@codyswann/lisa 2.195.8 → 2.196.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/all/github-rulesets/base.json +64 -0
  2. package/all/github-rulesets/prevent-delete.json +25 -0
  3. package/all/github-rulesets/protect-tags.json +31 -0
  4. package/cdk/github-rulesets/cdk-validation.json +43 -0
  5. package/expo/github-rulesets/playwright.json +38 -0
  6. package/package.json +2 -2
  7. package/plugins/lisa/.claude-plugin/plugin.json +1 -1
  8. package/plugins/lisa/.codex-plugin/plugin.json +1 -1
  9. package/plugins/lisa/.codex-plugin/skills/lisa-setup-github-repo/SKILL.md +66 -0
  10. package/plugins/lisa/.codex-plugin/skills/lisa-setup-github-repo/agents/openai.yaml +4 -0
  11. package/plugins/lisa/commands/lisa/setup/github-repo.md +7 -0
  12. package/plugins/lisa/skills/lisa-setup-github-repo/SKILL.md +66 -0
  13. package/plugins/lisa/skills/lisa-setup-github-repo/agents/openai.yaml +4 -0
  14. package/plugins/lisa-agy/commands/lisa/setup/github-repo.md +7 -0
  15. package/plugins/lisa-agy/plugin.json +1 -1
  16. package/plugins/lisa-agy/skills/lisa-setup-github-repo/SKILL.md +66 -0
  17. package/plugins/lisa-cdk/.claude-plugin/plugin.json +1 -1
  18. package/plugins/lisa-cdk/.codex-plugin/plugin.json +1 -1
  19. package/plugins/lisa-cdk-agy/plugin.json +1 -1
  20. package/plugins/lisa-cdk-copilot/.claude-plugin/plugin.json +1 -1
  21. package/plugins/lisa-cdk-cursor/.claude-plugin/plugin.json +1 -1
  22. package/plugins/lisa-copilot/.claude-plugin/plugin.json +1 -1
  23. package/plugins/lisa-copilot/commands/lisa/setup/github-repo.md +7 -0
  24. package/plugins/lisa-copilot/skills/lisa-setup-github-repo/SKILL.md +66 -0
  25. package/plugins/lisa-cursor/.claude-plugin/plugin.json +1 -1
  26. package/plugins/lisa-cursor/commands/lisa/setup/github-repo.md +7 -0
  27. package/plugins/lisa-cursor/skills/lisa-setup-github-repo/SKILL.md +66 -0
  28. package/plugins/lisa-expo/.claude-plugin/plugin.json +1 -1
  29. package/plugins/lisa-expo/.codex-plugin/plugin.json +1 -1
  30. package/plugins/lisa-expo-agy/plugin.json +1 -1
  31. package/plugins/lisa-expo-copilot/.claude-plugin/plugin.json +1 -1
  32. package/plugins/lisa-expo-cursor/.claude-plugin/plugin.json +1 -1
  33. package/plugins/lisa-harper-fabric/.claude-plugin/plugin.json +1 -1
  34. package/plugins/lisa-harper-fabric/.codex-plugin/plugin.json +1 -1
  35. package/plugins/lisa-harper-fabric-agy/plugin.json +1 -1
  36. package/plugins/lisa-harper-fabric-copilot/.claude-plugin/plugin.json +1 -1
  37. package/plugins/lisa-harper-fabric-cursor/.claude-plugin/plugin.json +1 -1
  38. package/plugins/lisa-nestjs/.claude-plugin/plugin.json +1 -1
  39. package/plugins/lisa-nestjs/.codex-plugin/plugin.json +1 -1
  40. package/plugins/lisa-nestjs-agy/plugin.json +1 -1
  41. package/plugins/lisa-nestjs-copilot/.claude-plugin/plugin.json +1 -1
  42. package/plugins/lisa-nestjs-cursor/.claude-plugin/plugin.json +1 -1
  43. package/plugins/lisa-openclaw/.claude-plugin/plugin.json +1 -1
  44. package/plugins/lisa-openclaw/.codex-plugin/plugin.json +1 -1
  45. package/plugins/lisa-openclaw-agy/plugin.json +1 -1
  46. package/plugins/lisa-openclaw-copilot/.claude-plugin/plugin.json +1 -1
  47. package/plugins/lisa-openclaw-cursor/.claude-plugin/plugin.json +1 -1
  48. package/plugins/lisa-phaser/.claude-plugin/plugin.json +1 -1
  49. package/plugins/lisa-phaser/.codex-plugin/plugin.json +1 -1
