@clipboard-health/ai-rules 2.15.3 → 2.15.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clipboard-health/ai-rules",
-  "version": "2.15.3",
+  "version": "2.15.5",
   "description": "Pre-built AI agent rules for consistent coding standards.",
   "keywords": [
     "ai",

package/scripts/toErrorMessage.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.toErrorMessage = toErrorMessage;
+// Prefer stack over message for Error instances to preserve debugging context.
 function toErrorMessage(error) {
     return error instanceof Error ? (error.stack ?? error.message) : String(error);
 }

package/skills/flaky-test-debugger/SKILL.md

@@ -178,7 +178,7 @@ step(click "Submit") → network(POST /api/orders, 201) → step(waitForURL /con
 For each timeline entry:
 
 - **`kind: "step"`** — test action with `title`, `category`, `durationMs`, `depth`, optional `error`
-- **`kind: "network"`** — HTTP request with `method`, `url`, `status`, optional `durationMs`, `resourceType`, `traceId`, `failureText`, `wasAborted`
+- **`kind: "network"`** — slimmed HTTP entry with `method`, `url`, `status`, and `networkId`. Resolve `networkId` against `attempts[].network.instances[]` for per-request detail (`durationMs`, `timings`, `traceId`/`spanId`/`requestId`/`correlationId`, `requestBodyRef`/`responseBodyRef`, redirect links), and against `attempts[].network.groups[instance.groupId]` for shared shape (`resourceType`, `failureText`, `wasAborted`, occurrence counts)
 - **`kind: "console"`** — browser message with `type` (warning/error/pageerror/page-closed/page-crashed) and `text`
 
 All entries share `offsetMs` (milliseconds since attempt start), giving a single temporal view.
@@ -216,11 +216,11 @@ For each attempt, compare `status`, `durationMs`, and `error` across retries —
 
 ### 4Ee: Inspect network activity and extract trace IDs
 
-Scan `network[]` for 4xx/5xx responses, `failureText`, and `wasAborted` near the failure's `offsetMs`. Use `timings` to isolate slow phases (DNS, connect, wait, receive).
+Scan `attempts[].network.instances[]` for 4xx/5xx responses near the failure's `offsetMs` and use per-instance `timings` to isolate slow phases (DNS, connect, wait, receive). Join each instance to its group via `attempts[].network.groups[instance.groupId]` for shape-level signal (`failureText`, `wasAborted`, `resourceType`, `occurrenceCount`). Resolve payloads via `attempts[].network.bodies[instance.requestBodyRef | instance.responseBodyRef]` when the body matters.
 
-**`traceId`** — when present on a failing request, you must follow [`references/datadog-apm-traces.md`](./references/datadog-apm-traces.md) to correlate with backend behavior. This is the bridge between frontend test failure and potential backend root cause.
+**`traceId`** — when present on a failing instance (`attempts[].network.instances[].traceId`), you must follow [`references/datadog-apm-traces.md`](./references/datadog-apm-traces.md) to correlate with backend behavior. This is the bridge between frontend test failure and potential backend root cause.
 
-If the `network[]` array is full (200 entries) but contains only static assets, the capture is saturated and the relevant API calls may have been dropped — note this as a confidence-reducing factor.
+Check `attempts[].network.summary` for saturation. Non-zero `instancesDroppedByGroupCap`, `instancesDroppedByInstanceCap`, or `instancesEvictedAfterAdmission` means retained content is a sample and the request you care about may have been dropped — note this as a confidence-reducing factor. `instancesDroppedByFilter` alone is expected (static assets are filtered by design). v3 caps: instances 500, groups 200, bodies 100 per attempt.
 
 ### 4Ef: Review test steps
 
@@ -231,10 +231,10 @@ Prefer the timeline view (4Ea) which interleaves steps with network and console.
 Do not propose a fix without concrete artifacts. At minimum, include:
 
 - One **error artifact** — from `tests[].errors[]` (assertion diff, timeout message) or a trace/log entry
-- One **network artifact** — from `tests[].network[]` or `attempts[].network[]` (response status, timing, headers)
+- One **network artifact** — an instance from `attempts[].network.instances[]` (status, timing, trace ids) joined to its group via `attempts[].network.groups[instance.groupId]` (shape, `failureText`/`wasAborted`, occurrence counts), plus the body via `attempts[].network.bodies[instance.requestBodyRef | instance.responseBodyRef]` when relevant
 - A **specific code path** that consumed that state — use `tests[].location` to jump to the source
 - When available: **screenshot** from `failureArtifacts.screenshotBase64` showing page state at failure
-- When available: **Datadog trace** via `network[].traceId` showing backend behavior for the failing request
+- When available: **Datadog trace** via `attempts[].network.instances[].traceId` showing backend behavior for the failing request
 - A **confidence score** from 1 to 5 rating how certain you are in the root cause diagnosis
 
 ### Confidence Score

package/skills/flaky-test-debugger/references/datadog-apm-traces.md

@@ -4,11 +4,12 @@ Fetch and display the full APM trace for a given trace ID, or look up a specific
 
