npm - @intentsolutionsio/contributing-clanker - Versions diffs - 0.1.1 - Mend

@intentsolutionsio/contributing-clanker 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (69) hide show

package/skills/contribute/scripts/gates/b03-clone-fresh.sh ADDED Viewed

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+# Catalog: B3 — Local clone is stale vs origin/<default_branch>
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+if [[ -z "$GATE_DOSSIER_PATH" || ! -f "$GATE_DOSSIER_PATH" ]]; then
+  gate_skip "no dossier"
+fi
+DEFAULT_BRANCH=$(fm_field "$GATE_DOSSIER_PATH" "default_branch")
+if [[ -z "$DEFAULT_BRANCH" ]]; then
+  gate_skip "no default_branch in dossier"
+fi
+REPO_NAME="${GATE_REPO##*/}"
+CLONE_DIR="$HOME/000-projects/contributing-clanker/$REPO_NAME"
+if [[ ! -d "$CLONE_DIR/.git" ]]; then
+  gate_skip "no local clone at $CLONE_DIR"
+fi
+cd "$CLONE_DIR" || gate_skip "cannot cd to clone dir"
+/usr/bin/timeout 30 /usr/bin/git fetch origin "$DEFAULT_BRANCH" --quiet 2>/dev/null || true
+BEHIND=$(/usr/bin/git rev-list --count "HEAD..origin/$DEFAULT_BRANCH" 2>/dev/null || /usr/bin/echo "0")
+if [[ "$BEHIND" -gt 100 ]]; then
+  gate_warn "local clone is $BEHIND commits behind origin/$DEFAULT_BRANCH" "rebase: git pull --rebase origin $DEFAULT_BRANCH"
+fi
+gate_pass "clone is current ($BEHIND commits behind origin/$DEFAULT_BRANCH)"

package/skills/contribute/scripts/gates/b05-dco-signoff.sh ADDED Viewed

@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+# Catalog: B5 — Commits missing Signed-off-by when dossier requires DCO
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+if [[ -z "$GATE_DOSSIER_PATH" || ! -f "$GATE_DOSSIER_PATH" ]]; then
+  gate_skip "no dossier"
+fi
+DCO=$(fm_field "$GATE_DOSSIER_PATH" "dco_required")
+if [[ "$DCO" != "true" ]]; then
+  gate_skip "dossier does not require DCO"
+fi
+DEFAULT_BRANCH=$(fm_field "$GATE_DOSSIER_PATH" "default_branch")
+if [[ -z "$DEFAULT_BRANCH" ]]; then
+  gate_skip "no default_branch in dossier"
+fi
+REPO_NAME="${GATE_REPO##*/}"
+CLONE_DIR="$HOME/000-projects/contributing-clanker/$REPO_NAME"
+if [[ ! -d "$CLONE_DIR/.git" ]]; then
+  gate_skip "no local clone at $CLONE_DIR"
+fi
+cd "$CLONE_DIR" || gate_skip "cannot cd to clone dir"
+# Iterate per-commit so we can flag exactly which sha is missing the trailer.
+MISSING=""
+COMMITS=$(/usr/bin/git rev-list "origin/$DEFAULT_BRANCH..HEAD" 2>/dev/null || /usr/bin/echo "")
+if [[ -z "$COMMITS" ]]; then
+  gate_pass "no new commits to check"
+fi
+while read -r sha; do
+  [[ -z "$sha" ]] && continue
+  BODY=$(/usr/bin/git log -1 --format=%B "$sha" 2>/dev/null || /usr/bin/echo "")
+  if ! /usr/bin/printf '%s' "$BODY" | /usr/bin/grep -q "^Signed-off-by:"; then
+    MISSING="${MISSING}${sha:0:8} "
+  fi
+done <<< "$COMMITS"
+if [[ -n "$MISSING" ]]; then
+  COUNT=$(/usr/bin/printf '%s' "$COMMITS" | /usr/bin/grep -c .)
+  gate_block "commits missing Signed-off-by: $MISSING" "git commit --amend -s OR sign all commits: git rebase HEAD~$COUNT --signoff"
+fi
+gate_pass "all commits have Signed-off-by trailer"