  50. package/plugins/lisa-phaser-agy/plugin.json +1 -1
  51. package/plugins/lisa-phaser-copilot/.claude-plugin/plugin.json +1 -1
  52. package/plugins/lisa-phaser-cursor/.claude-plugin/plugin.json +1 -1
  53. package/plugins/lisa-rails/.claude-plugin/plugin.json +1 -1
  54. package/plugins/lisa-rails/.codex-plugin/plugin.json +1 -1
  55. package/plugins/lisa-rails-agy/plugin.json +1 -1
  56. package/plugins/lisa-rails-copilot/.claude-plugin/plugin.json +1 -1
  57. package/plugins/lisa-rails-cursor/.claude-plugin/plugin.json +1 -1
  58. package/plugins/lisa-typescript/.claude-plugin/plugin.json +1 -1
  59. package/plugins/lisa-typescript/.codex-plugin/plugin.json +1 -1
  60. package/plugins/lisa-typescript-agy/plugin.json +1 -1
  61. package/plugins/lisa-typescript-copilot/.claude-plugin/plugin.json +1 -1
  62. package/plugins/lisa-typescript-cursor/.claude-plugin/plugin.json +1 -1
  63. package/plugins/lisa-wiki/.claude-plugin/plugin.json +1 -1
  64. package/plugins/lisa-wiki/.codex-plugin/plugin.json +1 -1
  65. package/plugins/lisa-wiki-agy/plugin.json +1 -1
  66. package/plugins/lisa-wiki-copilot/.claude-plugin/plugin.json +1 -1
  67. package/plugins/lisa-wiki-cursor/.claude-plugin/plugin.json +1 -1
  68. package/plugins/src/base/commands/lisa/setup/github-repo.md +7 -0
  69. package/plugins/src/base/skills/lisa-setup-github-repo/SKILL.md +66 -0
  70. package/rails/github-rulesets/quality-checks.json +51 -0
  71. package/scripts/cleanup-github-branches.sh +96 -72
  72. package/scripts/cleanup-local-merged-branches.sh +110 -0
  73. package/scripts/cleanup-worktrees.sh +222 -0
  74. package/scripts/lisa-github-repo-settings.sh +152 -0
  75. package/scripts/lisa-github-repo-setup.sh +63 -0
  76. package/scripts/lisa-github-rulesets.sh +549 -0
  77. package/scripts/setup-deploy-key.sh +61 -2
  78. package/typescript/github-rulesets/quality-checks.json +67 -0
  79. package/typescript/github-rulesets/base.json +0 -33
@@ -0,0 +1,64 @@
1
+ {
2
+ "name": "base",
3
+ "target": "branch",
4
+ "enforcement": "active",
5
+ "conditions": {
6
+ "ref_name": {
7
+ "exclude": [],
8
+ "include": [
9
+ "~DEFAULT_BRANCH",
10
+ "refs/heads/dev",
11
+ "refs/heads/staging",
12
+ "refs/heads/main"
13
+ ]
14
+ }
15
+ },
16
+ "bypass_actors": [
17
+ {
18
+ "actor_id": null,
19
+ "actor_type": "DeployKey",
20
+ "bypass_mode": "always"
21
+ },
22
+ {
23
+ "actor_id": 5,
24
+ "actor_type": "RepositoryRole",
25
+ "bypass_mode": "always"
26
+ }
27
+ ],
28
+ "rules": [
29
+ {
30
+ "type": "deletion"
31
+ },
32
+ {
33
+ "type": "non_fast_forward"
34
+ },
35
+ {
36
+ "type": "pull_request",
37
+ "parameters": {
38
+ "required_approving_review_count": 0,
39
+ "dismiss_stale_reviews_on_push": false,
40
+ "require_code_owner_review": false,
41
+ "require_last_push_approval": false,
42
+ "required_review_thread_resolution": true,
43
+ "allowed_merge_methods": ["merge"]
44
+ }
45
+ },
46
+ {
47
+ "type": "required_status_checks",
48
+ "parameters": {
49
+ "strict_required_status_checks_policy": false,
50
+ "do_not_enforce_on_create": false,
51
+ "required_status_checks": [
52
+ {
53
+ "context": "CodeRabbit",
54
+ "integration_id": 347564
55
+ },
56
+ {
57
+ "context": "GitGuardian Security Checks",
58
+ "integration_id": 46505
59
+ }
60
+ ]
61
+ }
62
+ }
63
+ ]
64
+ }
@@ -0,0 +1,25 @@
1
+ {
2
+ "name": "prevent delete",
