7 📝 Update release notes

377234a 🔒 Create Security Policy

38b7858 📝 Update release notes

fa7e3c9 🐛 Check Content-Type request header before assuming JSON (#2118)

90120dd 📝 Update release notes

3677254 🔧 Update sponsors badge, course bundle (#3340)

40bb0c5 📝 Update release notes

60918d2 🔧 Add new gold sponsor Jina 🎉 (#3291)

3afce2c 📝 Update release notes

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies python
opened by dependabot[bot] 1
Bump ws from 6.2.1 to 6.2.2 in /skill-ui
Bumps ws from 6.2.1 to 6.2.2.

Release notes

Sourced from ws's releases.

6.2.2

Bug fixes

Backported 00c425ec to the 6.x release line (78c676d2).

Commits

9bdb580 [dist] 6.2.2

78c676d [security] Fix ReDoS vulnerability

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump dns-packet from 1.3.1 to 1.3.4 in /skill-ui
Bumps dns-packet from 1.3.1 to 1.3.4.

Commits

ebdf849 1.3.4

ac57872 move all allocUnsafes to allocs for easier maintenance

c64c950 1.3.3

0598ba1 fix .. in encodingLength

010aedb 1.3.2

0d0d593 backport encodingLength fix to v1

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1

Scaffold project is missing in SDK binary distribution

Trying to initialize a project with vs init:

Traceback (most recent call last):
  File "/home/vadim/PycharmProjects/test/.venv/bin/vs", line 8, in <module>
    sys.exit(main())
  File "/home/vadim/PycharmProjects/test/.venv/lib/python3.8/site-packages/skill_sdk/__main__.py", line 55, in main
    arguments.command(arguments)
  File "/home/vadim/PycharmProjects/test/.venv/lib/python3.8/site-packages/skill_sdk/cli/init.py", line 68, in execute
    copy_tree(scaffold_path.__str__(), path.__str__())
  File "/usr/lib/python3.8/distutils/dir_util.py", line 126, in copy_tree
    raise DistutilsFileError(
distutils.errors.DistutilsFileError: cannot copy tree '/home/vadim/PycharmProjects/test/.venv/lib/python3.8/site-packages/skill_sdk/cli/scaffold': not a directory

opened by tvadim 1

Bump minimist from 1.2.5 to 1.2.6 in /skill-ui
Bumps minimist from 1.2.5 to 1.2.6.

Commits

7efb22a 1.2.6

ef88b93 security notice for additional prototype pollution issue

c2b9819 isConstructorOrProto adapted from PR

bc8ecee test from prototype pollution PR

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 0
Bump url-parse from 1.5.1 to 1.5.10 in /skill-ui
Bumps url-parse from 1.5.1 to 1.5.10.

Commits

8cd4c6c 1.5.10

ce7a01f [fix] Improve handling of empty port

0071490 [doc] Update JSDoc comment

a7044e3 [minor] Use more descriptive variable name

d547792 [security] Add credits for CVE-2022-0691

ad23357 1.5.9

0e3fb54 [fix] Strip all control characters from the beginning of the URL

61864a8 [security] Add credits for CVE-2022-0686

bb0104d 1.5.8

d5c6479 [fix] Handle the case where the port is specified but empty

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 0
Bump follow-redirects from 1.14.1 to 1.14.8 in /skill-ui
Bumps follow-redirects from 1.14.1 to 1.14.8.

Commits

3d81dc3 Release version 1.14.8 of the npm package.

62e546a Drop confidential headers across schemes.

2ede36d Release version 1.14.7 of the npm package.

8b347cb Drop Cookie header across domains.

6f5029a Release version 1.14.6 of the npm package.

af706be Ignore null headers.

d01ab7a Release version 1.14.5 of the npm package.

40052ea Make compatible with Node 17.

86f7572 Fix: clear internal timer on request abort to avoid leakage

2e1eaf0 Keep Authorization header on subdomain redirects.

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 0
Bump postcss from 7.0.35 to 7.0.39 in /skill-ui
Bumps postcss from 7.0.35 to 7.0.39.

Release notes

Sourced from postcss's releases.

7.0.39

Reduce package size.

Backport nanocolors to picocolors migration.

7.0.38

Update Processor#version.

7.0.37

Backport chalk to nanocolors migration.

