Codex CLI requires YAML frontmatter (---) in SKILL.md files.
6 skills were missing frontmatter entirely; laravel-verification had
a bare colon in its description causing an invalid YAML parse error.
- Remove prompt_file immediately after shell expansion into -p arg,
avoiding stale temp files during long analysis windows (greptile feedback)
- Update test assertion to check analysis_relpath instead of analysis_file,
matching the cross-platform relative path change from earlier commits
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
The cd "$PROJECT_DIR" failure path returned without removing prompt_file
and analysis_file, leaving stale temp files in .observer-tmp/.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
Address reviewer feedback: under set +e, a failing cd would silently
leave CWD unchanged, causing the relative analysis path to break.
Add || return with a diagnostic log entry.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
Reviewers correctly identified that the relative analysis_relpath
(.observer-tmp/<file>) only resolves when CWD equals PROJECT_DIR.
Without an explicit cd, non-Windows users launching the observer from
a different directory would fail to read the analysis file.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
Address remaining issues from #842 after PR #903 moved temp files to
PROJECT_DIR/.observer-tmp:
Bug A (path resolution): Use relative paths (.observer-tmp/filename)
in the prompt instead of absolute paths from mktemp. On Windows
Git Bash/MSYS2, absolute paths use MSYS-style prefixes (/c/Users/...)
that the spawned Claude subprocess may fail to resolve.
Bug B (asks for permission): Add explicit IMPORTANT instruction block
at the prompt start telling the Haiku agent it is in non-interactive
--print mode and must use the Write tool directly without asking for
confirmation.
Additional improvements:
- Pass prompt via -p flag instead of stdin redirect for Windows compat
- Add .observer-tmp/ to .gitignore to prevent accidental commits
Fixes#842
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Lidang-Jiang <lidangjiang@gmail.com>
- Fix read-after-write in session-start.mjs: read prevSession BEFORE
overwriting current-session.json so unsaved-session detection fires
- Fix shell injection in resume.mjs: replace execSync shell string with
fs.existsSync for directory existence check
- Fix shell injection in shared.mjs gitSummary: replace nested \$(git ...)
subshell with a separate runGit() call to get rev count
- Fix displayName never shown: render functions now use ctx.displayName
?? ctx.name so user-supplied names show instead of the slug
- Fix renderListTable: uses context.displayName ?? entry.name
- Fix init.mjs: use path.basename() instead of cwd.split('/').pop()
- Fix save.mjs confirmation: show original name, not contextDir slug
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds the ck (Context Keeper) skill — deterministic Node.js scripts
that give Claude Code persistent, per-project memory across sessions.
Architecture:
- commands/ — 8 Node.js scripts handle all command logic (init, save,
resume, info, list, forget, migrate, shared). Claude calls scripts
and displays output — no LLM interpretation of command logic.
- hooks/session-start.mjs — injects ~100 token compact summary on
session start (not kilobytes). Detects unsaved sessions, git
activity since last save, goal mismatch vs CLAUDE.md.
- context.json as source of truth — CONTEXT.md is generated from it.
Full session history, session IDs, git activity per save.
Commands: /ck:init /ck:save /ck:resume /ck:info /ck:list /ck:forget /ck:migrate
Source: https://github.com/sreedhargs89/context-keeper
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Greptile fixes:
- Removed non-standard YAML frontmatter fields (observe, feedback, rollback) from all 4 skills — only name, description, origin, version per CONTRIBUTING.md
- Added null guard to checkInteractions implementation (was missing despite test)
- CI: replaced 2>/dev/null with 2>&1 (was silencing safety-critical errors)
- CI: quoted $RESULT variable (was breaking jq on JSON with spaces)
- CI: added division-by-zero guard when test suite is empty
- CI: added note that Jest is reference implementation, thresholds are framework-agnostic
CodeRabbit fixes (6 comments):
- All 4 skills: renamed 'When to Activate' → 'When to Use', added 'How It Works' and 'Examples' sections
- CDSS: DoseValidationResult.suggestedRange now typed as '| null'
- PHI: hyphenated 'Non-patient-sensitive'
Cubic fixes (7 issues):
- P1: CDSS weight-based check now BLOCKS when weight missing (was false-negative pass)
- P1: EMR medication safety clarified — critical = hard block, override requires documented reason
- P1: PHI logging guidance clarified — use opaque UUIDs only, not medical record numbers
- P2: CDSS validateDose now uses age and renal function params (ageAdjusted, renalAdjusted rules)
- P2: Eval CI example now enforces 95% threshold with jq + bc calculation
- P2: Eval CI example now includes --coverage --coverageThreshold on CDSS suite
- P2: CDSS suggestedRange null type fixed (same as CodeRabbit)
- Add laraplugins MCP server to mcp-configs/mcp-servers.json
- Create laravel-plugin-discovery skill for Laravel package discovery
- Supports searching by keyword, health score, Laravel/PHP version
- No API key required - free for Laravel community
Add comprehensive Git workflow skill covering:
- Branching strategies (GitHub Flow, Trunk-Based, GitFlow)
- Conventional commits format and best practices
- Merge vs rebase with clear guidance
- Pull request workflow and templates
- Conflict resolution strategies
- Branch management and naming conventions
- Release management with semantic versioning
- Git configuration and useful aliases
- Common workflows and anti-patterns
This skill helps developers and teams establish consistent
Git practices for collaborative development.