3
+ "target": "branch",
4
+ "enforcement": "active",
5
+ "conditions": {
6
+ "ref_name": {
7
+ "exclude": [],
8
+ "include": [
9
+ "~DEFAULT_BRANCH",
10
+ "refs/heads/dev",
11
+ "refs/heads/staging",
12
+ "refs/heads/main"
13
+ ]
14
+ }
15
+ },
16
+ "bypass_actors": [],
17
+ "rules": [
18
+ {
19
+ "type": "deletion"
20
+ },
21
+ {
22
+ "type": "non_fast_forward"
23
+ }
24
+ ]
25
+ }
@@ -0,0 +1,31 @@
1
+ {
2
+ "name": "protect tags",
3
+ "target": "tag",
4
+ "enforcement": "active",
5
+ "conditions": {
6
+ "ref_name": {
7
+ "exclude": [],
8
+ "include": ["refs/tags/v*"]
9
+ }
10
+ },
11
+ "bypass_actors": [
12
+ {
13
+ "actor_id": null,
14
+ "actor_type": "DeployKey",
15
+ "bypass_mode": "always"
16
+ },
17
+ {
18
+ "actor_id": 5,
19
+ "actor_type": "RepositoryRole",
20
+ "bypass_mode": "always"
21
+ }
22
+ ],
23
+ "rules": [
24
+ {
25
+ "type": "deletion"
26
+ },
27
+ {
28
+ "type": "non_fast_forward"
29
+ }
30
+ ]
31
+ }
@@ -0,0 +1,43 @@
1
+ {
2
+ "name": "cdk validation",
3
+ "target": "branch",
4
+ "enforcement": "active",
5
+ "conditions": {
6
+ "ref_name": {
7
+ "exclude": [],
8
+ "include": [
9
+ "~DEFAULT_BRANCH",
10
+ "refs/heads/dev",
11
+ "refs/heads/staging",
12
+ "refs/heads/main"
13
+ ]
14
+ }
15
+ },
16
+ "bypass_actors": [
17
+ {
18
+ "actor_id": null,
19
+ "actor_type": "DeployKey",
20
+ "bypass_mode": "always"
21
+ },
22
+ {
23
+ "actor_id": 5,
24
+ "actor_type": "RepositoryRole",
25
+ "bypass_mode": "always"
26
+ }
27
+ ],
28
+ "rules": [
29
+ {
30
+ "type": "required_status_checks",
31
+ "parameters": {
32
+ "strict_required_status_checks_policy": false,
33
+ "do_not_enforce_on_create": true,
34
+ "required_status_checks": [
35
+ {
36
+ "context": "🏗️ CDK Validation",
37
+ "integration_id": 15368
38
+ }
39
+ ]
40
+ }
41
+ }
42
+ ]
43
+ }
@@ -0,0 +1,38 @@
1
+ {
2
+ "name": "playwright",
3
+ "target": "branch",
4
+ "enforcement": "active",
5
+ "conditions": {
6
+ "ref_name": {
7
+ "exclude": [],
8
+ "include": ["refs/heads/staging"]
9
+ }
10
+ },
11
+ "bypass_actors": [
12
+ {
13
+ "actor_id": null,
14
+ "actor_type": "DeployKey",
15
+ "bypass_mode": "always"
16
+ },
17
+ {
18
+ "actor_id": 5,
19
+ "actor_type": "RepositoryRole",
20
+ "bypass_mode": "always"
21
+ }
22
+ ],
23
+ "rules": [
24
+ {
25
+ "type": "required_status_checks",
26
+ "parameters": {
27
+ "strict_required_status_checks_policy": false,
28
+ "do_not_enforce_on_create": true,
29
+ "required_status_checks": [
30
+ {
31
+ "context": "🔍 Quality Checks / 🎭 Playwright E2E Tests",
32
+ "integration_id": 15368
33
+ }
34
+ ]
35
+ }
36
+ }
37
+ ]
38
+ }
package/package.json CHANGED
@@ -94,7 +94,7 @@
94
94
  "ws": ">=8.20.1"
95
95
  },
96
96
  "name": "@codyswann/lisa",
97
- "version": "2.195.8",
97
+ "version": "2.196.0",
98
98
  "description": "Claude Code governance framework that applies guardrails, guidance, and automated enforcement to projects",
99
99
  "main": "dist/index.js",
100
100
  "exports": {
@@ -217,7 +217,7 @@
217
217
  "vitest": "^4.1.9"
218
218
  },
219
219
  "devDependencies": {
220
- "@codyswann/lisa": "^2.191.13",
220
+ "@codyswann/lisa": "^2.195.6",
221
221
  "@types/js-yaml": "^4.0.9",
222
222
  "@types/semver": "^7.7.1",
223
223
  "eslint-plugin-oxlint": "^1.62.0",
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa",
3
- "version": "2.195.8",
3
+ "version": "2.196.0",
4
4
