Add @latest suffix to '@upstash/context7-mcp' in ECC_SERVERS so the
generated merge spec matches .codex/config.toml exactly, preventing
configDiffers from flagging false drift on --update-mcp runs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
The cd "$PROJECT_DIR" failure path returned without removing prompt_file
and analysis_file, leaving stale temp files in .observer-tmp/.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
The rg pattern anchored at line start (^persistent_instructions) would
miss indented TOML entries. Use ^\s* prefix to match both top-level and
indented configurations.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
On Windows (native cmd/PowerShell), process.env.HOME is undefined.
Seven CLI entry points and two library files pass process.env.HOME
directly as homeDir without a cross-platform fallback, causing all
path resolutions to silently fail (resolving to "undefined/.claude/...").
Node.js os.homedir() correctly handles all platforms (HOME on Unix,
USERPROFILE on Windows, OS-level fallback). The project already uses
this pattern in scripts/lib/state-store/index.js and has a getHomeDir()
utility in scripts/lib/utils.js, but it was not applied consistently.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
Yarn Berry removed the --ignore-engines flag; engine checking is no
longer a core feature. The deprecated flag causes yarn install to exit
with error code 1.
All 18 pnpm/yarn CI jobs fail on main because:
1. pnpm v9+ refuses to install when package.json declares
"packageManager": "yarn@4.9.2" — fixed by setting
COREPACK_ENABLE_STRICT=0 and --no-frozen-lockfile
2. CI runners only have Yarn Classic (v1.x) but the project
uses Yarn Berry (v4.x) — fixed by activating Corepack
before the cache/install steps
The global sanity check (check-codex-global-state.sh) hard-fails when
persistent_instructions is missing from ~/.codex/config.toml, but neither
the baseline .codex/config.toml nor the sync script ever define this field.
This causes a clean install to report a failing sanity check even though the
sync otherwise succeeds (#967).
- Add persistent_instructions to the baseline .codex/config.toml so that
users who cp the config get a working default.
- Downgrade the sanity check from fail to warn, since persistent_instructions
is additive and optional — users who rely solely on AGENTS.md should not be
blocked.
Fixes#967 (persistent_instructions part; context7 naming addressed by #970)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
Address reviewer feedback: under set +e, a failing cd would silently
leave CWD unchanged, causing the relative analysis path to break.
Add || return with a diagnostic log entry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
Reviewers identified that merge-mcp-config.js --update-mcp would
silently strip the startup_timeout_sec from config.toml because the
ECC_SERVERS spec did not include it. Add startup_timeout_sec = 30 to
playwright, context7-mcp, github, memory, and sequential-thinking.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
Reviewers correctly identified that the relative analysis_relpath
(.observer-tmp/<file>) only resolves when CWD equals PROJECT_DIR.
Without an explicit cd, non-Windows users launching the observer from
a different directory would fail to read the analysis file.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
Address remaining issues from #842 after PR #903 moved temp files to
PROJECT_DIR/.observer-tmp:
Bug A (path resolution): Use relative paths (.observer-tmp/filename)
in the prompt instead of absolute paths from mktemp. On Windows
Git Bash/MSYS2, absolute paths use MSYS-style prefixes (/c/Users/...)
that the spawned Claude subprocess may fail to resolve.
Bug B (asks for permission): Add explicit IMPORTANT instruction block
at the prompt start telling the Haiku agent it is in non-interactive
--print mode and must use the Write tool directly without asking for
confirmation.
Additional improvements:
- Pass prompt via -p flag instead of stdin redirect for Windows compat
- Add .observer-tmp/ to .gitignore to prevent accidental commits
Fixes#842
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
On first startup, npx-based MCP servers need to download packages before
they can respond. The default timeout is too short for this, causing
frequent "timed out after 10 seconds" errors reported in #544.
Add startup_timeout_sec = 30 to all five command-based MCP servers
(github, context7, memory, playwright, sequential-thinking). The URL-based
exa server is unaffected and left unchanged.
30 seconds was chosen over the 20s precedent in merge-mcp-config.js to
give extra headroom for slow networks on first run.
Fixes#544
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
- Fix read-after-write in session-start.mjs: read prevSession BEFORE
overwriting current-session.json so unsaved-session detection fires
- Fix shell injection in resume.mjs: replace execSync shell string with
fs.existsSync for directory existence check
- Fix shell injection in shared.mjs gitSummary: replace nested \$(git ...)
subshell with a separate runGit() call to get rev count
- Fix displayName never shown: render functions now use ctx.displayName
?? ctx.name so user-supplied names show instead of the slug
- Fix renderListTable: uses context.displayName ?? entry.name
- Fix init.mjs: use path.basename() instead of cwd.split('/').pop()
- Fix save.mjs confirmation: show original name, not contextDir slug
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds the ck (Context Keeper) skill — deterministic Node.js scripts
that give Claude Code persistent, per-project memory across sessions.
