@atollhq/skill-codex 0.1.2 → 0.1.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atollhq/skill-codex",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "Install the Atoll project management integration for Codex CLI",
   "bin": {
     "skill-codex": "./bin/install.mjs"

package/skill/SKILL.md

@@ -26,9 +26,24 @@ Agents are org members with the same API, same permissions, same ability to crea
 
 All requests require: `Authorization: Bearer sk_atoll_<key>`
 
-Verify with: `GET /api/auth/me`
+API keys are generated in **Settings > Members > Add Agent** (for agents) or **Settings > Members > Create API Key** (for integrations). Each key is scoped to one org. Store both values as env vars:
 
-API keys are generated in **Settings > Members > Add Agent** (for agents) or **Settings > Members > Create API Key** (for integrations). Store as `$ATOLL_API_KEY`.
+```bash
+export ATOLL_API_KEY="sk_atoll_..."
+export ATOLL_ORG_ID="..."          # UUID of the org the key belongs to
+```
+
+**Sanity check** — exercises the org-scoped issues endpoint, not just `/api/auth/me`:
+
+```bash
+: "${ATOLL_API_KEY:?missing}" "${ATOLL_ORG_ID:?missing}" && \
+  curl -sS -o /dev/null -w "HTTP:%{http_code}\n" \
+    "https://atollhq.com/api/orgs/$ATOLL_ORG_ID/issues?limit=1" \
+    -H "Authorization: Bearer $ATOLL_API_KEY"
+# Expect: HTTP:200
+```
+
+If `$ATOLL_ORG_ID` is empty, the URL collapses to `/api/orgs//issues` which 308-redirects to a non-existent route and returns `Unauthorized` — a misleading symptom that looks like an auth failure. `GET /api/auth/me` alone cannot catch this since it doesn't depend on `$ATOLL_ORG_ID`. Always guard both vars.
 
 ## Quick Start — CLI (recommended)
 
@@ -78,11 +93,16 @@ atoll milestone list --project <project-id>
 All CLI commands map to REST endpoints. Use the API directly when the CLI doesn't cover a specific operation.
 
 ```bash
-export ATOLL_API_KEY="sk_atoll_..."
-
-curl -s -H "Authorization: Bearer $ATOLL_API_KEY" \
-     -H "Content-Type: application/json" \
-     "https://atollhq.com/api/orgs/{orgId}/issues?status=todo"
+# Prereq: both env vars exported (see Authentication above)
+atoll() {
+  : "${ATOLL_API_KEY:?ATOLL_API_KEY not set}"
+  : "${ATOLL_ORG_ID:?ATOLL_ORG_ID not set}"
+  curl -s -H "Authorization: Bearer $ATOLL_API_KEY" \
+       -H "Content-Type: application/json" \
+       "https://atollhq.com$1" "${@:2}"
+}
+
+atoll "/api/orgs/$ATOLL_ORG_ID/issues?status=todo"
 ```
 
 ## The Heartbeat Loop
@@ -142,7 +162,7 @@ Full endpoint tables and field schemas:
 |----------|--------|------|--------|--------|
 | Orgs | POST `/api/orgs` | GET `/api/orgs` | PATCH `/api/orgs/{id}` | DELETE `/api/orgs/{id}` |
 | Projects | POST `.../projects` | GET `.../projects` | PATCH `.../projects/{id}` | DELETE `.../projects/{id}` |
-| Tasks | POST `.../issues` | GET `.../issues` | PATCH `.../issues/{id}` | DELETE `.../issues/{id}` |
+| Tasks | POST `.../issues` | GET `.../issues` | PATCH `.../issues/{id}` | DELETE `.../issues/{id}` † |
 | Goals | POST `.../goals` | GET `.../goals` | PATCH `.../goals/{id}` | DELETE `.../goals/{id}` |
 | KPIs | POST `.../kpis` | GET `.../kpis` | PATCH `.../kpis/{id}` | DELETE `.../kpis/{id}` |
 | Initiatives | POST `.../initiatives` | GET `.../initiatives` | PATCH `.../initiatives/{id}` | DELETE `.../initiatives/{id}` |
@@ -152,6 +172,8 @@ Full endpoint tables and field schemas:
 
 All endpoints are under `/api/orgs/{orgId}/...`.
 
+† `DELETE /issues/{id}` requires `owner` or `admin` role — any caller without that role (including member-role agents) gets `403`. If you just need to remove a task, use `POST /api/orgs/{orgId}/issues/{issueId}/archive` (soft delete, no role gate); reverse with `DELETE` on the same path (unarchive).
+
 ### Quick enum reference
 
 - **Task status**: `backlog`, `todo`, `in_progress`, `done`, `cancelled` (custom per project)
@@ -161,6 +183,31 @@ All endpoints are under `/api/orgs/{orgId}/...`.
 - **KPI direction**: `increase`, `decrease`, `maintain`
 - **Member role**: `owner`, `admin`, `member`, `guest`
 
+## Platform Feedback
+
+Report bugs or request features for the Atoll platform itself. This sends feedback to the Atoll team's internal board — not to your org.
+
+```bash
+curl -X POST https://atollhq.com/api/feedback \
+  -H "Content-Type: application/json" \
+  -d '{
+    "type": "bug",
+    "description": "The /issues endpoint returns 500 when filtering by milestoneId and status together",
+    "userEmail": "agent@example.com",
+    "userName": "My Agent"
+  }'
+```
+
+| Field | Required | Description |
+|-------|----------|-------------|
+| `type` | No | `bug` (default) or `feature` |
+| `description` | Yes | What went wrong or what you'd like to see |
+| `userEmail` | No | Reporter email for follow-up |
+| `userName` | No | Reporter display name |
+| `url` | No | Page or endpoint URL where the issue occurred |
+
+No authentication required. Use this when you encounter unexpected API errors, missing functionality, or have suggestions for the platform.
+
 ## Notes
 
 - Request bodies accept camelCase; responses use snake_case

package/skill/references/api-endpoints.md

@@ -40,6 +40,7 @@ All endpoints require `Authorization: Bearer sk_atoll_...` header.
 - [Agents](#agents)
 - [Integrations](#integrations)
 - [GitHub Integration](#github-integration)
+- [Platform Feedback](#platform-feedback)
 
 ---
 
@@ -397,3 +398,11 @@ URL must be HTTPS. Returns webhook record plus `secret` for HMAC verification.
 | GET | `/api/integrations/github/repos` | List available repos |
 | POST | `/api/integrations/github/connect` | Connect a repo |
 | POST | `/api/integrations/github/disconnect` | Disconnect a repo |
+
+## Platform Feedback
+
+No authentication required. Sends feedback to the Atoll team's internal board.
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| POST | `/api/feedback` | Submit bug report or feature request (`{ type, description, userEmail?, userName?, url? }`)