  "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa",
3
- "version": "2.195.8",
3
+ "version": "2.196.0",
4
4
  "description": "Universal governance: agents, skills, commands, hooks, and rules for all projects.",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -0,0 +1,66 @@
1
+ ---
2
+ name: lisa-setup-github-repo
3
+ description: "Apply Lisa's GitHub repository…"
4
+ allowed-tools: ["Bash", "Read", "AskUserQuestion"]
5
+ ---
6
+
7
+ # Setup GitHub Repository Governance
8
+
9
+ Apply the fleet-standard GitHub repository configuration to this project's repo. The settings, rulesets, and deploy key that used to be clicked together by hand for every new repo are applied here as one scripted flow.
10
+
11
+ ## What gets applied
12
+
13
+ 1. **Repository settings** (`scripts/lisa-github-repo-settings.sh`)
14
+ - Merge commits on; squash and rebase merging **off** (merge-only policy)
15
+ - Merge commit title/message from the PR (`MERGE_MESSAGE` / `PR_TITLE`)
16
+ - Auto-merge **on** — per-repo opt-out via `.lisa.config.json`:
17
+ ```json
18
+ { "github": { "settings": { "allow_auto_merge": false } } }
19
+ ```
20
+ (any key under `github.settings` overrides the baseline)
21
+ - Delete head branches after merge (environment branches survive — the rulesets' `deletion` rule means GitHub refuses to delete them)
22
+ - "Always suggest updating pull request branches" on
23
+ - GitHub wiki tab off (Lisa projects use in-repo `wiki/`)
24
+ - Secret scanning + push protection enabled where the plan supports it
25
+ 2. **Rulesets** (`scripts/lisa-github-rulesets.sh`) from Lisa's `<type>/github-rulesets/` templates, matched by project type:
26
+ - `base` — deletion/force-push protection on `main`/`dev`/`staging` + default, PRs required (0 approvals, review-thread resolution required, merge method = merge only), required checks: CodeRabbit + GitGuardian
27
+ - `quality checks` — the stack's CI checks (TypeScript emoji names or Rails names)
28
+ - `prevent delete`, `protect tags` (`v*`), plus stack overlays (`cdk validation`, staging-only `playwright`)
29
+ - Repos without `.github/workflows/` get only app-based required checks — an Actions check that can never report would block every PR forever
30
+ 3. **Deploy key** (`scripts/setup-deploy-key.sh --yes`) — write-access deploy key + `DEPLOY_KEY` secret, skipped when already configured. The `base` ruleset's `DeployKey: always` bypass is what lets CI version-bump pushes through protected branches.
31
+
32
+ ## Workflow
33
+
34
+ ### Step 1 — Locate the scripts
35
+
36
+ In the Lisa repo itself, use `scripts/` directly. In a downstream project, use the installed package:
37
+
38
+ ```bash
39
+ LISA_SCRIPTS=$(ls -d node_modules/@codyswann/lisa/scripts 2>/dev/null || echo scripts)
40
+ ```
41
+
42
+ ### Step 2 — Dry-run and show the plan
43
+
44
+ ```bash
45
+ bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" --dry-run .
46
+ ```
47
+
48
+ Present what would change. If the repo already matches the baseline, say so and stop.
49
+
50
+ ### Step 3 — Apply
51
+
52
+ ```bash
53
+ bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" .
54
+ ```
55
+
56
+ Requires `gh` authenticated with **admin** permission on the repo. A 403 on rulesets means the plan doesn't support them (private repo on a free personal plan) — settings and deploy key still apply; the script skips rulesets gracefully.