Architecture:
- commands/ — 8 Node.js scripts handle all command logic (init, save,
resume, info, list, forget, migrate, shared). Claude calls scripts
and displays output — no LLM interpretation of command logic.
- hooks/session-start.mjs — injects ~100 token compact summary on
session start (not kilobytes). Detects unsaved sessions, git
activity since last save, goal mismatch vs CLAUDE.md.
- context.json as source of truth — CONTEXT.md is generated from it.
Full session history, session IDs, git activity per save.
Commands: /ck:init /ck:save /ck:resume /ck:info /ck:list /ck:forget /ck:migrate
Source: https://github.com/sreedhargs89/context-keeper
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Greptile fixes:
- Removed non-standard YAML frontmatter fields (observe, feedback, rollback) from all 4 skills — only name, description, origin, version per CONTRIBUTING.md
- Added null guard to checkInteractions implementation (was missing despite test)
- CI: replaced 2>/dev/null with 2>&1 (was silencing safety-critical errors)
- CI: quoted $RESULT variable (was breaking jq on JSON with spaces)
- CI: added division-by-zero guard when test suite is empty
- CI: added note that Jest is reference implementation, thresholds are framework-agnostic
CodeRabbit fixes (6 comments):
- All 4 skills: renamed 'When to Activate' → 'When to Use', added 'How It Works' and 'Examples' sections
- CDSS: DoseValidationResult.suggestedRange now typed as '| null'
- PHI: hyphenated 'Non-patient-sensitive'
Cubic fixes (7 issues):
- P1: CDSS weight-based check now BLOCKS when weight missing (was false-negative pass)
- P1: EMR medication safety clarified — critical = hard block, override requires documented reason
- P1: PHI logging guidance clarified — use opaque UUIDs only, not medical record numbers
- P2: CDSS validateDose now uses age and renal function params (ageAdjusted, renalAdjusted rules)
- P2: Eval CI example now enforces 95% threshold with jq + bc calculation
- P2: Eval CI example now includes --coverage --coverageThreshold on CDSS suite
- P2: CDSS suggestedRange null type fixed (same as CodeRabbit)
ajv was in devDependencies but required at runtime by scripts/lib/install/config.js,
causing 'Cannot find module ajv' when running ./install.sh. Also adds .yarnrc.yml
with nodeLinker: node-modules so plain `node` can resolve packages without PnP.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add missing code-review.md and development-workflow.md to zh/README.md directory listing
- Add mkdir -p command before copy in manual install instructions
- Fix TypeScript test command path in SKILL-DEVELOPMENT-GUIDE.md
- Add Anti-Patterns section to SKILL.md template
- Add Template category to Skill Categories table in CONTRIBUTING.md
- Add Pre-Review Requirements section to code-review.md (both en and zh)
- Add Pre-Review Checks step to development-workflow.md (both en and zh)
- Add trailing newlines to all files that were missing them
- Add docs/SKILL-DEVELOPMENT-GUIDE.md with detailed guidance on creating skills
- Update CONTRIBUTING.md with enhanced skills section linking to the new guide
- Covers skill architecture, categories, best practices, testing, and examples
The new guide provides:
- What skills are and when they activate
- Skill file structure and format
- Step-by-step skill creation tutorial
- Writing effective skill content
- Common patterns and anti-patterns
- Testing and validation checklist
- Complete examples gallery
- Add rules/zh/ directory with complete Chinese translations
- Translate all 10 common rule files:
- coding-style.md
- security.md
- testing.md
- git-workflow.md
- performance.md
- patterns.md
- hooks.md
- agents.md
- development-workflow.md
- code-review.md
- Add README.md for the zh directory explaining structure and installation
- Maintain consistent formatting with original English versions
- Keep technical terms and code examples in English where appropriate
- Add comprehensive code review standards for all languages
- Define when to review (after code changes, before commits)
- Include security review triggers and severity levels
- Reference relevant agents (code-reviewer, security-reviewer, etc.)
- Add review checklist covering security, quality, and performance
- Define approval criteria (Approve/Warning/Block)
This rule complements the existing code-reviewer agent by providing
clear guidelines on when and how to conduct code reviews.
- Add laraplugins MCP server to mcp-configs/mcp-servers.json
- Create laravel-plugin-discovery skill for Laravel package discovery
- Supports searching by keyword, health score, Laravel/PHP version
- No API key required - free for Laravel community