package/skills/contribute/scripts/gates/b06-commit-format.sh ADDED Viewed

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+# Catalog: B6 — Commit subjects violate Conventional Commits when required
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+if [[ -z "$GATE_DOSSIER_PATH" || ! -f "$GATE_DOSSIER_PATH" ]]; then
+  gate_skip "no dossier"
+fi
+CC=$(fm_field "$GATE_DOSSIER_PATH" "conventional_commits")
+if [[ "$CC" != "true" ]]; then
+  gate_skip "dossier does not require Conventional Commits"
+fi
+DEFAULT_BRANCH=$(fm_field "$GATE_DOSSIER_PATH" "default_branch")
+if [[ -z "$DEFAULT_BRANCH" ]]; then
+  gate_skip "no default_branch in dossier"
+fi
+REPO_NAME="${GATE_REPO##*/}"
+CLONE_DIR="$HOME/000-projects/contributing-clanker/$REPO_NAME"
+if [[ ! -d "$CLONE_DIR/.git" ]]; then
+  gate_skip "no local clone at $CLONE_DIR"
+fi
+cd "$CLONE_DIR" || gate_skip "cannot cd to clone dir"
+CC_REGEX='^[a-z]+(\([a-z0-9._/-]+\))?!?: .+'
+FAILING=""
+while IFS= read -r subj; do
+  [[ -z "$subj" ]] && continue
+  if ! /usr/bin/printf '%s' "$subj" | /usr/bin/grep -qE "$CC_REGEX"; then
+    FAILING="${FAILING}  - ${subj}\n"
+  fi
+done < <(/usr/bin/git log "origin/$DEFAULT_BRANCH..HEAD" --format=%s 2>/dev/null || /usr/bin/echo "")
+if [[ -n "$FAILING" ]]; then
+  gate_block "commit subjects not Conventional Commits compliant" "fix subjects via git commit --amend or git rebase -i. Failing: $(/usr/bin/printf "$FAILING" | /usr/bin/tr '\n' '|')"
+fi
+gate_pass "all commit subjects match Conventional Commits"

package/skills/contribute/scripts/gates/b07-scope-files.sh ADDED Viewed

@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+# Catalog: B7 — Local diff touches files outside candidate's claimed scope
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+if [[ -z "$GATE_CANDIDATE_PATH" || ! -f "$GATE_CANDIDATE_PATH" ]]; then
+  gate_skip "no candidate file"
+fi
+# Extract scope section from candidate body. Recognize "## Scope" or
+# "## Files to touch" (case-insensitive on the heading word).
+SCOPE_BLOCK=$(/usr/bin/awk '
+  BEGIN{flag=0}
+  /^## [Ss]cope/ {flag=1; next}
+  /^## [Ff]iles to touch/ {flag=1; next}
+  /^## / {flag=0}
+  flag {print}
+' "$GATE_CANDIDATE_PATH" 2>/dev/null || /usr/bin/echo "")
+if [[ -z "$SCOPE_BLOCK" ]]; then
+  gate_skip "no '## Scope' or '## Files to touch' section in candidate"
+fi
+# Parse paths: strip blank lines, comments, list markers.
+SCOPE_FILES=$(/usr/bin/printf '%s\n' "$SCOPE_BLOCK" \
+  | /usr/bin/sed -E 's/^[[:space:]]*[-*][[:space:]]+//; s/^[[:space:]]+//; s/[[:space:]]+$//' \
+  | /usr/bin/grep -vE '^(#|$)' \
+  | /usr/bin/sed -E 's/^`(.+)`$/\1/')
+if [[ -z "$SCOPE_FILES" ]]; then
+  gate_skip "scope section present but empty"
+fi
+REPO_NAME="${GATE_REPO##*/}"
+CLONE_DIR="$HOME/000-projects/contributing-clanker/$REPO_NAME"
+if [[ ! -d "$CLONE_DIR/.git" ]]; then
+  gate_skip "no local clone at $CLONE_DIR"
+fi
+cd "$CLONE_DIR" || gate_skip "cannot cd to clone dir"
+DEFAULT_BRANCH=""
+if [[ -n "$GATE_DOSSIER_PATH" && -f "$GATE_DOSSIER_PATH" ]]; then
+  DEFAULT_BRANCH=$(fm_field "$GATE_DOSSIER_PATH" "default_branch")
+fi
+[[ -z "$DEFAULT_BRANCH" ]] && DEFAULT_BRANCH="main"
+CHANGED=$(/usr/bin/git diff "origin/$DEFAULT_BRANCH..HEAD" --name-only 2>/dev/null || /usr/bin/echo "")
+if [[ -z "$CHANGED" ]]; then
+  gate_pass "no changed files"
+fi
+DIVERGENT=""
+while IFS= read -r f; do
+  [[ -z "$f" ]] && continue
+  if ! /usr/bin/printf '%s\n' "$SCOPE_FILES" | /usr/bin/grep -Fxq "$f"; then
+    DIVERGENT="${DIVERGENT}${f} "
+  fi
+done <<< "$CHANGED"
+if [[ -n "$DIVERGENT" ]]; then
+  gate_warn "diff touches files outside scope: $DIVERGENT" "either expand the candidate's scope section or revert the out-of-scope edits"
+fi
+gate_pass "all changed files are within declared scope"