57
+
58
+ ### Step 4 — Verify
59
+
60
+ ```bash
61
+ gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)" \
62
+ --jq '{allow_squash_merge, allow_auto_merge, delete_branch_on_merge, allow_update_branch}'
63
+ gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)/rulesets" --jq '[.[].name]'
64
+ ```
65
+
66
+ Report the applied settings and ruleset names. If any step failed, surface the error — do not mark the setup complete.
@@ -0,0 +1,4 @@
1
+ display_name: "Setup Github Repo"
2
+ short_description: "Apply Lisa's GitHub repository…"
3
+ default_prompt:
4
+ - "Use $lisa-setup-github-repo: Apply Lisa's GitHub repository…."
@@ -0,0 +1,7 @@
1
+ ---
2
+ description: "Apply Lisa's GitHub repository governance baseline: merge-only settings with auto-merge and delete-branch-on-merge, branch + tag rulesets (CodeRabbit/GitGuardian/Quality Checks gates, prevent delete, protect tags), and a CI deploy key + DEPLOY_KEY secret. Idempotent; per-repo overrides via .lisa.config.json github.settings."
3
+ allowed-tools: ["Skill"]
4
+ argument-hint: ""
5
+ ---
6
+
7
+ Use the /lisa-setup-github-repo skill to apply the GitHub repository governance baseline. $ARGUMENTS
@@ -0,0 +1,66 @@
1
+ ---
2
+ name: lisa-setup-github-repo
3
+ description: "Apply Lisa's GitHub repository governance baseline to the current project's repo: repository settings (merge-only, auto-merge, delete-branch-on-merge, update-branch suggestions, wiki off, secret scanning where available), branch + tag rulesets from Lisa templates (base PR gate with CodeRabbit/GitGuardian/Quality Checks, prevent delete, protect tags, stack overlays), and a write-access deploy key + DEPLOY_KEY secret so release workflows can push version bumps through the rulesets' DeployKey bypass. Idempotent — re-running updates settings and rulesets in place and skips an already-configured deploy key."
4
+ allowed-tools: ["Bash", "Read", "AskUserQuestion"]
5
+ ---
6
+
7
+ # Setup GitHub Repository Governance
8
+
9
+ Apply the fleet-standard GitHub repository configuration to this project's repo. The settings, rulesets, and deploy key that used to be clicked together by hand for every new repo are applied here as one scripted flow.
10
+
11
+ ## What gets applied
12
+
13
+ 1. **Repository settings** (`scripts/lisa-github-repo-settings.sh`)
14
+ - Merge commits on; squash and rebase merging **off** (merge-only policy)
15
+ - Merge commit title/message from the PR (`MERGE_MESSAGE` / `PR_TITLE`)
16
+ - Auto-merge **on** — per-repo opt-out via `.lisa.config.json`:
17
+ ```json
18
+ { "github": { "settings": { "allow_auto_merge": false } } }
19
+ ```
20
+ (any key under `github.settings` overrides the baseline)
21
+ - Delete head branches after merge (environment branches survive — the rulesets' `deletion` rule means GitHub refuses to delete them)
22
+ - "Always suggest updating pull request branches" on
23
+ - GitHub wiki tab off (Lisa projects use in-repo `wiki/`)
24
+ - Secret scanning + push protection enabled where the plan supports it
25
+ 2. **Rulesets** (`scripts/lisa-github-rulesets.sh`) from Lisa's `<type>/github-rulesets/` templates, matched by project type:
26
+ - `base` — deletion/force-push protection on `main`/`dev`/`staging` + default, PRs required (0 approvals, review-thread resolution required, merge method = merge only), required checks: CodeRabbit + GitGuardian
27
+ - `quality checks` — the stack's CI checks (TypeScript emoji names or Rails names)
28
+ - `prevent delete`, `protect tags` (`v*`), plus stack overlays (`cdk validation`, staging-only `playwright`)
29
+ - Repos without `.github/workflows/` get only app-based required checks — an Actions check that can never report would block every PR forever
30
+ 3. **Deploy key** (`scripts/setup-deploy-key.sh --yes`) — write-access deploy key + `DEPLOY_KEY` secret, skipped when already configured. The `base` ruleset's `DeployKey: always` bypass is what lets CI version-bump pushes through protected branches.
31
+
32
+ ## Workflow
33
+
34
+ ### Step 1 — Locate the scripts
35
+
36
+ In the Lisa repo itself, use `scripts/` directly. In a downstream project, use the installed package:
37
+
38
+ ```bash
39
+ LISA_SCRIPTS=$(ls -d node_modules/@codyswann/lisa/scripts 2>/dev/null || echo scripts)
40
+ ```
41
+
42
+ ### Step 2 — Dry-run and show the plan
43
+
44
+ ```bash
45
+ bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" --dry-run .