 ## Prerequisites
 
-The `pup` CLI must be installed and authenticated. Verify with:
+The `pup` CLI must be installed and authenticated. Two auth paths are supported:
 
-```bash
-pup auth status 2>/dev/null | jq '.status'   # Should show: "valid"
-```
+- **macOS Keychain** (via `pup auth login`) — the default on developer machines.
+- **Environment variables** (`DD_API_KEY` + `DD_APP_KEY`) — the path used in sandboxes and CI.
+
+**Do not run `pup auth status` to verify auth.** It only reads the Keychain, so it fails in sandboxes even when env-var auth is working. Call `pup traces search …` directly — env-var auth takes effect there. If the query fails with an auth error, surface it then (check `DD_API_KEY` / `DD_APP_KEY` or run `pup auth login`).
 
 ## Key pup conventions
 

package/skills/fix-ci/SKILL.md

@@ -1,85 +0,0 @@
----
-name: fix-ci
-description: "Analyze and fix CI failures for a GitHub pull request. Use this when CI checks are failing, the build is red, or you need to diagnose GitHub Actions failures. Triggers on: 'fix CI', 'CI is failing', 'checks failed', 'build is broken', 'tests failing in CI', 'why is CI red', or any request to investigate and resolve PR check failures."
-argument-hint: "[pr-url]"
----
-
-# Fix CI Failures
-
-Diagnose and fix CI failures for a GitHub pull request by retrieving logs, identifying root causes, and applying targeted fixes.
-
-## Arguments
-
-- `$ARGUMENTS` - GitHub PR URL (e.g., `https://github.com/owner/repo/pull/123`). If omitted, uses the PR for the current branch.
-
-## Instructions
-
-### Step 1: Get PR and Identify Failed Checks
-
-```bash
-# If $ARGUMENTS contains a PR URL, extract the PR number from the path.
-# Otherwise, get the PR for the current branch:
-gh pr view --json number,url,headRefName,statusCheckRollup
-```
-
-From `statusCheckRollup`, find checks where `conclusion` is `"failure"` or `state` is `"FAILURE"`. If no checks have failed, report that CI is green and stop.
-
-When multiple checks failed, prioritize **build/compile checks over test checks** — build errors are often the root cause of downstream test failures, so fixing them first may resolve multiple failures at once.
-
-### Step 2: Retrieve Failed Job Logs
-
-Extract the run ID from the failed check's `detailsUrl` (the numeric suffix of the GitHub Actions URL, e.g., `.../actions/runs/123456789`).
-
-```bash
-# List failed job IDs for the run
-gh run view $RUN_ID --json jobs --jq '.jobs[] | select(.conclusion == "failure") | .databaseId'
-
-# Get only failed step output (concise)
-gh run view --job $JOB_ID --log-failed
-```
-
-Start with `--log-failed` because it shows only the output from failed steps, cutting through potentially thousands of lines of passing output. Only fall back to `--log` with targeted grep if `--log-failed` doesn't provide enough context.
-
-When parsing large log output, focus on:
-
-- **The first error message** — later failures often cascade from this
-- **Summary lines** like "Test Suites:", "FAILED", build error counts
-- **Stack traces** immediately after assertion or compilation errors
-
-### Step 3: Diagnose Root Cause
-
-Read the relevant source files and tests to understand the failure in context.
-
-**Build/compilation errors** — type errors, missing imports, syntax issues. These block everything else.
-**Test failures** — read both the failing test and the code it exercises. The fix could be in either place; don't assume the test is wrong just because it's failing.
-**Lint/format errors** — usually auto-fixable with project formatting tools.
-**Infrastructure issues** — missing env vars, CI config problems, dependency resolution failures.
-
-### Step 4: Present Findings and Proposed Fix
-
-Before changing code, present:
-
-1. **Root cause** — what's failing and why
-2. **Proposed fix** — which files to change and what the changes are
-
-Then ask the user whether to proceed. This confirmation step matters because CI failures can be ambiguous — what looks like a test bug might actually be the test correctly catching a real regression.
-
-### Step 5: Apply Fix and Verify
-
-After approval, implement the changes. Then run the relevant checks locally (build, test, lint for the affected project/files) to verify the fix before pushing. Report the local results.
-
-### Failure Patterns
-
-**Removed code but tests still reference it:** Delete or update the tests. Check for leftover references in shared test fixtures or configurations.
-
-**Missing mocks/providers after adding a dependency:** Add the mock to test module setup. Update existing mocks when signatures change.
-
-**Type errors from interface changes:** Fix in the changed files. If the type change is intentional, update downstream consumers too.
-
-**Snapshot mismatches:** Check if the change is expected (you modified rendering/output). If so, update snapshots. If not, investigate the regression.
-
-**Flaky/intermittent failures:** If the test passes locally, the failure looks timing-dependent, or it's unrelated to the PR's changes, flag this to the user rather than making speculative changes.
-
-## Input
-
-Pull Request URL: $ARGUMENTS

