Sema4AI
Build/Packaging Bug: Private design-system packages block open-source builds
What is wrong
π Build/Packaging Bug: Private design-system packages block open-source builds
What happens?
Running npm ci && npm run build in action_server/frontend fails with 401 Unauthorized β GET https://npm.pkg.github.com/@robocorp/theme.
The repo depends on:
- @robocorp/theme
- @robocorp/icons
- @sema4ai/ds-internal
All three are private GitHub-Package artifacts, so the build cannot complete outside the Sema4AI org.
Expected behaviour
An open-source clone should build without internal credentials.
Steps to reproduce
- Fresh clone of this repo
cd action_server/frontendnpm ciβ> 401 error
Suggested fix (either works)
- Vendor the compiled assets (commit the built
dist/*so the frontend never hits the private scope), or - Publish the three packages to a public registry (npmjs.com or GitHub Packages with public visibility).
Environment
- Node LTS 20.x
- npm 10.x
- Ubuntu 22.04
This blocks downstream contributors from testing PRs or packaging the server in self-hosted environments.
β Thanks for considering!
System info
Node LTS 20.x
- npm 10.x
- Ubuntu 22.04
Example script
No response
@fabioz Would you be able to let me know if these changes could be coming in the future. This limits collaboration and open source contributions.
I agree, it should be possible to build the Action Server out of Sema4.ai.
I'm checking internally on how to proceed in that front....
@fabioz thank you so much I have some features I want to put in a PR for. A roadmap of some type would be helpful too. Maybe I missed?
Just to give some feedback, this is being worked internally (the main issue being that we have some paid components that cannot be distributed as is directly, so, some unbundling/reorganizing is needed before we can distribute it).
Regarding the roadmap, we don't really have it public (it depends a lot on what our clients require).
Right now what we're working on is being able to support the MCP protocol using the Action Server (we already support @action and @query as tools in MCP, but we're creating a sema4ai.mcp library to make it feel "native" based on the MCP protocol terms).
Would be great to have an ETA on the decoupling efforts. You can't really quote this product as being open source if no one but your team can contribute to it. I mean it's all over the Internet as being open source.
Unfortunately not currently (the team which would need to fix this is swamped with other things, so, I can't really provide an ETA right now).
Thanks for the follow-up, @fabioz .
I understand the teamβs plate is full, but from the outside the project is effectively read-only until those private design-system packages are decoupled. Could you share:
-
A checklist (or even a rough sketch) of what needs to be unbundled so community members can pitch in, and
-
Any interim workaround that would let external contributors at least run npm ci without corporate credentials?
@fabioz (and team) β quick follow-up on #220.
Blocking issue: external contributors still canβt run npm ci because the build pulls
@robocorp/theme, @robocorp/icons, and @sema4ai/ds-internal from a private scope.
Could you share one of the following so we can help?
| Option | What weβd need | Why it helps |
|---|---|---|
| A. Pre-built assets | Publish the compiled /dist of each package (or include them in this repo) |
Lets anyone build + test without credentials |
| B. Public stubs | Empty NPM packages with the same names + peer-deps | Unblocks CI while real decoupling happens |
| C. Un-bundling checklist | Even a rough TODO of what needs extraction | Allows community to open granular PRs |
Happy to tackle any item once we can compile locally.
Thanks for keeping us in the loop! π
Regards,
Josh
Any updates? Would love to contribute soon, but as noted above in detail, that is impossible, on this Open Source Project?
