@kennethsolomon/shipkit 3.10.0 → 3.10.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kennethsolomon/shipkit",
-  "version": "3.10.0",
+  "version": "3.10.1",
   "description": "A structured workflow toolkit for Claude Code.",
   "keywords": [
     "claude",

package/skills/.claude/settings.local.json

@@ -12,7 +12,26 @@
       "Bash(done)",
       "Bash(tasks/security-findings.md:*)",
       "Bash(git push:*)",
-      "Bash(git tag:*)"
+      "Bash(git tag:*)",
+      "Bash(find /Users/kennethsolomon/Herd/shipit -type f -name *.md -path */node_modules/*commands/sk/*)",
+      "Bash(grep -r \"sk:\" /Users/kennethsolomon/Herd/shipit/commands/sk/*.md)",
+      "Bash(find /Users/kennethsolomon/Herd/shipit/.claude/docs -name *.md)",
+      "Bash(grep -v \"^Command$\")",
+      "Bash(find /Users/kennethsolomon/Herd/shipit -path */test* -o -path */__tests__/* -o -path */spec/*)",
+      "Bash(find /Users/kennethsolomon/Herd/shipit/commands/sk -type f -name *.md)",
+      "Bash(find /Users/kennethsolomon/Herd/shipit/skills -maxdepth 1 -type d -name sk:*)",
+      "Bash(python3 -m py_compile skills/sk:debug/lib/step_runner.py)",
+      "Bash(python3 -m py_compile skills/sk:debug/debug_conductor.py)",
+      "Bash(python3 -m py_compile skills/sk:setup-optimizer/lib/discover.py)",
+      "Bash(python3 -m py_compile skills/sk:debug/lib/findings_writer.py)",
+      "Bash(python3 -m py_compile skills/sk:debug/lib/lessons_writer.py)",
+      "Bash(python3 -m py_compile skills/sk:skill-creator/scripts/run_eval.py)",
+      "Bash(python3 -m py_compile skills/sk:skill-creator/scripts/run_loop.py)",
+      "Bash(python3 -m py_compile skills/sk:skill-creator/scripts/improve_description.py)",
+      "Bash(python3 -m py_compile skills/sk:skill-creator/scripts/generate_report.py)",
+      "Bash(python3 -m py_compile skills/sk:skill-creator/scripts/utils.py)",
+      "Bash(git:*)",
+      "Bash(npm publish:*)"
     ]
   }
 }

package/skills/sk:brainstorming/SKILL.md

@@ -34,7 +34,7 @@ You MUST create a task for each of these items and complete them in order:
    - Open questions (if any remain)
    Additionally, **append** an ADR entry to `docs/decisions.md` (see "Decisions Log" section below).
    (Optionally also write a full design doc to docs/plans/YYYY-MM-DD-<topic>-design.md)
-6. **Transition to implementation** — invoke writing-plans skill to create implementation plan
+6. **Transition to implementation** — invoke `/sk:write-plan` skill to create implementation plan
 
 ## Process Flow
 
@@ -46,7 +46,7 @@ digraph brainstorming {
     "Present design sections" [shape=box];
     "User approves design?" [shape=diamond];
     "Write design doc" [shape=box];
-    "Invoke writing-plans skill" [shape=doublecircle];
+    "Invoke `/sk:write-plan` skill" [shape=doublecircle];
 