package/skills/contribute/scripts/gates/b12-new-deps.sh ADDED Viewed

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+# Catalog: B12 — diff introduces new dependencies without prior issue conversation
+# Mitigates: maintainers strongly prefer dep additions to be discussed first.
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+REPO_NAME="${GATE_REPO##*/}"
+CLONE="$HOME/000-projects/contributing-clanker/$REPO_NAME"
+if [[ ! -d "$CLONE/.git" ]]; then
+  gate_skip "no local clone at $CLONE"
+fi
+DEFAULT_BRANCH=""
+if [[ -n "$GATE_DOSSIER_PATH" && -f "$GATE_DOSSIER_PATH" ]]; then
+  DEFAULT_BRANCH=$(fm_field "$GATE_DOSSIER_PATH" "default_branch")
+fi
+[[ -z "$DEFAULT_BRANCH" ]] && DEFAULT_BRANCH="main"
+DIFF=$(/usr/bin/git -C "$CLONE" diff "$DEFAULT_BRANCH..HEAD" -- package.json Cargo.toml pyproject.toml requirements.txt go.mod 2>/dev/null || /usr/bin/echo "")
+if [[ -z "$DIFF" ]]; then
+  gate_pass "no manifest files changed"
+fi
+# Heuristic: look for added dep lines across the supported manifest formats.
+NEW_DEPS=$(/usr/bin/printf '%s\n' "$DIFF" \
+  | /usr/bin/grep -E '^\+([[:space:]]*"[A-Za-z0-9_@/.-]+"[[:space:]]*:[[:space:]]*"[^"]+",?$|[[:space:]]*[a-zA-Z][A-Za-z0-9_-]*[[:space:]]*=[[:space:]]*".*"$|[a-zA-Z][A-Za-z0-9_.-]*([<>=!~].*)?$)' \
+  | /usr/bin/grep -vE '^\+\+\+|^\+[[:space:]]*#|^\+[[:space:]]*"version"' \
+  | /usr/bin/sed -E 's/^\+[[:space:]]*//; s/[[:space:]]*=.*$//; s/^"//; s/".*$//; s/[<>=!~].*$//' \
+  | /usr/bin/grep -v '^[[:space:]]*$' \
+  || /usr/bin/echo "")
+if [[ -z "$NEW_DEPS" ]]; then
+  gate_pass "no new dependency entries detected in manifest diffs"
+fi
+LIST=$(/usr/bin/printf '%s' "$NEW_DEPS" | /usr/bin/tr '\n' ',' | /usr/bin/sed 's/,$//')
+gate_warn "diff appears to add new dependencies: $LIST" "new dependencies usually warrant an issue conversation first; check the issue thread for prior discussion"

