Commit Graph

1610 Commits

  • feat: salvage windows desktop e2e skill
    Reintroduce the Windows desktop E2E testing skill from stale PR #1334 with current manifest wiring, package publish coverage, catalog counts, and sanitized environment-path guidance.
  • docs: salvage zh-CN command translations
    Port the current-source-safe command documentation subset from stale PR #1687.\n\nEach copied command page maps to an English source file unchanged since the stale PR base; fastapi-review remains deferred because #1687 did not include a matching zh-CN translation.
  • docs: salvage zh-CN agent translations
    Port the safe agent-documentation subset from stale PR #1687 after verifying each English source file is unchanged since the PR base.
    
    Skip stale top-level operational docs and agent files whose English sources have changed.
  • docs: salvage homelab network readiness skill
    Rebuild the useful homelab VLAN, DNS, and VPN planning surface from stale PR #1413 as a safety-first readiness checklist instead of raw router/firewall commands.
    
    Sync the catalog count from 202 to 203 skills and include the skill in the devops-infra install module and npm publish surface.
  • feat: salvage mysql patterns skill (#1733)
    - add a maintainer-reviewed MySQL/MariaDB production patterns skill based on PR #1727
    
    - register the skill in database install module and npm publish allowlist
    
    - sync catalog counts to 53 agents, 200 skills, and 69 commands
  • docs: salvage focused stale PR contributions
    - add Vite and Redis pattern skills from closed stale PRs
    
    - add frontend-slides support assets
    
    - port skill-comply runner fixes and LLM prompt/provider regressions
    
    - harden agent frontmatter validation and sync catalog counts
  • docs: salvage focused skill curation updates (#1723)
    Port the safe, narrow pieces from contributor PR #1694 without taking the broad 11-skill rewrite.
    
    - add drift-prone warnings to external research/media/API skills
    
    - make search-first verify tool availability and use current agent naming
    
    - remove unsafe in-memory rate limiter example from backend patterns
    
    - tighten the CSP example in security-review
    
    Validation: node scripts/ci/validate-skills.js --strict; npx markdownlint targeted skill files; node tests/ci/validators.test.js && node tests/ci/catalog.test.js; npm run lint; node tests/run-all.js
  • docs: port Russian README translation (#1722)
    * docs: add Russian README translation
    
    * docs: update README language label
    
    * docs: sync Russian README catalog counts
    
    ---------
    
    Co-authored-by: Nikita <nkovalenko1@icloud.com>
  • fix: port continuous-learning observer fixes
    Ports continuous-learning observer signal, storage, remote normalization, and v1 deprecation fixes onto current main.
  • fix: harden CI validators
    Ports personal-path validator hardening and quoted checkout detection onto current main.
  • fix: port hook session and dashboard safety fixes
    Ports suggest-compact session_id isolation and dashboard terminal/document launch safety onto current main.
  • fix: sync skill frontmatter and catalog counts
    Adds missing skill frontmatter, normalizes strict YAML metadata, syncs README catalog counts, and extends catalog validation for README/plugin/marketplace count drift.
  • feat(skills): add flox-environments skill (#1317)
    * feat(skills): add flox-environments skill
    
    Add a skill for creating reproducible, cross-platform development
    environments with Flox. Covers manifest structure, package installation
    patterns, language-specific recipes (Python, Node, Rust, Go, C/C++),
    hooks/profile configuration, anti-patterns, environment sharing, and
    AI-assisted/vibe coding workflows.
    
    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    
    * fix(skills): address review feedback on flox-environments
    
    - Add initdb guard to full-stack example so PostgreSQL works on first run
    - Replace hardcoded /tmp path with mktemp in agent workflow snippet
    
    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    
    * fix(skills): use variable for mktemp path in agent workflow
    
    $_ resolves to the previous command's last argument (-c), not the
    mktemp path. Use an explicit variable instead.
    
    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    
    * Update skills/flox-environments/SKILL.md
    
    Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
  • feat: add ios-icon-gen skill (#1356)
    * feat: add ios-icon-gen skill for Xcode asset catalog icon generation
    
    Add a skill that generates PNG icon imagesets (1x, 2x, 3x) for Xcode
    asset catalogs from two sources:
    
    - Iconify API: 275k+ open source icons from 200+ collections
      (Material Design, Phosphor, Tabler, Lucide, etc.)
    - SF Symbols: 5k+ Apple-native symbols (macOS only)
    
    Includes search, preview, and generation scripts with customizable
    size, color, weight, and direct output to asset catalogs.
    
    * fix: address PR review feedback for ios-icon-gen skill
    
    Security:
    - Fix shell injection in iconify_gen.sh by passing query via sys.argv
      instead of interpolating into Python string literal
    
    Robustness:
    - Replace all try!/force-unwrap with do/try/catch and guard let in
      generate_icons.swift for graceful error handling
    - Add option value validation (require_value/requireOptionValue) in
      both scripts to prevent crashes on missing flag values
    - Add curl timeouts (--connect-timeout 10, --max-time 30) to all
      network calls
    - Add sips conversion failure warnings instead of silent suppression
    - Add error handling for curl in list_collections
    
    Documentation:
    - Rename SKILL.md sections to "When to Use", "How It Works", "Examples"
      to match repo conventions
    
    * fix: restore canonical SKILL.md headers and validate color/weight CLI inputs
    
    - Revert SKILL.md section headers back to "When to Activate" and
      "Core Principles" per CONTRIBUTING.md and SKILL-DEVELOPMENT-GUIDE.md
      (the prior rename to "When to Use"/"How It Works" was incorrect)
    - Validate --color as a 6-digit hex code at parse time instead of
      silently falling back to the default gray
    - Validate --weight against the known set of font weights instead of
      silently falling back to thin
    