package/skills/iterate-pr/SKILL.md

@@ -1,135 +0,0 @@
----
-name: iterate-pr
-description: "Iteratively commit, push, and address PR feedback until CI passes and comments are resolved. Use this skill when the user wants to get a PR to a mergeable state, fix CI and address review comments in a loop, or says things like 'iterate on my PR', 'make this PR pass', 'fix everything on the PR', 'get this PR ready to merge', or 'keep going until CI is green'."
-argument-hint: "[max-iterations]"
----
-
-# Iterate PR
-
-Autonomously iterate on a pull request until CI checks pass and all comments are resolved. Each iteration runs in a fresh subagent.
-
-## Arguments
-
-- `$ARGUMENTS` - Maximum iterations (default: 3)
-
-## Instructions
-
-### Step 1: Initialize
-
-Parse max iterations from `$ARGUMENTS` (default: 3). Set iteration counter to 0.
-
-### Step 2: Check State
-
-Get the PR for the current branch:
-
-!`gh pr view --json number,url,headRefName,statusCheckRollup 2>/dev/null || echo "NO_PR"`
-
-**If no PR exists:** Proceed to Step 3 (first iteration will create one).
-
-**If PR exists:** Get unresolved comments data:
-
-!`bash "${CLAUDE_PLUGIN_ROOT:-.agents}/skills/unresolved-pr-comments/scripts/unresolvedPrComments.sh" 2>/dev/null`
-
-Parse the JSON output and evaluate exit conditions.
-
-**If any CI checks are still PENDING, QUEUED, or IN_PROGRESS:** Proceed to Step 3 regardless of comment count. Automated reviewers (e.g. CodeRabbit) may not have posted comments yet, so comment data is unreliable until all checks complete.
-
-**If statusCheckRollup is empty or null:** Treat CI as passing (some PRs have no required checks configured).
-
-**Exit with success** when ALL conditions are met:
-
-- All CI checks have completed (no PENDING, QUEUED, or IN_PROGRESS statuses in statusCheckRollup) and none have failed (or no checks exist)
-- No unresolved comments (totalUnresolvedComments == 0)
-- No nitpicks (totalNitpicks == 0)
-
-**JSON Structure for Exit Evaluation:**
-
-```json
-{
-  "totalUnresolvedComments": number,
-  "totalNitpicks": number,
-  "unresolvedComments": [...],
-  "nitpickComments": [...]
-}
-```
-
-Check `totalUnresolvedComments == 0` and `totalNitpicks == 0` for exit condition.
-
-Report: "PR is clean! All CI checks pass and no unresolved comments."
-
-**Exit with status report** when iteration counter >= max iterations:
-
-- List failing CI checks
-- List unresolved comment/nitpick counts
-- Suggest running `/iterate-pr` again to continue
-
-### Step 3: Spawn Iteration Subagent
-
-Spawn a Task subagent with `subagent_type: "general-purpose"` using this prompt:
-
-> Handle one iteration of the PR feedback loop:
->
-> 1. **Record Starting Commit**: !`git rev-parse HEAD` (save as `startCommit`)
-> 2. **Commit and Push**: Invoke `core:commit-push-pr` via the Skill tool
-> 3. **Get PR Number**: !`gh pr view --json number --jq '.number'`
-> 4. **Wait for CI**: !`rc=0; if command -v gtimeout >/dev/null 2>&1; then gtimeout 600 gh pr checks --watch || rc=$?; elif command -v timeout >/dev/null 2>&1; then timeout 600 gh pr checks --watch || rc=$?; else gh pr checks --watch || rc=$?; fi; case $rc in 0|1|8|124) ;; *) exit $rc;; esac` (10 minute timeout; exit codes: 0=pass, 1=fail, 8=pending, 124=timeout are expected and handled in next step; other codes like 4=auth error are re-raised; uses gtimeout on macOS, timeout on Linux, no timeout as fallback)
-> 5. **Check CI Status**: Run `gh pr checks --json name,state,bucket` and parse the output
->    - If any check has `bucket: "fail"`, invoke `core:fix-ci` via the Skill tool. Since you are running autonomously, do NOT wait for user approval — apply the fixes directly. Report what was fixed and exit.
-> 6. **Check Comments**: Run `bash "${CLAUDE_PLUGIN_ROOT:-.agents}/skills/unresolved-pr-comments/scripts/unresolvedPrComments.sh"` and parse the JSON output
->    - If unresolved comments or nitpicks exist:
->      1. Group comments by file path and read each file once (not per-comment)
->      2. If a file no longer exists, note the comment may be outdated and skip it
->      3. Assess each comment with an explicit verdict:
->         - **Agree**: Explain why, then fix it
->         - **Disagree**: Explain why the current code is acceptable; do NOT change the code
->         - **Already fixed**: Note that the code already addresses this concern
->      4. After assessing all comments, fix only those you agreed with and exit (next iteration will commit fixes)
-> 7. **Report**: Run `git rev-parse HEAD` and compare to `startCommit` to determine if commits were made. Include PR status, CI status, and comments addressed
-
-### Step 4: Loop
-
-After the subagent completes:
-
-1. Increment iteration counter
-2. If no commits were made this iteration:
-   - Get unresolved comments by running: `bash "${CLAUDE_PLUGIN_ROOT:-.agents}/skills/unresolved-pr-comments/scripts/unresolvedPrComments.sh"`
-   - If unresolved comments remain, exit with: "Comments addressed, awaiting reviewer resolution. Run `/iterate-pr` after reviewer responds."
-3. Report: "Iteration [N]/[max] complete. Checking state..."
-4. Return to Step 2
-
-## Examples
-
-**Successful completion:**
-
-```text
-Iteration 1/3: No PR exists
-> commit-push-pr -> PR #347 created
-> CI failed (lint errors) -> fix-ci -> fixed missing semicolons
-
-Iteration 2/3: CI failures remain
-> commit-push-pr -> pushed fixes
-> CI passed, 2 review comments
-> unresolved-pr-comments -> addressed null check, const usage
-
-Iteration 3/3: Comments pending
-> commit-push-pr -> pushed fixes
-> CI passed, no unresolved comments
-
-PR is clean! All CI checks pass and no unresolved comments.
-```
-
-**Awaiting reviewer resolution:**
-
-```text
-Iteration 1/3: PR exists with comments
-> commit-push-pr -> pushed comment fixes
-> CI passed, 1 comment remains (disagreed with suggestion)
-
-Iteration 2/3: No commits made, comments remain
-
-Comments addressed, awaiting reviewer resolution. Run `/iterate-pr` after reviewer responds.
-```
-
-## Input
-
-Maximum iterations: $ARGUMENTS

