@clipboard-health/ai-rules 2.16.1 → 2.16.3

package/README.md

@@ -41,7 +41,7 @@ npm install --save-dev @clipboard-health/ai-rules
    {
      "scripts": {
        "sync-ai-rules": "node ./node_modules/@clipboard-health/ai-rules/scripts/sync.js [PROFILE_NAME]",
-       "postinstall": "npm run sync-ai-rules"
+       "postinstall": "node --run sync-ai-rules"
      }
    }
    ```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clipboard-health/ai-rules",
-  "version": "2.16.1",
+  "version": "2.16.3",
   "description": "Pre-built AI agent rules for consistent coding standards.",
   "keywords": [
     "ai",

package/skills/babysit-pr/SKILL.md

@@ -27,9 +27,9 @@ This skill always runs exactly one pass. It never waits or repeats internally. F
 
 The skill uses two HTML-comment sentinels.
 
-**Addressed sentinel**: `<!-- babysit-pr:addressed v1 -->`. Appended on its own line at the end of every reply the skill posts (both thread replies and the CodeRabbit summary). This is how the skill knows, on re-runs, which threads and CodeRabbit review-body comments it already handled.
+**Addressed sentinel**: `<!-- babysit-pr:addressed v1 core@3.4.0 -->`. The `core@<X.Y.Z>` suffix records which plugin version produced the reply. Appended on its own line at the end of every reply the skill posts (both thread replies and the CodeRabbit summary). This is how the skill knows, on re-runs, which threads and CodeRabbit review-body comments it already handled. Dedupe matches by the version-agnostic prefix `<!-- babysit-pr:addressed v1` followed by a single space, so pre-versioning sentinels left by earlier plugin versions are still recognized. Grep `babysit-pr:addressed v1` (without `-->`) to find sentinels regardless of version; grep `babysit-pr:addressed v1 core@3.4.0` to find ones from a specific version.
 
-**Follow-up sentinel**: `<!-- babysit-pr:followup v1 -->`. Attached to replies that defer an out-of-scope comment as a tracked follow-up (see the Scope subsection and the Defer verdict in step 6). Grep `babysit-pr:followup` across PR conversation JSON to enumerate deferred items. This sentinel is additive — the post-reply scripts still append the `addressed` sentinel at the end, so a deferred thread is correctly machine-classified as addressed (the skill _has_ handled it — by deferring). Human reviewers and future sweeps distinguish deferred from resolved by looking for the follow-up sentinel.
+**Follow-up sentinel**: `<!-- babysit-pr:followup v1 core@3.4.0 -->`. Attached to replies that defer an out-of-scope comment as a tracked follow-up (see the Scope subsection and the Defer verdict in step 6). Grep `babysit-pr:followup` across PR conversation JSON to enumerate deferred items. This sentinel is additive — the post-reply scripts still append the `addressed` sentinel at the end, so a deferred thread is correctly machine-classified as addressed (the skill _has_ handled it — by deferring). Human reviewers and future sweeps distinguish deferred from resolved by looking for the follow-up sentinel.
 
 **Sentinel recency rules.** The script emits a per-thread `activityState` with three values:
 
@@ -254,7 +254,7 @@ Body templates (the script appends the `addressed` sentinel if missing):
 - **Agree**: `Addressed in <commit-url>. <one-line what-changed>.`
 - **Disagree**: `Leaving current behavior. <reasoning>.`
 - **Already fixed**: `Already handled by <commit-url-or-file:line>. <brief pointer>.`
-- **Defer**: `Out of scope for this PR; this looks like follow-up work rather than something introduced or required by this change. <one-line rationale or pointer if useful>.\n\n<!-- babysit-pr:followup v1 -->`
+- **Defer**: `Out of scope for this PR; this looks like follow-up work rather than something introduced or required by this change. <one-line rationale or pointer if useful>.\n\n<!-- babysit-pr:followup v1 core@3.4.0 -->`
 
 For Defer replies, include the follow-up sentinel on its own line as shown. The script will append the `addressed` sentinel after it on its own line, so the final body ends with the follow-up sentinel followed by a blank line followed by the `addressed` sentinel — `grep babysit-pr:followup` finds the deferral and `grep babysit-pr:addressed` still marks the thread handled for dedupe.
 