package/skills/contribute/scripts/gates/b14-local-checks.sh ADDED Viewed

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+# Catalog: B14 — No recent green local check-run for current branch
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+if [[ -z "$GATE_DOSSIER_PATH" || ! -f "$GATE_DOSSIER_PATH" ]]; then
+  gate_skip "no dossier"
+fi
+CMD=$(fm_field "$GATE_DOSSIER_PATH" "local_check_command")
+if [[ -z "$CMD" || "$CMD" == "(not detected)" ]]; then
+  gate_skip "no local_check_command in dossier"
+fi
+BRANCH=$(fm_field "$GATE_CANDIDATE_PATH" "branch")
+if [[ -z "$BRANCH" ]]; then
+  gate_skip "no branch in candidate frontmatter"
+fi
+REPO_SLUG=$(/usr/bin/printf '%s' "$GATE_REPO" | /usr/bin/tr '/' '_' | /usr/bin/tr '/' '_')
+# tr collapses single chars; doubled to satisfy the convention "owner/repo -> owner__repo"
+REPO_SLUG=$(/usr/bin/printf '%s' "$GATE_REPO" | /usr/bin/sed 's|/|__|g')
+EVIDENCE="$HOME/.contribute-system/check-runs/${REPO_SLUG}__${BRANCH}.json"
+if [[ ! -f "$EVIDENCE" ]]; then
+  gate_block "no local check evidence for $BRANCH" "run the project's check command: $CMD"
+fi
+PASSED=$(jq -r '.passed // false' "$EVIDENCE" 2>/dev/null || /usr/bin/echo "false")
+TS=$(jq -r '.ts // ""' "$EVIDENCE" 2>/dev/null || /usr/bin/echo "")
+if [[ "$PASSED" != "true" ]]; then
+  gate_block "last local check run did not pass" "re-run after fixing: $CMD"
+fi
+if [[ -z "$TS" ]]; then
+  gate_warn "evidence file lacks timestamp" "re-run: $CMD"
+fi
+# Compare ts to now; warn if older than 1h.
+NOW_EPOCH=$(/usr/bin/date -u +%s)
+TS_EPOCH=$(/usr/bin/date -u -d "$TS" +%s 2>/dev/null || /usr/bin/echo "0")
+if [[ "$TS_EPOCH" -eq 0 ]]; then
+  gate_warn "could not parse evidence ts=$TS" "re-run: $CMD"
+fi
+AGE=$(( NOW_EPOCH - TS_EPOCH ))
+if [[ "$AGE" -gt 3600 ]]; then
+  gate_warn "last green check is $((AGE / 60))min old (>1h)" "re-run: $CMD"
+fi
+gate_pass "local checks passed at $TS"

package/skills/contribute/scripts/gates/b16-local-check-allowlist.sh ADDED Viewed

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+# Catalog: B16 — Dossier injection via local_check_command
+# Mitigates: Security review GAP #1 — `local_check_command:` is free-text from
+# upstream CONTRIBUTING.md. Malicious repo could inject `make test; rm -rf ~`.
+# Briefing surfaces the recommendation, gate B14 may exec it. This gate refuses
+# to proceed if the dossier's command doesn't match the safe-runner allowlist.
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+if [[ -z "$GATE_DOSSIER_PATH" || ! -f "$GATE_DOSSIER_PATH" ]]; then
+  gate_skip "no dossier — no command to validate"
+fi
+CMD=$(fm_field "$GATE_DOSSIER_PATH" "local_check_command")
+if [[ -z "$CMD" || "$CMD" == "(not detected)" ]]; then
+  gate_pass "no local_check_command in dossier (nothing to validate)"
+fi
+# Allowlist: known-safe runners + their typical args. Composed commands (&&, ||,
+# ;, |, $(), backticks) are denied unconditionally — they're the injection vector.
+if /usr/bin/printf '%s' "$CMD" | /usr/bin/grep -qE '[;|`$(){}<>]|&&|\|\|'; then
+  gate_block "dossier local_check_command contains shell metacharacters: $CMD" "researcher-build.sh extracted this from upstream CONTRIBUTING.md. Treat as untrusted. Manually verify the command and edit the dossier; rerun this gate."
+fi
+# Allowlist regex: starts with a known-safe runner + simple alphanum args.
+ALLOW_REGEX='^(make|pnpm|npm|yarn|cargo|pytest|python|python3|go|sbt|mix|dotnet|uv|hatch|tox|just|task|bundle|ruby) [a-zA-Z0-9 _:.,/\-]+$'
+if ! /usr/bin/printf '%s' "$CMD" | /usr/bin/grep -qE "$ALLOW_REGEX" ; then
+  gate_block "dossier local_check_command not in allowlist: $CMD" "expected pattern: <make|pnpm|npm|yarn|cargo|pytest|...> followed by alphanumeric args. Edit the dossier to match the actual safe command, or override if you've manually verified."
+fi
+gate_pass "local_check_command matches safe-runner allowlist"