package/skills/learn-from-session/SKILL.md

@@ -1,123 +0,0 @@
----
-name: learn-from-session
-description: |
-  Analyze the current session for agent efficiency, quality, and actionable improvements. Use this skill when the user says things like "learn from this session", "session retro", "what went well", "how did the agent do", "what should I improve", "review this session", "session review", or any request to reflect on how the current session went. Also use when the user wants to extract learnings, identify friction, or improve their workflow based on what just happened.
----
-
-You are reviewing the current Claude Code session. Your job is to surface the 2-3 most impactful findings — things that would actually change how the next session goes — not to produce an exhaustive report card.
-
-Be candid. A session where everything scores 4/5 but you have nothing concrete to suggest is a wasted review. Prioritize specificity over coverage: one sharp observation beats five generic ones.
-
-Analyze the session transcript and produce the following:
-
-## Agent efficiency analysis
-
-Evaluate how well the agent used tools and how much human course-correction was needed.
-
-Score each dimension 1-5. Calibration: 1=actively harmful or completely wrong approach, 2=significant waste or frequent missteps, 3=adequate but with clear room for improvement, 4=good with minor issues, 5=genuinely impressive and hard to improve on. Reserve 5 for sessions that would make you say "I wish the agent always worked like this."
-
-- **Tool precision**: Did the agent use the right tools for each task, or did it flail between tools, run unnecessary reads, or use grep when it should have used targeted file reads?
-- **Iteration efficiency**: How many attempts did it take to get things right? Count tool retries, failed bash commands, and edit-then-re-edit cycles.
-- **Context utilization**: Did the agent leverage CLAUDE.md, AGENTS.md, and project conventions, or did it ignore available context and make assumptions?
-- **Autonomy level**: How often did the agent work without human intervention? Each rejection/abort/course-correction is a friction event.
-- **Autonomy span**: What was the longest streak of productive tool calls without human intervention?
-
-Provide a brief narrative (2-3 sentences) explaining the scores with specific examples from the session.
-
-## Agent quality analysis
-
-Evaluate how well the agent followed project coding standards and CLAUDE.md rules.
-
-Use the same 1-5 calibration as above.
-
-- **CLAUDE.md compliance**: Did the agent follow the rules and conventions defined in CLAUDE.md and AGENTS.md? Flag specific violations.
-- **Code pattern adherence**: Did the generated code follow established project patterns (naming conventions, error handling, file organization, test structure)?
-- **Test coverage intent**: Did the agent write or update tests when modifying behavior? Did it run tests before declaring done?
-- **PR hygiene**: Is the commit history clean? Are changes scoped appropriately? Did the agent avoid touching unrelated files?
-- **Documentation awareness**: Did the agent update relevant docs, comments, or type definitions when changing interfaces?
-
-Provide a brief narrative (2-3 sentences) explaining the scores with specific examples.
-
-## Session reflection
-
-Surface things that would save time if known at the start of the next session. The bar for inclusion: "would I tell a teammate about this before they start working on this codebase?" Skip categories with nothing worth noting.
-
-- **Bash commands**: Commands that were used, discovered, or would have been useful to know upfront.
-- **Code style patterns**: Patterns followed or discovered that aren't yet documented.
-- **Testing approaches**: Testing strategies that worked or should have been used.
-- **Environment/configuration quirks**: Gotchas, workarounds, or setup details encountered.
-- **Warnings**: Errors, deprecations, or edge cases that tripped up the agent.
-
-## Actionable improvements
-
-This is the most important section. Produce recommendations in these categories, but only if genuinely actionable — a suggestion the user can apply in under 5 minutes. Skip any category with nothing worth doing.
-
-### CLAUDE.md updates
-
-**Do not suggest rules that duplicate existing automated enforcement.** If a lint rule, pre-commit hook, CI check, or other tooling already catches an issue, documenting it in CLAUDE.md/AGENTS.md is redundant. Before suggesting a rule, check whether the session transcript shows the error was already caught and blocked by automated tooling (e.g. a pre-commit hook rejected the commit, a linter flagged the issue). If so, skip it — the tooling is already doing its job.
-
-For each suggestion, specify whether it belongs in:
-
-- **Team-shared** (checked into git, e.g. `./CLAUDE.md` or `./AGENTS.md`)
-- **Personal/local** (git-ignored, e.g. `~/.claude/CLAUDE.md`)
-
-Format each as a ready-to-paste diff:
-
-```diff
-+ [the addition - keep it brief]
-```
-
-### Hooks, skills, or agents
-
-Suggest new or revised hooks, skills, or agents that would have prevented issues or improved the workflow.
-
-### Prompt technique
-
-One concrete thing the engineer could do differently in their prompts to get better results (be specific, not generic).
-
-### Agent pattern note
-
-One observation about how the agent behaved that the team should know about — a strength to replicate or a weakness to work around.
-
-## Structured data block
-
-After the human-readable review, emit a fenced JSON block that a scraper can parse:
-
-```json
-{
-  "session_review": {
-    "version": "1.1",
-    "timestamp": "<ISO 8601>",
-    "efficiency": {
-      "tool_precision": <1-5>,
-      "iteration_efficiency": <1-5>,
-      "context_utilization": <1-5>,
-      "autonomy_level": <1-5>,
-      "autonomy_span": <1-5>,
-      "friction_events": <count of rejections/aborts/course-corrections>,
-      "total_tool_calls": <count>,
-      "failed_tool_calls": <count>
-    },
-    "quality": {
-      "claude_md_compliance": <1-5>,
-      "code_pattern_adherence": <1-5>,
-      "test_coverage_intent": <1-5>,
-      "pr_hygiene": <1-5>,
-      "documentation_awareness": <1-5>,
-      "violations": ["<brief description of each CLAUDE.md violation>"]
-    },
-    "improvements": {
-      "claude_md_rules": ["<each suggested rule, ready to paste>"],
-      "hooks_skills_agents": ["<each suggestion>"],
-      "prompt_technique": "<the suggestion>",
-      "agent_pattern_note": "<the observation>"
-    }
-  }
-}
-```
-
-## Presenting the review
-
-1. Display the human-readable sections.
-2. If there is an open PR for the current branch, offer to post the review as a PR comment (using `gh pr comment` with `--body-file`).
-3. If the user has CLAUDE.md updates to apply, offer to apply them directly.