46
+ ```
47
+
48
+ Present what would change. If the repo already matches the baseline, say so and stop.
49
+
50
+ ### Step 3 — Apply
51
+
52
+ ```bash
53
+ bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" .
54
+ ```
55
+
56
+ Requires `gh` authenticated with **admin** permission on the repo. A 403 on rulesets means the plan doesn't support them (private repo on a free personal plan) — settings and deploy key still apply; the script skips rulesets gracefully.
57
+
58
+ ### Step 4 — Verify
59
+
60
+ ```bash
61
+ gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)" \
62
+ --jq '{allow_squash_merge, allow_auto_merge, delete_branch_on_merge, allow_update_branch}'
63
+ gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)/rulesets" --jq '[.[].name]'
64
+ ```
65
+
66
+ Report the applied settings and ruleset names. If any step failed, surface the error — do not mark the setup complete.
@@ -0,0 +1,4 @@
1
+ display_name: "Setup Github Repo"
2
+ short_description: "Apply Lisa's GitHub repository governance baseline to the current project's repo: repository settings (merge-only, auto-merge…"
3
+ default_prompt:
4
+ - "Use $lisa-setup-github-repo: Apply Lisa's GitHub repository governance baseline to the current project's repo: repository settings (merge-only, auto-merge…."
@@ -0,0 +1,7 @@
1
+ ---
2
+ description: "Apply Lisa's GitHub repository governance baseline: merge-only settings with auto-merge and delete-branch-on-merge, branch + tag rulesets (CodeRabbit/GitGuardian/Quality Checks gates, prevent delete, protect tags), and a CI deploy key + DEPLOY_KEY secret. Idempotent; per-repo overrides via .lisa.config.json github.settings."
3
+ allowed-tools: ["Skill"]
4
+ argument-hint: ""
5
+ ---
6
+
7
+ Use the /lisa-setup-github-repo skill to apply the GitHub repository governance baseline. $ARGUMENTS
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa",
3
- "version": "2.195.8",
3
+ "version": "2.196.0",
4
4
  "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -0,0 +1,66 @@
1
+ ---
2
+ name: lisa-setup-github-repo
3
+ description: "Apply Lisa's GitHub repository governance baseline to the current project's repo: repository settings (merge-only, auto-merge, delete-branch-on-merge, update-branch suggestions, wiki off, secret scanning where available), branch + tag rulesets from Lisa templates (base PR gate with CodeRabbit/GitGuardian/Quality Checks, prevent delete, protect tags, stack overlays), and a write-access deploy key + DEPLOY_KEY secret so release workflows can push version bumps through the rulesets' DeployKey bypass. Idempotent — re-running updates settings and rulesets in place and skips an already-configured deploy key."
4
+ allowed-tools: ["Bash", "Read", "AskUserQuestion"]
5
+ ---
6
+
7
+ # Setup GitHub Repository Governance
8
+
9
+ Apply the fleet-standard GitHub repository configuration to this project's repo. The settings, rulesets, and deploy key that used to be clicked together by hand for every new repo are applied here as one scripted flow.
10
+
11
+ ## What gets applied
12
+
13
+ 1. **Repository settings** (`scripts/lisa-github-repo-settings.sh`)
14
+ - Merge commits on; squash and rebase merging **off** (merge-only policy)
15
+ - Merge commit title/message from the PR (`MERGE_MESSAGE` / `PR_TITLE`)
16
+ - Auto-merge **on** — per-repo opt-out via `.lisa.config.json`:
17
+ ```json
18
+ { "github": { "settings": { "allow_auto_merge": false } } }
19
+ ```
20
+ (any key under `github.settings` overrides the baseline)
21
+ - Delete head branches after merge (environment branches survive — the rulesets' `deletion` rule means GitHub refuses to delete them)
22
+ - "Always suggest updating pull request branches" on
23
+ - GitHub wiki tab off (Lisa projects use in-repo `wiki/`)
24
+ - Secret scanning + push protection enabled where the plan supports it
25
+ 2. **Rulesets** (`scripts/lisa-github-rulesets.sh`) from Lisa's `<type>/github-rulesets/` templates, matched by project type:
26
+ - `base` — deletion/force-push protection on `main`/`dev`/`staging` + default, PRs required (0 approvals, review-thread resolution required, merge method = merge only), required checks: CodeRabbit + GitGuardian
27
+ - `quality checks` — the stack's CI checks (TypeScript emoji names or Rails names)
28
+ - `prevent delete`, `protect tags` (`v*`), plus stack overlays (`cdk validation`, staging-only `playwright`)
29
+ - Repos without `.github/workflows/` get only app-based required checks — an Actions check that can never report would block every PR forever
30
+ 3. **Deploy key** (`scripts/setup-deploy-key.sh --yes`) — write-access deploy key + `DEPLOY_KEY` secret, skipped when already configured. The `base` ruleset's `DeployKey: always` bypass is what lets CI version-bump pushes through protected branches.