package/skills/contribute/scripts/gates/c01-draft-first.sh ADDED Viewed

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+# Catalog: C1 — Repo prefers draft PRs first; opening non-draft is anti-pattern
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+# Only relevant if dossier explicitly says draft_first: true
+DRAFT_FIRST=$(fm_field "$GATE_DOSSIER_PATH" "draft_first")
+if [[ "$DRAFT_FIRST" != "true" ]]; then
+  gate_skip "dossier does not require draft-first PRs"
+fi
+# Candidate's `draft:` field is set by the writer subagent (Slice 3)
+DRAFT=$(fm_field "$GATE_CANDIDATE_PATH" "draft")
+if [[ -z "$DRAFT" ]]; then
+  gate_skip "draft preference unknown — fill in candidate's \`draft:\` field before opening"
+fi
+if [[ "$DRAFT" == "false" ]]; then
+  gate_block "this repo prefers draft PRs first but candidate has draft: false" "this repo prefers draft PRs first; pass --draft to gh pr create OR set draft: true in the candidate"
+fi
+gate_pass "candidate set to open as draft (draft: true)"

package/skills/contribute/scripts/gates/c02-pr-title-format.sh ADDED Viewed

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+# Catalog: C2 — PR title violates repo-required regex
+# Mitigates: maintainer immediately requests rename, signals "didn't read CONTRIBUTING".
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+if [[ -z "$GATE_DOSSIER_PATH" || ! -f "$GATE_DOSSIER_PATH" ]]; then
+  gate_skip "no dossier — cannot determine pr_title_regex"
+fi
+REGEX=$(fm_field "$GATE_DOSSIER_PATH" "pr_title_regex")
+if [[ -z "$REGEX" ]]; then
+  gate_skip "dossier has no pr_title_regex"
+fi
+# Try frontmatter first
+TITLE=$(fm_field "$GATE_CANDIDATE_PATH" "pr_title")
+# Fall back to ## PR title section (single line content)
+if [[ -z "$TITLE" ]]; then
+  TITLE=$(/usr/bin/awk '/^## PR title/{flag=1;next} /^## /{flag=0} flag' "$GATE_CANDIDATE_PATH" 2>/dev/null \
+    | /usr/bin/grep -m1 -v '^[[:space:]]*$' \
+    | /usr/bin/sed 's/^[[:space:]]*//;s/[[:space:]]*$//' \
+    || /usr/bin/echo "")
+fi
+if [[ -z "$TITLE" ]]; then
+  gate_skip "no PR title in candidate (frontmatter or ## PR title section)"
+fi
+if /usr/bin/printf '%s' "$TITLE" | /usr/bin/grep -qE "$REGEX"; then
+  gate_pass "PR title matches required regex"
+fi
+gate_block "PR title '$TITLE' does not match required regex /$REGEX/" "rename PR title to match /$REGEX/ per CONTRIBUTING.md"