package/skills/unresolved-pr-comments/SKILL.md

@@ -1,47 +0,0 @@
----
-name: unresolved-pr-comments
-description: "Get unresolved review comments from a GitHub pull request. Use this skill when the user asks about PR feedback, review comments, unresolved threads, what reviewers said, CodeRabbit review-body comments, or wants to address PR review feedback. Also use when the user says 'check my PR', 'what's left on my PR', or 'resolve comments'."
-argument-hint: "[pr-number]"
----
-
-# Unresolved PR Comments
-
-Fetch and analyze unresolved review comments from a GitHub pull request.
-
-## Usage
-
-Run the script to fetch PR comment data:
-
-```bash
-bash scripts/unresolvedPrComments.sh [pr-number]
-```
-
-If no PR number is provided, it uses the PR associated with the current branch.
-
-Note: Limited to 100 review threads, 10 comments per thread, and 100 reviews.
-
-## Processing Instructions
-
-Using the JSON output from the script:
-
-1. **If error**: Display the error message and suggest the fix
-2. **If no comments**: Report the PR has no pending feedback
-3. **If comments exist**: Present a brief summary (e.g., "Found 3 unresolved comments and 5 CodeRabbit review-body comments")
-
-Then, for EVERY comment (both `unresolvedComments` AND `nitpickComments`):
-
-1. Group comments by file path and read each file once (not per-comment)
-2. If a file no longer exists, note that the comment may be outdated
-3. Assess each comment against the current code. When multiple comments appear at the same file and line, they are part of the same review thread — read them together as a conversation
-4. Group your assessment as follows:
-
-   **Should address**
-   - Description of the comment with file path(s)
-     - Why it's a real issue (bug, a11y, UX, etc.)
-
-   **Can ignore**
-   - Description of the comment with file path(s)
-     - Why: already fixed, not actionable, not worth addressing in this PR, etc.
-
-   **Net**
-   Summary of how many are worth fixing and what kind of issues they are. Offer to fix, but **do NOT start until the user confirms**.