Security model:
- Remove set_policy from agent-callable tools table; document as
orchestrator-only to prevent self-privilege escalation
- Pin agentwallet-sdk@6.0.0 in MCP config with pre-install guidance
(npx without -y hangs in non-interactive MCP startup)
- Whitelist only required env vars (PATH, NODE_ENV, WALLET_PRIVATE_KEY)
instead of forwarding entire process.env to subprocess
Code example (complete rewrite):
- Add StdioClientTransport import and client.connect() for runnable code
- Wrap in async main() for CJS/ESM compatibility (top-level await)
- Verify set_policy result via isError before delegating
- Five distinct fail-closed error paths in preToolCheck:
1. Invalid apiCost input (NaN/Infinity bypass prevention)
2. Transport/connectivity failure
3. Tool-level error (isError: true, e.g., auth failure)
4. Unexpected response format (missing/non-finite remaining)
5. Budget exceeded (clear amounts in message)
- Use Number.isFinite() for both apiCost and remaining validation
Documentation:
- Rename headings per CONTRIBUTING.md format
- Replace broken mcp-server-patterns cross-ref with security-review
- Add 'Pin your dependencies' to Best Practices
- Add security note about supply-chain risk
* feat(skills): add santa-method
Multi-agent adversarial verification with convergence loop. Two independent review agents evaluate output against a shared rubric. Both must pass before shipping. Includes architecture diagram, implementation patterns (subagent, inline, batch sampling), domain-specific rubric extensions, failure mode mitigations, and integration guidance with existing ECC skills.
* Enhance SKILL.md with detailed Santa Method documentation
Expanded the SKILL.md documentation for the Santa Method, detailing architecture, phases, implementation patterns, failure modes, integration with other skills, metrics, and cost analysis.
* feat: add pending instinct TTL pruning and /prune command
Pending instincts generated by the observer accumulate indefinitely
with no cleanup mechanism. This adds lifecycle management:
- `instinct-cli.py prune` — delete pending instincts older than 30 days
(configurable via --max-age). Supports --dry-run and --quiet flags.
- Enhanced `status` command — shows pending count, warns at 5+,
highlights instincts expiring within 7 days.
- `observer-loop.sh` — runs prune before each analysis cycle.
- `/prune` slash command — user-facing command for manual pruning.
Design rationale: council consensus (4/4) rejected auto-promote in
favor of TTL-based garbage collection. Frequency of observation does
not establish correctness. Unreviewed pending instincts auto-delete
after 30 days; if the pattern is real, the observer will regenerate it.
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
* fix: remove duplicate functions, broaden extension filter, fix prune output
- Remove duplicate _collect_pending_dirs and _parse_created_date defs
- Use ALLOWED_INSTINCT_EXTENSIONS (.md/.yaml/.yml) instead of .md-only
- Track actually-deleted items separately from expired for accurate output
- Update README.md and AGENTS.md command counts: 59 → 60
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
* fix: address Copilot and CodeRabbit review findings
- Use is_dir() instead of exists() for pending path checks
- Change > to >= for --max-age boundary (--max-age 0 now prunes all)
- Use CLV2_PYTHON_CMD env var in observer-loop.sh prune call
- Remove unused source_dupes variable
- Remove extraneous f-string prefix on static string
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)
Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
* fix: update AGENTS.md project structure command count 59 → 60
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: address cubic and coderabbit review findings
- Fix status early return skipping pending instinct warnings (cubic #1)
- Exclude already-expired items from expiring-soon filter (cubic #2)
- Warn on unparseable pending instinct age instead of silent skip (cubic #4)
- Log prune failures to observer.log instead of silencing (cubic #5)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: YAML single-quote unescaping, f-string cleanup, add /prune to README
- Fix single-quoted YAML unescaping: use '' doubling (YAML spec) not
backslash escaping which only applies to double-quoted strings (greptile P1)
- Remove extraneous f-string prefix on static string (coderabbit)
- Add /prune to README command catalog and file tree (cubic)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Happy <yesreply@happy.engineering>
New debugging skill that traces every button/touchpoint through its full
state change sequence. Catches bugs where functions individually work but
cancel each other out via shared state side effects.
Covers 6 bug patterns:
1. Sequential Undo — call B resets what call A just set
2. Async Race — double-click bypasses state-based loading guards
3. Stale Closure — useCallback captures old value
4. Missing State Transition — handler doesn't do what label says
5. Conditional Dead Path — condition always false, action unreachable
6. useEffect Interference — effect undoes button action
Battle-tested: found 48 bugs in a production React+Zustand app that
systematic debugging (54 bugs found separately) completely missed.
* feat(skills): add Kysely migration patterns to database-migrations
Add Kysely section covering kysely-ctl CLI workflow, migration file
structure (up/down with Kysely<any>), and programmatic Migrator setup
with FileMigrationProvider and allowUnorderedMigrations option.
* fix(skills): address PR review feedback for Kysely migration patterns
- Replace redundant email index with avatar_url index (unique already creates index)
- Add ESM-compatible __dirname using import.meta.url
- Comment out allowUnorderedMigrations with production safety warning
- Add clarifying comment for db variable
* fix(skills): fix migration filename mismatch and clarify ESM-only pattern
- Rename migration file to create_user_profile to match actual content
- Restructure ESM import pattern to be clearly ESM-only with CJS note
Library-agnostic Flutter/Dart code reviewer that adapts to the project's
chosen state management solution (BLoC, Riverpod, Provider, GetX, MobX,
Signals) and architecture pattern (Clean Architecture, MVVM, feature-first).
Co-authored-by: Maciej Starosielec <maciej@code-snap.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Replace node -e with temp file execution in validator tests to avoid
Windows shebang parsing failures (node -e cannot handle scripts that
originally contained #!/usr/bin/env node shebangs)
- Remove duplicate blank line in skills/rust-patterns/SKILL.md (MD012)