package/skills/contribute/scripts/gates/c03-pr-body-sections.sh ADDED Viewed

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+# Catalog: C3 — PR body draft missing sections required by the repo's PR template
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+# Pull the raw frontmatter line for pr_template_required_sections (a YAML array)
+RAW=$(/usr/bin/awk '
+  /^---$/ { fm = !fm ? 1 : 2; next }
+  fm == 1 && /^pr_template_required_sections:/ {
+    sub(/^pr_template_required_sections:[[:space:]]*/, "")
+    print
+    exit
+  }
+' "$GATE_DOSSIER_PATH" 2>/dev/null || /usr/bin/echo "")
+if [[ -z "$RAW" || "$RAW" == "[]" ]]; then
+  gate_skip "no pr_template_required_sections in dossier"
+fi
+# Strip surrounding [ ], split on commas, strip quotes/whitespace per item
+INNER=$(/usr/bin/printf '%s' "$RAW" | /usr/bin/sed -E 's/^\[//; s/\]$//')
+if [[ -z "$INNER" ]]; then
+  gate_skip "pr_template_required_sections is empty"
+fi
+# Build array of section names
+declare -a SECTIONS=()
+IFS=',' read -ra RAW_PARTS <<< "$INNER"
+for part in "${RAW_PARTS[@]}"; do
+  clean=$(/usr/bin/printf '%s' "$part" | /usr/bin/sed -E 's/^[[:space:]]*"?//; s/"?[[:space:]]*$//')
+  [[ -n "$clean" ]] && SECTIONS+=("$clean")
+done
+if (( ${#SECTIONS[@]} == 0 )); then
+  gate_skip "no parseable section names in pr_template_required_sections"
+fi
+# Extract candidate's `## PR body` section
+PR_BODY=$(/usr/bin/awk '/^## PR body/{flag=1;next} /^## /{flag=0} flag' "$GATE_CANDIDATE_PATH" 2>/dev/null || /usr/bin/echo "")
+if [[ -z "$PR_BODY" ]]; then
+  gate_skip "no '## PR body' section in candidate yet"
+fi
+# Check each required section name appears as a markdown header (## or ###), case-insensitive
+declare -a MISSING=()
+for name in "${SECTIONS[@]}"; do
+  if ! /usr/bin/printf '%s' "$PR_BODY" | /usr/bin/grep -qiE "^#{2,3}[[:space:]]+${name}[[:space:]]*$"; then
+    MISSING+=("$name")
+  fi
+done
+if (( ${#MISSING[@]} > 0 )); then
+  joined=$(IFS=', '; /usr/bin/printf '%s' "${MISSING[*]}")
+  gate_block "PR body missing required sections: $joined" "add the section headers (## $joined) to your PR body draft"
+fi
+gate_pass "all required PR body sections present"

package/skills/contribute/scripts/gates/c04-ui-screenshots.sh ADDED Viewed

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+# Catalog: C4 — PR touches UI files but PR body has no screenshot / recording
+# Mitigates: maintainer asks "any screenshots?" → reads as not-quite-ready submission.
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+REPO_NAME="${GATE_REPO##*/}"
+CLONE="$HOME/000-projects/contributing-clanker/$REPO_NAME"
+if [[ ! -d "$CLONE/.git" ]]; then
+  gate_skip "no local clone at $CLONE"
+fi
+DEFAULT_BRANCH=""
+if [[ -n "$GATE_DOSSIER_PATH" && -f "$GATE_DOSSIER_PATH" ]]; then
+  DEFAULT_BRANCH=$(fm_field "$GATE_DOSSIER_PATH" "default_branch")
+fi
+[[ -z "$DEFAULT_BRANCH" ]] && DEFAULT_BRANCH="main"
+CHANGED=$(/usr/bin/git -C "$CLONE" diff "$DEFAULT_BRANCH..HEAD" --name-only 2>/dev/null || /usr/bin/echo "")
+UI_FILES=$(/usr/bin/printf '%s\n' "$CHANGED" | /usr/bin/grep -E '\.(tsx|jsx|vue|svelte|html|css|scss)$' || /usr/bin/echo "")
+if [[ -z "$UI_FILES" ]]; then
+  gate_pass "no UI files touched in diff"
+fi
+PR_BODY=$(/usr/bin/awk '/^## PR body/{flag=1;next} /^## /{flag=0} flag' "$GATE_CANDIDATE_PATH" 2>/dev/null || /usr/bin/echo "")
+if [[ -z "$PR_BODY" ]]; then
+  gate_inform "UI files changed but no PR body drafted yet — remember to attach a screenshot or recording"
+fi
+if /usr/bin/printf '%s' "$PR_BODY" | /usr/bin/grep -qiE '!\[.*\]\(.*\)|screenshot|screen recording|\bgif\b|\.mp4|\.mov|\.webm|loom\.com|youtu\.be|youtube\.com'; then
+  gate_pass "PR body references screenshot or recording"
+fi
+gate_block "PR touches UI files but PR body has no screenshot or recording" "PRs touching UI need a screenshot or recording — paste an image (![alt](url)) or a Loom/GIF link in the PR body"