package/skills/unresolved-pr-comments/scripts/parseNitpicks.sh

@@ -1,165 +0,0 @@
-#!/usr/bin/env bash
-# parseNitpicks.sh — Parse CodeRabbit review-body comments from PR review bodies.
-# Sourced by unresolvedPrComments.sh. Requires: jq, perl.
-
-# Extract CodeRabbit review-body comments from reviews JSON (passed via stdin).
-# Outputs a JSON array of comment objects. The function name is retained for
-# backward compatibility with existing skill scripts.
-extract_nitpick_comments() {
-  local reviews_json="$1"
-
-  printf '%s' "$reviews_json" | perl -e '
-use strict;
-use warnings;
-use JSON::PP;
-
-local $/;
-my $reviews_json = <STDIN>;
-my $reviews = decode_json($reviews_json);
-
-# Find latest coderabbitai review with supported review-body comment sections.
-my $latest_review;
-my $latest_time = "";
-for my $review (@$reviews) {
-  my $author = $review->{author}{login} // "";
-  my $body = $review->{body} // "";
-  next unless $author eq "coderabbitai" && has_supported_sections($body);
-  my $created = $review->{createdAt} // "";
-  if ($created gt $latest_time) {
-    $latest_time = $created;
-    $latest_review = $review;
-  }
-}
-
-unless ($latest_review) {
-  print "[]";
-  exit 0;
-}
-
-my $body = $latest_review->{body};
-my $author = $latest_review->{author}{login} // "deleted-user";
-my $created_at = $latest_review->{createdAt} // "";
-
-my @sections = extract_review_body_comment_sections($body);
-unless (@sections) {
-  print "[]";
-  exit 0;
-}
-
-my @comments;
-for my $section (@sections) {
-  my $section_content = $section->{content};
-  my $category = $section->{category};
-
-  # Extract file sections: <details><summary>filename (count)</summary><blockquote>...</blockquote></details>
-  while ($section_content =~ /<details>\s*<summary>([^<]+?)\s+\(\d+\)<\/summary>\s*<blockquote>([\s\S]*?)<\/blockquote>\s*<\/details>/g) {
-    my $raw_file_name = trim($1);
-    my $file_content = $2;
-
-    # Extract individual comments: `line-range`: severity metadata, **title**, body
-    while ($file_content =~ /`(\d+(?:-\d+)?)`:\s*(?:_[^_]+_\s*\|\s*_[^_]+_\s*)?\*\*([^*]+)\*\*\s*([\s\S]*?)(?=---|\n`\d|<\/blockquote>|$)/g) {
-      my $line_range = $1;
-      my $title = trim($2);
-      my $clean_body = clean_comment_body(trim($3));
-      my $file_name = normalize_file_name($raw_file_name, $line_range);
-      push @comments, {
-        author    => $author,
-        body      => "$title\n\n$clean_body",
-        category  => $category,
-        createdAt => $created_at,
-        file      => $file_name,
-        line      => $line_range,
-      };
-    }
-  }
-}
-
-print encode_json(\@comments);
-
-sub has_supported_sections {
-  my ($text) = @_;
-  $text = strip_markdown_blockquote_prefixes($text);
-  return $text =~ /<summary>\s*[^<]*(?:Nitpick comments|Minor comments|Outside diff range comments)\s*\(\d+\)<\/summary>\s*<blockquote>/i;
-}
-
-sub extract_review_body_comment_sections {
-  my ($text) = @_;
-  $text = strip_markdown_blockquote_prefixes($text);
-
-  my @sections;
-  while ($text =~ /<summary>\s*[^<]*(Nitpick comments|Minor comments|Outside diff range comments)\s*\(\d+\)<\/summary>\s*<blockquote>/ig) {
-    my $category = section_category($1);
-    my $content_start = $+[0];
-    my $after = substr($text, $content_start);
-
-    my $depth = 1;
-    my @tags;
-    while ($after =~ /(<blockquote>|<\/blockquote>)/gi) {
-      my $tag = $1;
-      my $pos = $-[0];
-      my $is_open = ($tag =~ /^<blockquote>/i) ? 1 : 0;
-      push @tags, [$pos, $is_open];
-    }
-    for my $tag (@tags) {
-      $depth += $tag->[1] ? 1 : -1;
-      if ($depth == 0) {
-        push @sections, {
-          category => $category,
-          content  => substr($after, 0, $tag->[0]),
-        };
-        last;
-      }
-    }
-  }
-  return @sections;
-}
-
-sub section_category {
-  my ($label) = @_;
-  return "nitpick" if $label =~ /Nitpick comments/i;
-  return "minor" if $label =~ /Minor comments/i;
-  return "outside-diff" if $label =~ /Outside diff range comments/i;
-  return "unknown";
-}
-
-sub normalize_file_name {
-  my ($file_name, $line_range) = @_;
-  my $suffix = "-" . $line_range;
-  $file_name =~ s/\Q$suffix\E$//;
-  return $file_name;
-}
-
-sub strip_markdown_blockquote_prefixes {
-  my ($text) = @_;
-  $text =~ s/^[ \t]*>[ \t]?//mg;
-  return $text;
-}
-
-sub clean_comment_body {
-  my ($text) = @_;
-  # Iteratively remove innermost <details> elements
-  my $prev = "";
-  while ($text ne $prev) {
-    $prev = $text;
-    $text =~ s/<details>(?:(?!<details>)[\s\S])*?<\/details>//g;
-  }
-  $text =~ s/</&lt;/g;
-  $text =~ s/>/&gt;/g;
-  return trim($text);
-}
-
-sub trim {
-  my ($s) = @_;
-  $s =~ s/^\s+//;
-  $s =~ s/\s+$//;
-  return $s;
-}
-'
-}
-
-# Extract code scanning alert number from comment body.
-# Outputs the alert number or empty string.
-extract_code_scanning_alert_number() {
-  local body="$1"
-  printf '%s' "$body" | perl -ne 'print $1 if m{/code-scanning/(\d+)}'
-}