@@ -269,7 +269,7 @@ bash scripts/postSentinelPrComment.sh "$PR_NUMBER" "$BODY"
 The CodeRabbit summary body should:
 
 - Group verdicts under **Agree / Disagree / Already fixed / Deferred (out of scope)** headings. Omit a heading if its list is empty.
-- Under **Deferred (out of scope)**, list each deferred CodeRabbit review-body comment as a bullet, followed on its own line by `<!-- babysit-pr:followup v1 -->` so grep catches them individually.
+- Under **Deferred (out of scope)**, list each deferred CodeRabbit review-body comment as a bullet, followed on its own line by `<!-- babysit-pr:followup v1 core@3.4.0 -->` so grep catches them individually.
 - Include the commit URL for fixes.
 - Include every current CodeRabbit review-body comment's `fingerprint` — addressed and deferred — in a fenced block at the end (one per line, before the sentinel) so future runs can dedupe. Deferred comments count as handled for dedupe purposes.
 

package/skills/babysit-pr/scripts/_sentinel.sh

@@ -1,17 +1,21 @@
 #!/usr/bin/env bash
-# _sentinel.sh — shared SENTINEL constant + append helper.
+# _sentinel.sh — shared SENTINEL constants + append helper.
 # Sourced by unresolvedPrComments.sh, postSentinelReply.sh, postSentinelPrComment.sh.
-# Keeping the sentinel in one place prevents a version bump from silently
-# diverging between the posting scripts and the reader's recency detector.
+#
+# SENTINEL_PREFIX is the version-agnostic substring used for matching/dedupe so
+# pre-versioning sentinels (`<!-- babysit-pr:addressed v1 -->`) are still
+# recognized alongside versioned ones. SENTINEL is the literal emitted on new
+# replies; the `core@X.Y.Z` suffix records which plugin version produced it.
 
-SENTINEL='<!-- babysit-pr:addressed v1 -->'
+SENTINEL_PREFIX='<!-- babysit-pr:addressed v1 '
+SENTINEL='<!-- babysit-pr:addressed v1 core@3.4.0 -->'
 
-# Echo $1 with the sentinel appended on its own trailing paragraph, unless
-# the body already ends with the sentinel.
+# Echo $1 with SENTINEL appended on its own trailing paragraph, unless the
+# body already contains any version of the sentinel (matched via SENTINEL_PREFIX).
 ensure_sentinel() {
   local body="$1"
   case "$body" in
-    *"$SENTINEL") printf '%s' "$body" ;;
+    *"$SENTINEL_PREFIX"*) printf '%s' "$body" ;;
     *) printf '%s\n\n%s' "$body" "$SENTINEL" ;;
   esac
 }

package/skills/babysit-pr/scripts/unresolvedPrComments.sh

@@ -192,12 +192,14 @@ main() {
   #       "addressed"  — our sentinel is the newest relevant activity on this thread
   local bots_json='["coderabbitai","coderabbitai[bot]","dependabot","dependabot[bot]","github-actions","github-actions[bot]","github-advanced-security","github-advanced-security[bot]","renovate","renovate[bot]","renovate-bot","pre-commit-ci","pre-commit-ci[bot]","codecov","codecov[bot]","sonarcloud","sonarcloud[bot]"]'
   local threads_json
-  threads_json="$(printf '%s' "$response" | jq --arg sentinel "$SENTINEL" --argjson bots "$bots_json" '
+  threads_json="$(printf '%s' "$response" | jq --arg sentinel_prefix "$SENTINEL_PREFIX" --argjson bots "$bots_json" '
     # Exact login equality via IN($bots[]) — do NOT use `inside($bots)`, which
     # does substring matching for strings and would classify login "code" as a
     # bot because it appears inside "codecov".
     def is_bot: ((.author.__typename // "") == "Bot") or ((.author.login // "") | IN($bots[]));
-    def is_sentinel: ((.body // "") | contains($sentinel));
+    # Match by version-agnostic prefix so pre-versioning sentinels left on
+    # older PRs (`<!-- babysit-pr:addressed v1 -->`) still dedupe correctly.
+    def is_sentinel: ((.body // "") | contains($sentinel_prefix));
     [
       .data.repository.pullRequest.reviewThreads.nodes[]
       | select(.isResolved == false)

package/skills/commit-push-pr/SKILL.md

@@ -16,12 +16,14 @@ description: Commit, push, and open a PR. Use when the user wants to ship change
 