package/skills/contribute/scripts/gates/c05-test-evidence.sh ADDED Viewed

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+# Catalog: C5 — PR body lacks fenced test-runner output (evidence of local verification)
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+# Extract candidate's `## PR body` section
+PR_BODY=$(/usr/bin/awk '/^## PR body/{flag=1;next} /^## /{flag=0} flag' "$GATE_CANDIDATE_PATH" 2>/dev/null || /usr/bin/echo "")
+if [[ -z "$PR_BODY" ]]; then
+  gate_skip "no '## PR body' section in candidate yet"
+fi
+# Walk fenced blocks (```...```) and check each for test-runner signals.
+# Use awk to flip flag on ``` lines and collect block contents, separated by NUL-equivalent marker.
+BLOCKS=$(/usr/bin/printf '%s' "$PR_BODY" | /usr/bin/awk '
+  /^```/ { in_block = !in_block; if (!in_block) print "<<<BLOCK_END>>>"; next }
+  in_block { print }
+')
+if [[ -z "$BLOCKS" ]]; then
+  gate_block "PR body has no fenced code blocks" "paste your local test output as a fenced code block inside the PR body"
+fi
+# Test runner regexes — any one match in any block is sufficient
+PATTERNS='pytest|cargo test|make test|pnpm test|npm test|yarn test|sbt test|go test|Test Suites:|[0-9]+ passed|[0-9]+ passing|[0-9]+ failed|^ok [0-9]+|PASS|FAIL'
+if /usr/bin/printf '%s' "$BLOCKS" | /usr/bin/grep -qE "$PATTERNS"; then
+  gate_pass "PR body contains fenced block with test-runner output"
+fi
+gate_block "no fenced code block in PR body looks like test runner output" "paste your local test output as a fenced code block inside the PR body"

package/skills/contribute/scripts/gates/c07-coauthor-banned.sh ADDED Viewed

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+# Catalog: C7 — `Co-Authored-By: Claude` trailer present in commits the repo has banned it
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+# Only run if dossier flags this repo as forbidding the Claude co-author trailer
+FORBIDDEN=$(fm_field "$GATE_DOSSIER_PATH" "coauthor_claude_forbidden")
+if [[ "$FORBIDDEN" != "true" ]]; then
+  gate_skip "dossier does not forbid Co-Authored-By: Claude"
+fi
+CLONE_DIR="$HOME/000-projects/contributing-clanker/${GATE_REPO##*/}"
+if [[ ! -d "$CLONE_DIR/.git" ]]; then
+  gate_skip "no clone at $CLONE_DIR (not a git repo)"
+fi
+DEFAULT_BRANCH=$(fm_field "$GATE_DOSSIER_PATH" "default_branch")
+if [[ -z "$DEFAULT_BRANCH" ]]; then
+  gate_skip "no default_branch in dossier"
+fi
+# Inspect commit messages between default branch and HEAD on the working clone
+LOG=$(/usr/bin/git -C "$CLONE_DIR" log "${DEFAULT_BRANCH}..HEAD" --format=%B 2>/dev/null || /usr/bin/echo "")
+if /usr/bin/printf '%s' "$LOG" | /usr/bin/grep -qiE "Co-Authored-By:[[:space:]]+Claude"; then
+  gate_block "commits contain 'Co-Authored-By: Claude' trailer" "remove via git rebase -i and dropping the trailer; this repo's AI policy forbids it"
+fi
+gate_pass "no Co-Authored-By: Claude trailer in commits"

package/skills/contribute/scripts/gates/c09-issue-link.sh ADDED Viewed

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+# Catalog: C9 — PR body lacks `Closes #N` / `Fixes #N` referencing the candidate
+# Mitigates: PR doesn't auto-close the issue on merge → maintainer has to do it
+# manually → reads as low-effort.
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+# This gate runs at open-pr / flip-to-ready transitions and needs the PR body.
+# At this stage the PR body lives in the candidate's `pr_body_draft:` field
+# (written by writer subagent in Slice 3). For now, look in the candidate's
+# `## PR body` section if present.
+ISSUE_NUM=$(fm_field "$GATE_CANDIDATE_PATH" "issue_number")
+if [[ -z "$ISSUE_NUM" ]]; then
+  gate_skip "no issue_number in candidate (cannot verify link)"
+fi
+# Extract PR body draft from candidate's body sections
+PR_BODY=$(/usr/bin/awk '/^## PR body/{flag=1;next} /^## /{flag=0} flag' "$GATE_CANDIDATE_PATH" 2>/dev/null || /usr/bin/echo "")
+if [[ -z "$PR_BODY" ]]; then
+  # No PR body drafted yet — gate is informational at pre-draft stages
+  gate_inform "no PR body drafted yet (candidate has no '## PR body' section)"
+fi
+# Look for any of: Closes #N, Fixes #N, Resolves #N (case-insensitive)
+if /usr/bin/printf '%s' "$PR_BODY" | /usr/bin/grep -qiE "(closes|fixes|resolves)[[:space:]]+#?$ISSUE_NUM\b"; then
+  gate_pass "PR body links issue #$ISSUE_NUM via auto-close keyword"
+fi
+gate_block "PR body does not reference issue #$ISSUE_NUM with an auto-close keyword" "add 'Closes #$ISSUE_NUM' (or Fixes/Resolves) to the PR body so the issue auto-closes on merge."