package/skills/unresolved-pr-comments/scripts/unresolvedPrComments.sh

@@ -1,246 +0,0 @@
-#!/usr/bin/env bash
-# unresolvedPrComments.sh — Fetch unresolved review comments from a GitHub PR.
-# Usage: bash unresolvedPrComments.sh [pr-number]
-# Outputs JSON with unresolved comments and CodeRabbit nitpicks.
-# Compatible with macOS bash 3.2. Requires: gh, jq, perl.
-
-set -euo pipefail
-
-SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
-# shellcheck source=parseNitpicks.sh
-source "${SCRIPT_DIR}/parseNitpicks.sh"
-
-# Save original stdout so output_error works inside $() command substitutions
-exec 3>&1
-
-# --- Helpers (inlined from ghClient.ts / prClient.ts) ---
-
-output_error() {
-  printf '%s' "$1" | jq -Rsc '{ error: . }' >&3
-  exit 1
-}
-
-validate_prerequisites() {
-  if ! command -v jq >/dev/null 2>&1; then
-    printf '{"error":"jq not found. Install from https://stedolan.github.io/jq"}\n' >&3
-    exit 1
-  fi
-  if ! command -v gh >/dev/null 2>&1; then
-    output_error "gh CLI not found. Install from https://cli.github.com"
-  fi
-  if ! command -v perl >/dev/null 2>&1; then
-    output_error "perl not found."
-  fi
-  if ! gh api user --jq '.login' >/dev/null 2>&1; then
-    output_error "Not authenticated with GitHub. Run: gh auth login"
-  fi
-}
-
-get_pr_number() {
-  local arg="${1:-}"
-  if [ -n "$arg" ]; then
-    if ! printf '%s' "$arg" | grep -qE '^[0-9]+$'; then
-      output_error "Invalid PR number: ${arg}"
-    fi
-    printf '%s' "$arg"
-    return
-  fi
-
-  local pr_json
-  if ! pr_json="$(gh pr view --json number 2>/dev/null)"; then
-    output_error "No PR found for current branch. Provide PR number as argument."
-  fi
-
-  local pr_num
-  pr_num="$(printf '%s' "$pr_json" | jq -r '.number // empty')"
-  if [ -z "$pr_num" ]; then
-    output_error "No PR found for current branch. Provide PR number as argument."
-  fi
-  printf '%s' "$pr_num"
-}
-
-get_repo_info() {
-  local repo_json
-  if ! repo_json="$(gh repo view --json owner,name 2>/dev/null)"; then
-    output_error "Could not determine repository. Are you in a git repo with a GitHub remote?"
-  fi
-
-  REPO_OWNER="$(printf '%s' "$repo_json" | jq -r '.owner.login // empty')"
-  REPO_NAME="$(printf '%s' "$repo_json" | jq -r '.name // empty')"
-
-  if [ -z "$REPO_OWNER" ] || [ -z "$REPO_NAME" ]; then
-    output_error "Failed to parse repository info from gh CLI output."
-  fi
-}
-
-# --- GraphQL ---
-
-# Pagination limits: 100 review threads, 10 comments per thread, 100 reviews.
-# Sufficient for typical PRs; data may be truncated on exceptionally active PRs.
-GRAPHQL_QUERY='
-query($owner: String!, $repo: String!, $pr: Int!) {
-  repository(owner: $owner, name: $repo) {
-    pullRequest(number: $pr) {
-      title
-      url
-      reviewThreads(first: 100) {
-        nodes {
-          isResolved
-          comments(first: 10) {
-            nodes {
-              body
-              path
-              line
-              originalLine
-              author { login }
-              createdAt
-            }
-          }
-        }
-      }
-      reviews(first: 100) {
-        nodes {
-          body
-          author { login }
-          createdAt
-        }
-      }
-    }
-  }
-}'
-
-execute_graphql_query() {
-  local owner="$1" repo="$2" pr_number="$3"
-  local result
-  if ! result="$(gh api graphql \
-    -f "query=${GRAPHQL_QUERY}" \
-    -f "owner=${owner}" \
-    -f "repo=${repo}" \
-    -F "pr=${pr_number}" 2>&1)"; then
-    output_error "GraphQL query failed: ${result}"
-  fi
-  printf '%s' "$result"
-}
-
-# --- Code scanning filter ---
-
-is_code_scanning_alert_fixed() {
-  local owner="$1" repo="$2" alert_number="$3"
-  local result