 If `Commits ahead of default branch` is `(unknown)`, `origin/HEAD` couldn't be resolved — stop and tell the user to run `git remote set-head origin -a` (or otherwise set the default branch) before retrying, since the simplify step also depends on it. Otherwise, if `Git status`, `Commits ahead of default branch`, and `Existing PR` are all empty/none, stop and reply `nothing to ship.`. Otherwise:
 
+Before doing any step, output the full 7-step checklist below in your first response so it stays in recent context across sub-skill calls. Do not skip this — it's what keeps you from stopping after `simplify`.
+
 1. Create a new branch if on main (e.g., `feat/add-user-validation`, `fix/null-check-in-parser`).
-2. Run the `simplify` skill on the full PR diff — `git diff $(git merge-base HEAD origin/HEAD)..HEAD` plus any uncommitted changes. When it returns, continue to step 3 in the same turn; do not stop.
-3. If `git status --short` shows changes, create a single conventional commit.
+2. Run the `simplify` skill on the full PR diff — `git diff $(git merge-base HEAD origin/HEAD)..HEAD` plus any uncommitted changes. When it returns, your very next action is to restate the remaining steps (3–7) and continue with step 3 in the same turn. Do not stop, do not end the turn with a simplify summary.
+3. If `git status --short` shows changes, create a single conventional commit with `git commit --no-gpg-sign`.
 4. Push the branch to origin.
 5. Look up the current agent session ID with `bash scripts/find-session-id.sh '<phrase>'`. Pass a distinctive verbatim chunk (≥10 words) from the most recent user message; see the script header for quoting constraints. On success the script prints `<agent> <id>`; otherwise nothing — if empty, omit the session ID line below.
 6. Check for an existing PR with `gh pr view`.
-   - No PR: create with `gh pr create`. Title = commit subject. Description = brief explanation of **why**, not what. Append `Agent session ID: <output of step 5>` (omit if step 5 produced no output) and `<!-- commit-push-pr:created v1 -->` on their own lines at the end.
-   - PR exists: refresh the body via `gh pr edit --body` so (a) the new commit's changes are reflected in the prose and (b) `Agent session ID: <output of step 5>` appears in the body — append if missing, never remove or rewrite existing session ID lines so each contributing session is preserved. Then report the URL.
+   - No PR: create with `gh pr create`. Title = commit subject. Description = brief explanation of **why**, not what. Append `Agent session ID: <output of step 5>` (omit if step 5 produced no output) and `<!-- commit-push-pr:created v1 core@3.4.0 -->` on their own lines at the end.
+   - PR exists: refresh the body via `gh pr edit --body` so (a) the new commit's changes are reflected in the prose, (b) `Agent session ID: <output of step 5>` appears in the body — append if missing, never remove or rewrite existing session ID lines so each contributing session is preserved — and (c) any existing `<!-- commit-push-pr:created v1 ... -->` line is preserved verbatim (append `<!-- commit-push-pr:created v1 core@3.4.0 -->` if absent). Then report the URL.
 7. End with one short text response: branch name and the full PR URL (e.g., `https://github.com/clipboardhealth/core-utils/pull/123`). Never use shorthand like `repo#123` — always output the complete URL.

package/skills/go/SKILL.md

@@ -29,7 +29,7 @@ The plan or request is the source of truth for scope:
 
 ## Phase 3: Validate
 
-- Read `AGENTS.md`, `CLAUDE.md`, `CONTRIBUTING.md`, or equivalent contributor instructions for the mandated pre-PR command (e.g. `npm run affected`). That wins over everything.
+- Read `AGENTS.md`, `CLAUDE.md`, `CONTRIBUTING.md`, or equivalent contributor instructions for the mandated pre-PR command (e.g. `node --run verify`). That wins over everything.
 - If the repo relies on pre-commit/pre-push hooks and mandates no manual command, don't invent one — let the hooks run during the `commit-push-pr` handoff.
 - If the plan names specific checks, run them when practical. Ask before running anything that's clearly a slow CI-only suite.