package/skills/contribute/scripts/gates/c11-no-force-push.sh ADDED Viewed

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+# Catalog: C11 — branch divergence implies force-push will be required
+# Mitigates: collaborators with local refs to this branch get rebased out from under them.
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+REPO_NAME="${GATE_REPO##*/}"
+CLONE="$HOME/000-projects/contributing-clanker/$REPO_NAME"
+if [[ ! -d "$CLONE/.git" ]]; then
+  gate_skip "no local clone at $CLONE"
+fi
+BRANCH=$(fm_field "$GATE_CANDIDATE_PATH" "branch")
+if [[ -z "$BRANCH" ]]; then
+  gate_skip "no branch in candidate frontmatter"
+fi
+# Confirm the upstream tracking ref exists
+if ! /usr/bin/git -C "$CLONE" rev-parse --verify "origin/$BRANCH" >/dev/null 2>&1; then
+  gate_skip "no origin/$BRANCH tracking ref — first push, force not implied"
+fi
+AHEAD=$(/usr/bin/git -C "$CLONE" log "origin/$BRANCH..HEAD" --oneline 2>/dev/null | /usr/bin/grep -c . || /usr/bin/echo 0)
+BEHIND=$(/usr/bin/git -C "$CLONE" log "HEAD..origin/$BRANCH" --oneline 2>/dev/null | /usr/bin/grep -c . || /usr/bin/echo 0)
+if [[ "$AHEAD" -gt 0 && "$BEHIND" -gt 0 ]]; then
+  gate_warn "branch diverges from origin/$BRANCH — push will require force; ensure no other contributors have local refs to this branch" "push directly only if you're the sole owner of this branch"
+fi
+gate_pass "branch is fast-forward to origin/$BRANCH (no force-push needed)"

package/skills/contribute/scripts/gates/c12-ci-green.sh ADDED Viewed

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+# Catalog: C12 — CI not green (any failed/pending checks block flip-to-ready)
+source "$(dirname "$0")/lib/preamble.sh"
+gate_read_input
+PR_NUMBER=$(fm_field "$GATE_CANDIDATE_PATH" "pr_number")
+if [[ -z "$PR_NUMBER" ]]; then
+  gate_skip "no pr_number in candidate (no PR yet)"
+fi
+CHECKS_JSON=$(gh_safe pr checks "$PR_NUMBER" --repo "$GATE_REPO" --json bucket || /usr/bin/echo "[]")
+if [[ -z "$CHECKS_JSON" ]]; then
+  CHECKS_JSON="[]"
+fi
+FAIL_COUNT=$(/usr/bin/printf '%s' "$CHECKS_JSON" | jq '[.[] | select(.bucket == "fail")] | length' 2>/dev/null || /usr/bin/echo "0")
+PENDING_COUNT=$(/usr/bin/printf '%s' "$CHECKS_JSON" | jq '[.[] | select(.bucket == "pending")] | length' 2>/dev/null || /usr/bin/echo "0")
+if [[ "$FAIL_COUNT" != "0" ]]; then
+  FAILED=$(/usr/bin/printf '%s' "$CHECKS_JSON" | jq -r '[.[] | select(.bucket == "fail") | .name] | join(", ")' 2>/dev/null || /usr/bin/echo "")
+  gate_block "CI has $FAIL_COUNT failing check(s): $FAILED" "fix the failing checks before flipping to ready-for-review"
+fi
+if [[ "$PENDING_COUNT" != "0" ]]; then
+  gate_warn "$PENDING_COUNT CI check(s) still pending" "wait for CI to finish before flipping to ready-for-review"
+fi
+gate_pass "all CI checks green"