7.0.36

Backport ReDoS vulnerabilities from PostCSS 8.

Changelog

Sourced from postcss's changelog.

7.0.39

Reduce package size.

Backport nanocolors to picocolors migration.

7.0.38

Update Processor#version.

7.0.37

Backport chalk to nanocolors migration.

7.0.36

Backport ReDoS vulnerabilities from PostCSS 8.

Commits

e17c1ef Release 7.0.39 version

6791bd3 Reduce npm package

44c581a Replace nanocolors with picocolors

8ba21fd Remove eslint-ci

3994c4a Release 7.0.38 version

6944e1d Remove development keys from package.json

4dd0af0 Release 7.0.37 version

8408eb4 Add compilation step

0c68063 Move tests to GitHub Actions

98b61ba Replace chalk to nanocolors

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 0
Bump shelljs from 0.8.4 to 0.8.5 in /skill-ui
Bumps shelljs from 0.8.4 to 0.8.5.

Release notes

Sourced from shelljs's releases.

v0.8.5

This was a small security fix for #1058.

Commits

70668a4 0.8.5

d919d22 fix(exec): lockdown file permissions (#1060)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 0

Releases(1.2.1)

1.2.1(Apr 7, 2022)
1.2.1 - 2022-04-07

Bugfixes

Returning text from nl_build with fullstop in the end.

Features

Add data values in the response of version 0

Source code(tar.gz)
Source code(zip)
1.2.0(Apr 5, 2022)
1.2.0 - 2022-04-05

Features

Enhance User-Agent header to include kubernetes POD name when it comes to SVH cluster requests

Adding newReferenceType called MEDIA_CONTENT_END

Source code(tar.gz)
Source code(zip)
1.1.9(Mar 31, 2022)
1.1.9 - 2022-03-31

Bugfixes

Making variable postal_code Optional of class AddressComponents due to some cities from location service has no postal code

Source code(tar.gz)
Source code(zip)
1.1.8(Mar 17, 2022)
1.1.8 - 2022-03-17

Bugfixes

FIX Rename Locations timezone to time_zone

Source code(tar.gz)
Source code(zip)
1.1.7(Mar 15, 2022)
1.1.7 - 2022-03-15

Bugfixes

Fix error when returning an instance of Reprompt from an intent handler.

Source code(tar.gz)
Source code(zip)
1.1.6(Feb 9, 2022)
1.1.6 - 2022-02-09

Features

Introduce cvi service-token decryption utility.

Refactor unit tests from unittest to pytest module.

Bugfixes

Fixed uvicorn logging when --log-level set to trace.

Bump FastAPI from 0.68.0 to 0.70.0.

Fix mypy error

Source code(tar.gz)
Source code(zip)
0.16.2(Feb 8, 2022)
[v0.16.2] - 2022-02-08

Bugfixes

Fix issue with pypi

Source code(tar.gz)
Source code(zip)
0.16.1(Feb 8, 2022)
[v0.16.1] - 2022-02-07

Features

Upgrade dependencies

Source code(tar.gz)
Source code(zip)
0.16.0(Dec 7, 2021)
[v0.16.0] - 2021-12-07

Features

Add a new ReferenceType called MEDIA_CONTENT_END.

Source code(tar.gz)
Source code(zip)
1.1.4(Sep 13, 2021)
1.1.4 - 2021-08-18

Features

Logging configuration section added to Deployment guide.

Bugfixes

Corrected "X-Tenant-Id" tracing header propagation and logging.

Fixed "typing.List" annotation handling in UI.

Fixed cutting DelayedClientTask from skill response. Added type annotation to DelayedClientTask.invoke keyword arguments.

Fixed EntityValueException if an intent handler parameter annotated as skill_sdk.intents.Request.

Fixed ValidationError when loading skill settings caused by not set API_KEY environment variable.

Fixed asyncio - Task exception was never retrieved error message in debug log UI display.

Bump FastAPI from 0.67.0 to 0.68.0.

Source code(tar.gz)
Source code(zip)
0.15.3(Aug 10, 2021)
[v0.15.3] - 2021-08-05

Bugfixes

Fixed "X-Tenant-Id"/"Baggage-X-Magenta-Transaction-Id" tracing headers propagation and logging.