31
+
32
+ ## Workflow
33
+
34
+ ### Step 1 — Locate the scripts
35
+
36
+ In the Lisa repo itself, use `scripts/` directly. In a downstream project, use the installed package:
37
+
38
+ ```bash
39
+ LISA_SCRIPTS=$(ls -d node_modules/@codyswann/lisa/scripts 2>/dev/null || echo scripts)
40
+ ```
41
+
42
+ ### Step 2 — Dry-run and show the plan
43
+
44
+ ```bash
45
+ bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" --dry-run .
46
+ ```
47
+
48
+ Present what would change. If the repo already matches the baseline, say so and stop.
49
+
50
+ ### Step 3 — Apply
51
+
52
+ ```bash
53
+ bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" .
54
+ ```
55
+
56
+ Requires `gh` authenticated with **admin** permission on the repo. A 403 on rulesets means the plan doesn't support them (private repo on a free personal plan) — settings and deploy key still apply; the script skips rulesets gracefully.
57
+
58
+ ### Step 4 — Verify
59
+
60
+ ```bash
61
+ gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)" \
62
+ --jq '{allow_squash_merge, allow_auto_merge, delete_branch_on_merge, allow_update_branch}'
63
+ gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)/rulesets" --jq '[.[].name]'
64
+ ```
65
+
66
+ Report the applied settings and ruleset names. If any step failed, surface the error — do not mark the setup complete.
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa-cdk",
3
- "version": "2.195.8",
3
+ "version": "2.196.0",
4
4
  "description": "AWS CDK-specific plugin",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa-cdk",
3
- "version": "2.195.8",
3
+ "version": "2.196.0",
4
4
  "description": "AWS CDK-specific Lisa plugin.",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa-cdk",
3
- "version": "2.195.8",
3
+ "version": "2.196.0",
4
4
  "description": "AWS CDK-specific plugin",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa-cdk",
3
- "version": "2.195.8",
3
+ "version": "2.196.0",
4
4
  "description": "AWS CDK-specific plugin",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa-cdk",
3
- "version": "2.195.8",
3
+ "version": "2.196.0",
4
4
  "description": "AWS CDK-specific plugin",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa",
3
- "version": "2.195.8",
3
+ "version": "2.196.0",
4
4
  "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -0,0 +1,7 @@
1
+ ---
2
+ description: "Apply Lisa's GitHub repository governance baseline: merge-only settings with auto-merge and delete-branch-on-merge, branch + tag rulesets (CodeRabbit/GitGuardian/Quality Checks gates, prevent delete, protect tags), and a CI deploy key + DEPLOY_KEY secret. Idempotent; per-repo overrides via .lisa.config.json github.settings."
3
+ allowed-tools: ["Skill"]
4
+ argument-hint: ""
5
+ ---
6
+
7
+ Use the /lisa-setup-github-repo skill to apply the GitHub repository governance baseline. $ARGUMENTS
@@ -0,0 +1,66 @@
1
+ ---
2
+ name: lisa-setup-github-repo
3
+ description: "Apply Lisa's GitHub repository governance baseline to the current project's repo: repository settings (merge-only, auto-merge, delete-branch-on-merge, update-branch suggestions, wiki off, secret scanning where available), branch + tag rulesets from Lisa templates (base PR gate with CodeRabbit/GitGuardian/Quality Checks, prevent delete, protect tags, stack overlays), and a write-access deploy key + DEPLOY_KEY secret so release workflows can push version bumps through the rulesets' DeployKey bypass. Idempotent — re-running updates settings and rulesets in place and skips an already-configured deploy key."