    ---------
    
    Co-authored-by: Quang Tran <16215255+trmquang93@users.noreply.github.com>
  • feat: add tinystruct-patterns skill and bootstrapping guidance (#1336)
    * feat: add tinystruct-patterns skill and bootstrapping guidance
    
    * docs(skills): restructuralize tinystruct-patterns to standard skill format
    
    - Reorganize SKILL.md and all reference documents into "When to Use", "How It Works", and "Examples" sections to conform to project standards.
    - Refine data-handling.md example to return Builder objects directly, leveraging framework auto-serialization.
    - Simplify @Action examples in routing.md for better readability.
    - Clarify framework mechanics including CLI bootstrapping via ApplicationManager.init(), event-driven architecture, and regex-based routing.
    
    * Update skills/tinystruct-patterns/references/testing.md
    
    Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
    
    * Update skills/tinystruct-patterns/SKILL.md
    
    Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
    
    * Update skills/tinystruct-patterns/references/routing.md
    
    Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
    
    * Update skills/tinystruct-patterns/references/testing.md
    
    Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
    
    * Update skills/tinystruct-patterns/references/testing.md
    
    Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
    Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
  • fix(ci): flag SKILL.md frontmatter defects in validate-skills (#1669)
    * fix(ci): flag SKILL.md frontmatter defects in validate-skills
    
    Issue #1663 reported two SKILL.md frontmatter defects (missing `name:`
    on skill-stocktake; literal block-scalar `description: |-` on
    openclaw-persona-forge) that PR #1664 addresses at the data level.
    
    This change is complementary: it extends `scripts/ci/validate-skills.js`
    to catch the same class of defect statically going forward, so the
    frontmatter-vs-renderer problems do not silently reappear as new skills
    land.
    
    ## Checks added
    - Frontmatter must declare a `name:` field.
    - Frontmatter `description:` must not use a literal block scalar
      (`|` / `|-` / `|+`) — these preserve internal newlines and break
      flat-table renderers keyed off `description`. Folded (`>`) and inline
      strings are accepted.
    
    ## Behavior
    - Frontmatter findings default to WARN (exit 0) so this PR does not
      break CI while the two known offenders are still on main. Pass
      `--strict` or set `CI_STRICT_SKILLS=1` to promote them to ERROR
      (exit 1). Structural findings (missing / empty SKILL.md) remain
      errors as before.
    - Today against main, the validator reports exactly two warnings —
      the same two files called out in #1663 — and exits 0. When #1664
      lands, the validator reports zero warnings, at which point strict
      mode can be enabled in CI.
    
    ## Parser notes
    - Bespoke frontmatter parser mirrors the style of `validate-agents.js`
      (tolerant of UTF-8 BOM and CRLF; no new npm dependency).
    - Block-scalar continuation lines are skipped so keys inside a block
      scalar are not mistaken for top-level keys.
    - Hidden directories (`.something/`) under skills/ are now skipped.
    
    ## Tests
    Adds five focused tests to `tests/ci/validators.test.js`:
    - warns when frontmatter is missing `name` (default mode)
    - errors when frontmatter is missing `name` (--strict mode)
    - warns on literal block-scalar description (|-)
    - accepts folded (>) and inline descriptions under --strict
    - skips hidden directories under skills/
    
    ## Docs
    Adds two bullets to the `Skill Checklist` in CONTRIBUTING.md covering
    the two rules now surfaced by the validator.
    
    Refs #1663. Complements (does not compete with) #1664.
    
    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
    
    * fix(ci): harden SKILL.md frontmatter checks after bot review
    
    Address findings from CodeRabbit, Greptile, and cubic on #1669:
    
    - Guard empty or whitespace-only `name:` values. Previously
      `name:    ` silently passed because the presence check only
      tested key-set membership; now inspectFrontmatter captures
      trimmed values and validate flags an explicit 'name is empty'
      WARN/ERROR.
    - Broaden block-scalar detection to cover YAML 1.2 indent
      indicators (`|2`, `|-2`, `>2-`) and trailing comments
      (`|-  # note`). The old regex required a bare `|`/`>` with
      optional `+`/`-`, which let valid-but-disallowed forms slip
      through.
    - Update CONTRIBUTING.md checklist to list `|+` alongside `|`
      and `|-` for parity with the validator.
    - Extend runSkillsValidator to accept env overrides and add four
      regression tests: empty name, |+ description, |-2 + comment, and
      CI_STRICT_SKILLS=1.
    
    * fix(ci): address round-2 review on validate-skills frontmatter
    
    - Tighten extractFrontmatter closing delimiter to require a newline or
      end-of-file after the closing `---`, so body lines beginning with
      `---text` are not parsed as frontmatter (CodeRabbit).
    - Strip both trailing and comment-only values in inspectFrontmatter, so
      `name: # todo` is surfaced as empty rather than silently passing
      (cubic P2).
    - Extract validateSkillDir helper so the per-directory validation
      block moves out of validateSkills, keeping both functions under the
      50-line guideline (CodeRabbit nit).
    - Hoist runSkillsValidator to module scope in the test harness and
      share the spawnSync import with execFileSync so the helper stops
      re-requiring child_process on every invocation (CodeRabbit nit).
    - Add regression tests: comment-only `name:` values must fail strict
      mode; `---trailing` body lines must not be parsed as frontmatter.
    
    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
    
    * Update tests/ci/validators.test.js
    
    Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
    Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>