Source code(tar.gz)
Source code(zip)
1.1.3(Jul 26, 2021)
1.1.3 - 2021-07-26

Bugfixes

Fixed persistent service URL in howto.

Added "skill_id"/"client_type_name"/"user_profile_config" arguments to create_context helper.

"Magenta transaction ID" value added to logging record.

Bump FastAPI from 0.66.0 to 0.67.0.

Source code(tar.gz)
Source code(zip)
0.15.2(Jul 26, 2021)
[v0.15.2] - 2021-07-26

Features

Magenta transaction Id value added to logging record.

"Tenant" logging value is read from "X-TenantId" header.

IMPORTANT: for logging purpose only, do not use this header to build tenant-specific logic.

Miscellaneous

Requirements bump:

apispec from 4.6.0 to 4.7.1

python-dateutil from 2.8.1 to 2.8.2

requests from 2.25.1 to 2.26.0

Source code(tar.gz)
Source code(zip)

1.1.2(Jul 13, 2021)

1.1.2 - 2021-07-12

Features

Added "Baggage-X-Magenta-Transaction-Id" header propagation. The header is also available for logging as:

from skill_sdk.log import tracing_headers

>>> tracing_headers()
{<HeaderKeys.trace_id: 'X-B3-TraceId'>: 'trace-id', <HeaderKeys.span_id: 'X-B3-SpanId'>: 'span-id', <HeaderKeys.tenant_id: 'X-TenantId'>: 'tenant-id', <HeaderKeys.testing_flag: 'X-Testing'>: '1', <HeaderKeys.magenta_transaction_id: 'Baggage-X-Magenta-Transaction-Id'>: 'my-id'}

Bugfixes

Bump FastAPI from 0.65.2 to 0.66.0. Release notes.
Fixed vs run [module] command that ignored the module parameter.

Source code(tar.gz)
Source code(zip)

1.1.1(Jun 30, 2021)
1.1.1 - 2021-06-30

Features

Added HOWTO: using opentracing adapter in SDK.

Bugfixes

Fixed ValidationError when response contains a client kit command.

Source code(tar.gz)
Source code(zip)
1.1.0(Jun 22, 2021)
1.1.0 - 2021-06-22

Features

Add support for the new companion app cards format: Action Cards v3.0.

When joining internationalization message strings (i18n.Message), translation keys are joined along with their values for better readability.

Source code(tar.gz)
Source code(zip)
0.15.0(Jun 22, 2021)
[v0.15.0] - 2021-06-22

Features

Add support for the new companion app cards format: Action Cards v3.0.

Miscellaneous

Requirements bump:

apispec from 4.5.0 to 4.6.0

Source code(tar.gz)
Source code(zip)
1.0.6(Jun 14, 2021)
1.0.6 - 2021-06-14

Bugfixes

Bump FastAPI from 0.65.1 to 0.65.2. Fixes CSRF vulnerability: CVE-2021-32677.

Fix skill.test_intent helper FALLBACK_INTENT handling.

Remove skill.init_app initialization when running vs version command.

Source code(tar.gz)
Source code(zip)
0.14.4(Jun 10, 2021)
[v0.14.4] - 2021-06-10

Bugfixes

Fixed skill.test_intent helper FALLBACK_INTENT handling.

Miscellaneous

Requirements bump:

apispec from 4.4.0 to 4.5.0

prometheus_client from 0.10.0 to 0.11.0

Source code(tar.gz)
Source code(zip)
1.0.5(Jun 7, 2021)
1.0.5 - 2021-06-07

Features

Skill configuration is compatible with dotenv. Skill setting values can be overwritten with environment variables.

File with environment settings can be specified when running a skill with --env-file argument to vs CLI tool. To start skill in development mode with environment settings loaded from .env.dev file:

vs develop --env-file .env.dev

Bugfixes

Various UI fixes.

Logging:

Fix uvicorn access log formatter to consistently use either human-readable or GELF format.

Add logging helpers to optionally hide JWT-like token strings.

Source code(tar.gz)
Source code(zip)
1.0.4(Jun 7, 2021)
1.0.4 - 2021-05-26

Bugfixes

Fix the initialization of Prometheus metrics exporter endpoint.

Logging:

Display uvicorn access log in GELF format.