4
+ allowed-tools: ["Bash", "Read", "AskUserQuestion"]
5
+ ---
6
+
7
+ # Setup GitHub Repository Governance
8
+
9
+ Apply the fleet-standard GitHub repository configuration to this project's repo. The settings, rulesets, and deploy key that used to be clicked together by hand for every new repo are applied here as one scripted flow.
10
+
11
+ ## What gets applied
12
+
13
+ 1. **Repository settings** (`scripts/lisa-github-repo-settings.sh`)
14
+ - Merge commits on; squash and rebase merging **off** (merge-only policy)
15
+ - Merge commit title/message from the PR (`MERGE_MESSAGE` / `PR_TITLE`)
16
+ - Auto-merge **on** — per-repo opt-out via `.lisa.config.json`:
17
+ ```json
18
+ { "github": { "settings": { "allow_auto_merge": false } } }
19
+ ```
20
+ (any key under `github.settings` overrides the baseline)
21
+ - Delete head branches after merge (environment branches survive — the rulesets' `deletion` rule means GitHub refuses to delete them)
22
+ - "Always suggest updating pull request branches" on
23
+ - GitHub wiki tab off (Lisa projects use in-repo `wiki/`)
24
+ - Secret scanning + push protection enabled where the plan supports it
25
+ 2. **Rulesets** (`scripts/lisa-github-rulesets.sh`) from Lisa's `<type>/github-rulesets/` templates, matched by project type:
26
+ - `base` — deletion/force-push protection on `main`/`dev`/`staging` + default, PRs required (0 approvals, review-thread resolution required, merge method = merge only), required checks: CodeRabbit + GitGuardian
27
+ - `quality checks` — the stack's CI checks (TypeScript emoji names or Rails names)
28
+ - `prevent delete`, `protect tags` (`v*`), plus stack overlays (`cdk validation`, staging-only `playwright`)
29
+ - Repos without `.github/workflows/` get only app-based required checks — an Actions check that can never report would block every PR forever
30
+ 3. **Deploy key** (`scripts/setup-deploy-key.sh --yes`) — write-access deploy key + `DEPLOY_KEY` secret, skipped when already configured. The `base` ruleset's `DeployKey: always` bypass is what lets CI version-bump pushes through protected branches.
31
+
32
+ ## Workflow
33
+
34
+ ### Step 1 — Locate the scripts
35
+
36
+ In the Lisa repo itself, use `scripts/` directly. In a downstream project, use the installed package:
37
+
38
+ ```bash
39
+ LISA_SCRIPTS=$(ls -d node_modules/@codyswann/lisa/scripts 2>/dev/null || echo scripts)
40
+ ```
41
+
42
+ ### Step 2 — Dry-run and show the plan
43
+
44
+ ```bash
45
+ bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" --dry-run .
46
+ ```
47
+
48
+ Present what would change. If the repo already matches the baseline, say so and stop.
49
+
50
+ ### Step 3 — Apply
51
+
52
+ ```bash
53
+ bash "$LISA_SCRIPTS/lisa-github-repo-setup.sh" .
54
+ ```
55
+
56
+ Requires `gh` authenticated with **admin** permission on the repo. A 403 on rulesets means the plan doesn't support them (private repo on a free personal plan) — settings and deploy key still apply; the script skips rulesets gracefully.
57
+
58
+ ### Step 4 — Verify
59
+
60
+ ```bash
61
+ gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)" \
62
+ --jq '{allow_squash_merge, allow_auto_merge, delete_branch_on_merge, allow_update_branch}'
63
+ gh api "repos/$(gh repo view --json nameWithOwner -q .nameWithOwner)/rulesets" --jq '[.[].name]'
64
+ ```
65
+
66
+ Report the applied settings and ruleset names. If any step failed, surface the error — do not mark the setup complete.
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa",
3
- "version": "2.195.8",
3
+ "version": "2.196.0",
4
4
  "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -0,0 +1,7 @@
1
+ ---
2
+ description: "Apply Lisa's GitHub repository governance baseline: merge-only settings with auto-merge and delete-branch-on-merge, branch + tag rulesets (CodeRabbit/GitGuardian/Quality Checks gates, prevent delete, protect tags), and a CI deploy key + DEPLOY_KEY secret. Idempotent; per-repo overrides via .lisa.config.json github.settings."
3
+ allowed-tools: ["Skill"]
4
+ argument-hint: ""
5
+ ---
6
+
7
+ Use the /lisa-setup-github-repo skill to apply the GitHub repository governance baseline. $ARGUMENTS