-  if ! result="$(gh api "repos/${owner}/${repo}/code-scanning/alerts/${alert_number}" 2>/dev/null)"; then
-    return 1
-  fi
-
-  local state
-  state="$(printf '%s' "$result" | jq -r '.most_recent_instance.state // empty')"
-  [ "$state" = "fixed" ]
-}
-
-# --- Main ---
-
-main() {
-  validate_prerequisites
-
-  local pr_number
-  pr_number="$(get_pr_number "${1:-}")"
-
-  get_repo_info
-  local owner="$REPO_OWNER"
-  local repo="$REPO_NAME"
-
-  local response
-  response="$(execute_graphql_query "$owner" "$repo" "$pr_number")"
-
-  # Validate response
-  if [ "$(printf '%s' "$response" | jq -r '.data.repository // empty')" = "" ]; then
-    output_error "Repository ${owner}/${repo} not found or not accessible."
-  fi
-  if [ "$(printf '%s' "$response" | jq -r '.data.repository.pullRequest // empty')" = "" ]; then
-    output_error "PR #${pr_number} not found or not accessible."
-  fi
-
-  local title url
-  title="$(printf '%s' "$response" | jq -r '.data.repository.pullRequest.title')"
-  url="$(printf '%s' "$response" | jq -r '.data.repository.pullRequest.url')"
-
-  # Extract unresolved comments: filter unresolved threads, flatten comments
-  local all_unresolved
-  all_unresolved="$(printf '%s' "$response" | jq '[
-    .data.repository.pullRequest.reviewThreads.nodes[]
-    | select(.isResolved == false)
-    | .comments.nodes[]
-    | {
-        author: (.author.login // "deleted-user"),
-        body: .body,
-        createdAt: .createdAt,
-        file: .path,
-        line: (.line // .originalLine)
-      }
-  ]')"
-
-  # Filter out fixed code-scanning alerts from github-advanced-security
-  local unresolved_comments="[]"
-  local count
-  count="$(printf '%s' "$all_unresolved" | jq 'length')"
-
-  local i=0
-  while [ "$i" -lt "$count" ]; do
-    local comment
-    comment="$(printf '%s' "$all_unresolved" | jq ".[$i]")"
-    local comment_author
-    comment_author="$(printf '%s' "$comment" | jq -r '.author')"
-
-    local keep=true
-    if [ "$comment_author" = "github-advanced-security" ]; then
-      local comment_body alert_number
-      comment_body="$(printf '%s' "$comment" | jq -r '.body')"
-      alert_number="$(extract_code_scanning_alert_number "$comment_body")"
-      if [ -n "$alert_number" ]; then
-        if is_code_scanning_alert_fixed "$owner" "$repo" "$alert_number"; then
-          keep=false
-        fi
-      fi
-    fi
-
-    if [ "$keep" = true ]; then
-      unresolved_comments="$(printf '%s' "$unresolved_comments" | jq --argjson c "$comment" '. + [$c]')"
-    fi
-
-    i=$((i + 1))
-  done
-
-  # Extract nitpick comments from reviews
-  local reviews_json
-  reviews_json="$(printf '%s' "$response" | jq '[.data.repository.pullRequest.reviews.nodes[]]')"
-  local nitpick_comments
-  nitpick_comments="$(extract_nitpick_comments "$reviews_json")"
-
-  # Build final output
-  local total_unresolved total_nitpicks
-  total_unresolved="$(printf '%s' "$unresolved_comments" | jq 'length')"
-  total_nitpicks="$(printf '%s' "$nitpick_comments" | jq 'length')"
-
-  jq -n \
-    --argjson nitpickComments "$nitpick_comments" \
-    --arg owner "$owner" \
-    --argjson prNumber "$pr_number" \
-    --arg repo "$repo" \
-    --arg title "$title" \
-    --argjson totalNitpicks "$total_nitpicks" \
-    --argjson totalUnresolvedComments "$total_unresolved" \
-    --argjson unresolvedComments "$unresolved_comments" \
-    --arg url "$url" \
-    '{
-      nitpickComments: $nitpickComments,
-      owner: $owner,
-      prNumber: $prNumber,
-      repo: $repo,
-      title: $title,
-      totalNitpicks: $totalNitpicks,
-      totalUnresolvedComments: $totalUnresolvedComments,
-      unresolvedComments: $unresolvedComments,
-      url: $url
-    }'
-}
-
-main "$@"