     "Explore project context" -> "Ask clarifying questions";
     "Ask clarifying questions" -> "Propose 2-3 approaches";
@@ -54,11 +54,11 @@ digraph brainstorming {
     "Present design sections" -> "User approves design?";
     "User approves design?" -> "Present design sections" [label="no, revise"];
     "User approves design?" -> "Write design doc" [label="yes"];
-    "Write design doc" -> "Invoke writing-plans skill";
+    "Write design doc" -> "Invoke `/sk:write-plan` skill";
 }
 ```
 
-**The terminal state is invoking writing-plans.** Do NOT invoke frontend-design, mcp-builder, or any other implementation skill. The ONLY skill you invoke after brainstorming is writing-plans.
+**The terminal state is invoking `/sk:write-plan`.** Do NOT invoke frontend-design, mcp-builder, or any other implementation skill. The ONLY skill you invoke after brainstorming is `/sk:write-plan`.
 
 ## The Process
 
@@ -95,8 +95,8 @@ digraph brainstorming {
 - Commit the findings, decisions log entry, and any design document to git
 
 **Implementation:**
-- Invoke the writing-plans skill to create a detailed implementation plan
-- Do NOT invoke any other skill. writing-plans is the next step.
+- Invoke the `/sk:write-plan` skill to create a detailed implementation plan
+- Do NOT invoke any other skill. `/sk:write-plan` is the next step.
 
 ## Decisions Log
 

package/skills/sk:debug/debug_conductor.py

@@ -75,7 +75,6 @@ class DebugConductor:
             if not self._can_proceed(step):
                 print(f"\n⛔ BLOCKED: {self._gate_reason(step)}")
                 print("\nRun /debug again to continue from this step.")
-                self._save_progress()
                 return
 
             # Run step and update state
@@ -94,7 +93,6 @@ class DebugConductor:
                 proceed = input(f"\n✅ Step {step_num} complete. Continue to step {step_num + 1}? (y/n): ").strip().lower()
                 if proceed not in ['y', 'yes', '']:
                     print(f"Pausing after step {step_num}. Run /debug again to continue.")
-                    self._save_progress()
                     return
 
         print("\n" + "="*70)
@@ -161,12 +159,6 @@ class DebugConductor:
             return "No confirmed hypothesis yet—cannot propose fix."
         return "Precondition not met for this step."
 
-    def _save_progress(self):
-        """Save current state for resumption (optional)."""
-        # Could implement checkpoint system here
-        pass
-
-
 def main():
     """Entry point for /debug skill."""
     conductor = DebugConductor()

package/skills/sk:debug/lib/findings_writer.py

@@ -44,8 +44,8 @@ class FindingsWriter:
             self._append_entry(entry)
             print(f"\n✅ Findings written to {self.findings_path}")
             return True
-        except Exception as e:
-            print(f"\n❌ Error writing findings: {e}")
+        except OSError as e:
+            print(f"\n❌ Error writing findings to {self.findings_path}: {e}")
             return False
 
     def _ensure_file_exists(self):

package/skills/sk:debug/lib/lessons_writer.py

@@ -66,8 +66,8 @@ class LessonsWriter:
             self._append_lesson(entry)
             print(f"\n✅ New lesson added to {self.lessons_path}")
             return True
-        except Exception as e:
-            print(f"\n❌ Error writing lesson: {e}")
+        except OSError as e:
+            print(f"\n❌ Error writing lesson to {self.lessons_path}: {e}")
             return False
 
     def _ensure_file_exists(self):

package/skills/sk:debug/lib/step_runner.py

@@ -1,9 +1,11 @@
 """Execute individual debug steps (3-11)."""
 
+from __future__ import annotations
+
+import shlex
 import subprocess
-from typing import Dict
 from pathlib import Path
-import sys
+from typing import Dict
 
 
 class StepRunner:
@@ -42,8 +44,7 @@ class StepRunner:
             # Recent commits
             print("📋 Recent commits:")
             result = subprocess.run(
-                "git log --oneline -10",
-                shell=True,
+                ["git", "log", "--oneline", "-10"],
                 capture_output=True,
                 text=True
             )
@@ -52,8 +53,7 @@ class StepRunner:
             # Recent diffs
             print("\n📋 Recent file changes:")
             result = subprocess.run(
-                "git diff HEAD~3 --stat",
-                shell=True,
+                ["git", "diff", "HEAD~3", "--stat"],
                 capture_output=True,
                 text=True
             )
@@ -107,8 +107,7 @@ class StepRunner:
 
         try:
             result = subprocess.run(
-                command,
-                shell=True,
+                shlex.split(command),
                 capture_output=True,
                 text=True,
                 timeout=30
@@ -277,8 +276,7 @@ class StepRunner:
         if command:
             try:
                 result = subprocess.run(
-                    command,
-                    shell=True,
+                    shlex.split(command),
                     capture_output=True,
                     text=True,
                     timeout=30

package/skills/sk:lint/SKILL.md

@@ -171,8 +171,8 @@ Read `.shipkit/config.json` from the project root if it exists.
 
 | Profile | Model |
 |---------|-------|
-| `full-sail` | sonnet |
-| `quality` | sonnet |
+| `full-sail` | opus (inherit) |
+| `quality` | opus (inherit) |
 | `balanced` | haiku |
 | `budget` | haiku |
 

package/skills/sk:setup-claude/scripts/apply_setup_claude.py

@@ -271,7 +271,16 @@ def _write_file_if_missing(dest: Path, content: str) -> Tuple[str, Path]:
     if dest.exists():
         return ("skipped", dest)
     dest.parent.mkdir(parents=True, exist_ok=True)
-    dest.write_text(content, encoding="utf-8")
+    # Atomic write: write to temp file then rename to avoid TOCTOU race
+    import tempfile