Add Gunicorn logging formatter: can be used to export skill logs as GELF-compatible JSON when deploying with Gunicorn.
To activate, add --logger-class=skill_sdk.log.GunicornLogger parameter when deploying the skill.

Source code(tar.gz)
Source code(zip)
0.14.3(May 12, 2021)
[v0.14.3] - 2021-05-12

Features

Internationalization module supports YAML translations in RoR i18n format.

Bugfixes

Test helper skill.test_intent fixed with correct intent name creating a test invoke context.

Source code(tar.gz)
Source code(zip)
1.0.2(May 5, 2021)
1.0.2 - 2021-05-05

Features

#49: On-demand debug logging. This feature is activated with X-User-Debug-Log header: if header is present in skill invoke request, logging level is lowered to DEBUG.

#51: Address lookup and device location endpoints of location service:

LocationService.device_location retrieves the device location (the info, a user has setup in companion app) with geo coordinates.

LocationService.address_lookup returns a list of addresses (with geo-coordinates) for a given query. A query consists of any of address fields (country, zip, street name, house number).

Bugfixes

Environment variable placeholders (in skill.conf) may now contain curly braces, so you can have formatted string literals as default values.

Source code(tar.gz)
Source code(zip)
0.14.2(May 5, 2021)
[v0.14.2] - 2021-05-05

Bugfixes

Environment variable placeholders can contain curly braces in default values. You can now place formatted string literals to default values.

Location service returns 404 (Not Found) if no location data is present for a device. This error code is now treated as normal, and None value is returned instead.

Source code(tar.gz)
Source code(zip)
0.14.1(May 4, 2021)
[v0.14.1] - 2021-05-04

Features

Device location endpoint added to location service. It is a preferable way for a skill to get device location information, such as address or zip-code.

Miscellaneous

Requirements bump:

apispec from 4.3.0 to 4.4.0

arrow from 1.0.2 to 1.1.0

gunicorn from 20.0.4 to 20.1.0

prometheus_client from 0.10.0 to 0.10.1

py-zipkin from 0.20.1 to 0.20.2

requests-mock from 1.8.0 to 1.9.2

Source code(tar.gz)
Source code(zip)
1.0.1(Apr 8, 2021)
1.0.1 - 2021-04-08

Bugfixes

#47: Scaffold project files added to both binary and source distribution.

Features

#45: New "response_hook" parameter when constructing requests.Client/AsyncClient. Allows plugging in observability metrics when calling partner services. For example, to count requests to partner service with response codes:

from skill_sdk.requests import AsyncClient from skill_sdk.middleware.prometheus import count_partner_calls async with AsyncClient( response_hook=count_partner_calls("partner-service") ) as client: response = await client.get("https://partner-service-api")

#43: Source code documentation has been reviewed.

#42: Asyncio event loops can be nested when calling utils.run_until_complete. Usable when mixing sync and async handlers.

Source code(tar.gz)
Source code(zip)
1.0(Mar 26, 2021)
Major changes

Explicit concurrency model:

Skill SDK for Python supports asynchronous coroutines (async def intent handlers):

@skill.intent_handler("HELLO_WORLD__INTENT") async def handler() -> Response: return await long_running_async_function()

Synchronous handlers are also supported and executed in ThreadPoolExecutor.

Breaking changes

No more text services.

This is a major step towards completely phasing out the text services. Only local translations (both gettext .po/.mo and YAML formats) are supported. The translations will not be reloaded from cloud service.

Global invocation context object is replaced with request context variable.

The variable is accessible to intent handlers and is a copy of currently running invoke request: InvokeSkillRequestDto.

Localization became internationalization.

skill_sdk.l10n is renamed to skill_sdk.i18n and python-babel is used as translation module.

Tracing and Prometheus middleware has become optional.

To make use of tracings/metrics, skill SDK must be installed with all extra: python -m pip install skill-sdk[all]. With this extra installed, tracing helpers are importable from skill_sdk.middleware.tracing, and Prometheus helpers - from skill_sdk.middleware.prometheus.

Responses are immutable:

You can create a response (or any related object like Card, Kit, Task, Command) in a constructor. After constructing the object, the only way to mutate it is by using the factory methods.

Minor and non-breaking changes

Skill configuration changes.