+    fd, tmp_path = tempfile.mkstemp(dir=dest.parent, suffix=".tmp")
+    try:
+        with os.fdopen(fd, "w", encoding="utf-8") as f:
+            f.write(content)
+        Path(tmp_path).replace(dest)
+    except BaseException:
+        Path(tmp_path).unlink(missing_ok=True)
+        raise
     return ("created", dest)
 
 
@@ -282,7 +291,7 @@ def _write_file_if_generated(dest: Path, content: str, template_path: Optional[P
         return ("created", dest)
     try:
         existing = dest.read_text(encoding="utf-8")
-    except Exception:
+    except (OSError, UnicodeDecodeError):
         return ("skipped", dest)
     if GENERATED_MARKER in existing:
         # Check if content is identical (fast path)
@@ -311,7 +320,7 @@ def _plan_file_if_generated(dest: Path, content: str) -> str:
         return "created"
     try:
         existing = dest.read_text(encoding="utf-8")
-    except Exception:
+    except (OSError, UnicodeDecodeError):
         return "skipped"
     if GENERATED_MARKER not in existing:
         return "skipped"

package/skills/sk:setup-optimizer/lib/discover.py

@@ -1,7 +1,8 @@
 """Intelligent project structure, documentation, and workflow discovery."""
 
+import json
 from pathlib import Path
-from typing import Dict, List, Tuple
+from typing import Dict, List
 
 
 # Directories to exclude from discovery
@@ -174,16 +175,14 @@ def _extract_makefile_targets(root_path: Path) -> List[str]:
                 target = line.split(':')[0].strip()
                 if target and not target.startswith('.'):
                     targets.append(target)
-    except Exception:
-        pass
+    except (OSError, UnicodeDecodeError) as e:
+        print(f"Warning: Could not parse Makefile: {e}")
 
     return list(set(targets))[:10]  # Limit to 10 targets
 
 
 def _extract_npm_scripts(root_path: Path) -> List[str]:
     """Extract scripts from package.json."""
-    import json
-
     package_json = root_path / 'package.json'
     if not package_json.exists():
         return []
@@ -191,14 +190,14 @@ def _extract_npm_scripts(root_path: Path) -> List[str]:
     scripts = []
     try:
         content = json.loads(package_json.read_text())
-        if 'scripts' in content:
+        if isinstance(content, dict) and 'scripts' in content:
             # Include common scripts, exclude default ones
             exclude = {'test', 'start', 'dev', 'build'}
             for script_name in content['scripts'].keys():
                 if script_name not in exclude:
                     scripts.append(script_name)
-    except Exception:
-        pass
+    except (OSError, json.JSONDecodeError, UnicodeDecodeError) as e:
+        print(f"Warning: Could not parse package.json scripts: {e}")
 
     return scripts[:8]  # Limit to 8 scripts
 
@@ -215,7 +214,7 @@ def _find_github_workflows(root_path: Path) -> List[str]:
             workflows.append(workflow_file.stem)
         for workflow_file in workflows_dir.glob('*.yaml'):
             workflows.append(workflow_file.stem)
-    except Exception:
-        pass
+    except OSError as e:
+        print(f"Warning: Could not read GitHub workflows: {e}")
 
     return workflows[:5]  # Limit to 5 workflows

package/skills/sk:skill-creator/scripts/generate_report.py

@@ -6,6 +6,8 @@ showing each description attempt with check/x for each test case.
 Distinguishes between train and test queries.
 """
 
+from __future__ import annotations
+
 import argparse
 import html
 import json

package/skills/sk:skill-creator/scripts/improve_description.py

@@ -5,6 +5,8 @@ Takes eval results (from run_eval.py) and generates an improved description
 using Claude with extended thinking.
 """
 
+from __future__ import annotations
+
 import argparse
 import json
 import re

package/skills/sk:skill-creator/scripts/package_skill.py

@@ -93,6 +93,10 @@ def package_skill(skill_path, output_dir=None):
             for file_path in skill_path.rglob('*'):
                 if not file_path.is_file():
                     continue
+                # Skip symlinks to prevent path traversal
+                if file_path.is_symlink():
+                    print(f"  Skipped (symlink): {file_path}")
+                    continue
                 arcname = file_path.relative_to(skill_path.parent)
                 if should_exclude(arcname):
                     print(f"  Skipped: {arcname}")

package/skills/sk:skill-creator/scripts/run_eval.py

@@ -5,6 +5,8 @@ Tests whether a skill's description causes Claude to trigger (read the skill)
 for a set of queries. Outputs results as JSON.
 """
 
+from __future__ import annotations
+
 import argparse
 import json
 import os
@@ -221,7 +223,7 @@ def run_eval(
             try:
                 query_triggers[query].append(future.result())
             except Exception as e:
-                print(f"Warning: query failed: {e}", file=sys.stderr)
+                print(f"Warning: query failed for '{query[:60]}': {type(e).__name__}: {e}", file=sys.stderr)
                 query_triggers[query].append(False)
 
     for query, triggers in query_triggers.items():

package/skills/sk:skill-creator/scripts/run_loop.py

@@ -6,6 +6,8 @@ and returning the best description found. Supports train/test split to prevent
 overfitting.
 """
 
+from __future__ import annotations
+
 import argparse
 import json
 import random

package/skills/sk:skill-creator/scripts/utils.py

@@ -1,5 +1,7 @@
 """Shared utilities for skill-creator scripts."""
 
+from __future__ import annotations
+
 from pathlib import Path
 
 

package/skills/sk:test/SKILL.md

@@ -184,8 +184,8 @@ Read `.shipkit/config.json` from the project root if it exists.
 
 | Profile | Model |
 |---------|-------|
-| `full-sail` | sonnet |
-| `quality` | sonnet |
+| `full-sail` | opus (inherit) |
+| `quality` | opus (inherit) |
 | `balanced` | haiku |
 | `budget` | haiku |