Skill configuration is available as attributes of skill_sdk.config.settings object. For backward compatibility, skill.conf file in ConfigParser format is still supported. Section names are joined with config keys and converted to upper-case, so that a value url in [service] section is available as settings.SERVICE_URL

from skill_sdk.config import settings settings.SKILL_NAME # skill name - corresponds to **name** attribute in **[skill]** section settings.VALUE_FOR_TESTING = "test" # config values are mutable

It is suggested migrating the skill config to BaseSetting format.

Test helpers have been moved to skill_sdk.util module.

Python requests are replaced with HTTPX client.

requests_mock doesn't work any more and is replaced with respx module.

requests.CircuitBreakerSession is deprecated.

There are now two similar adapters in skill_sdk.requests.

One is skill_sdk.requests.Client - an HTTPX synchronous client (requests.CircuitBreakerSession is simply an alias for this adapter).

The other is skill_sdk.requests.AsyncClient - an asynchronous client compatible with await/async with statements.

good_codes/bad_codes are replaced with exclude parameter. Good codes are the HTTP status codes between 200 and 399. To suppress an exception if HTTP 404 is returned as status code, use exclude:

from skill_sdk.requests import AsyncClient, codes with AsyncClient() as client: r = await client.request("GET", "my_url", exclude=(codes.NOT_FOUND,))

Source code(tar.gz)
Source code(zip)
0.14.0(Mar 22, 2021)
[v0.14.0] - 2021-03-22

Miscellaneous

Skill SPI has been bumped to version 1.4.1.

You can now attach client tasks to the response, for example, tell the client to execute another intent:

from skill_sdk.responses import ClientTask, Response response = Response("Weather forecast follows.").with_task( ClientTask.invoke("WEATHER__INTENT") )

Source code(tar.gz)
Source code(zip)
0.12.2(Mar 12, 2021)
[v0.12.2] - 2021-03-12

Bugfixes

Translation reload worker has been fixed.

Source code(tar.gz)
Source code(zip)
0.12.1(Mar 12, 2021)
X-Testing/Testing headers forwarding: these headers are used to distinguish test traffic. To propagate the headers, set internal flag when creating a circuit breaker for HTTP requests session:

from skill_sdk.requests import CircuitBreakerSession with CircuitBreakerSession(internal=True) as session: result = session.get("https://internal-service.local")

Source code(tar.gz)
Source code(zip)

The official Magenta Voice Skill SDK used to develop skills for the Magenta Voice Assistant using Voice Platform!

Related tags

Overview

Magenta Voice Skill SDK

About

Installation

Runtime

Runtime (full)

Development

Quickstart

Hello World

Code of Conduct

Working Language

Support and Feedback

How to Contribute

Contributors

Licensing

Comments

7.0.36

7.0.36

0.65.2

Security fixes

Internal

6.2.2

Bug fixes

7.0.39

7.0.38

7.0.37

7.0.36

7.0.39

7.0.38

7.0.37

7.0.36

v0.8.5

Releases(1.2.1)

1.2.1(Apr 7, 2022)

1.2.1 - 2022-04-07

Bugfixes

Features

1.2.0(Apr 5, 2022)

1.2.0 - 2022-04-05

Features

1.1.9(Mar 31, 2022)

1.1.9 - 2022-03-31

Bugfixes

1.1.8(Mar 17, 2022)

1.1.8 - 2022-03-17

Bugfixes

1.1.7(Mar 15, 2022)

1.1.7 - 2022-03-15

Bugfixes

1.1.6(Feb 9, 2022)

1.1.6 - 2022-02-09

Features

Bugfixes

0.16.2(Feb 8, 2022)

[v0.16.2] - 2022-02-08

Bugfixes

0.16.1(Feb 8, 2022)

[v0.16.1] - 2022-02-07

Features

0.16.0(Dec 7, 2021)

[v0.16.0] - 2021-12-07

Features

1.1.4(Sep 13, 2021)

1.1.4 - 2021-08-18

Features

Bugfixes

0.15.3(Aug 10, 2021)

[v0.15.3] - 2021-08-05

Bugfixes

1.1.3(Jul 26, 2021)

1.1.3 - 2021-07-26

Bugfixes

0.15.2(Jul 26, 2021)

[v0.15.2] - 2021-07-26

1.1.2(Jul 13, 2021)

1.1.2 - 2021-07-12

Features

Bugfixes