@laitszkin/apollo-toolkit 2.11.2 → 2.11.3

package/open-github-issue/tests/test_open_github_issue.py

@@ -81,6 +81,11 @@ class OpenGitHubIssueTests(unittest.TestCase):
             proposal="Allow exporting incident timelines",
             reason="Support postmortem handoff",
             suggested_architecture="Add shared exporters and UI action",
+            impact=None,
+            evidence=None,
+            suggested_action=None,
+            severity=None,
+            affected_scope=None,
         )
 
         self.assertIn("### 功能提案", zh_body)
@@ -88,6 +93,28 @@ class OpenGitHubIssueTests(unittest.TestCase):
         self.assertIn("### Feature Proposal", en_body)
         self.assertIn("### Suggested Architecture", en_body)
 
+    def test_build_issue_body_supports_security_issue_sections(self) -> None:
+        en_body = MODULE.build_issue_body(
+            issue_type=MODULE.ISSUE_TYPE_SECURITY,
+            language="en",
+            title="[Security] Missing auth",
+            problem_description="Endpoint misses admin check",
+            suspected_cause=None,
+            reproduction=None,
+            proposal=None,
+            reason=None,
+            suggested_architecture=None,
+            impact="Sensitive export may leak",
+            evidence="Reproduced request and code path review",
+            suggested_action="Add authz and tests",
+            severity="high",
+            affected_scope="/admin/export",
+        )
+
+        self.assertIn("### Security Risk", en_body)
+        self.assertIn("### Severity", en_body)
+        self.assertIn("### Suggested Mitigation", en_body)
+
     def test_validate_issue_content_args_requires_feature_fields(self) -> None:
         with self.assertRaises(SystemExit):
             MODULE.validate_issue_content_args(
@@ -118,6 +145,43 @@ class OpenGitHubIssueTests(unittest.TestCase):
                 suggested_architecture="shared module",
                 problem_description=None,
                 suspected_cause=None,
+                impact=None,
+                evidence=None,
+                suggested_action=None,
+                severity=None,
+                affected_scope=None,
+            )
+        )
+
+    def test_validate_issue_content_args_requires_security_fields(self) -> None:
+        with self.assertRaises(SystemExit):
+            MODULE.validate_issue_content_args(
+                Namespace(
+                    issue_type=MODULE.ISSUE_TYPE_SECURITY,
+                    problem_description="auth missing",
+                    affected_scope="",
+                    impact="sensitive export may leak",
+                    evidence="reproduced",
+                    suggested_action="add authz",
+                    severity="high",
+                    reason=None,
+                    suggested_architecture=None,
+                    suspected_cause=None,
+                )
+            )
+
+        MODULE.validate_issue_content_args(
+            Namespace(
+                issue_type=MODULE.ISSUE_TYPE_SECURITY,
+                problem_description="auth missing",
+                affected_scope="/admin/export",
+                impact="sensitive export may leak",
+                evidence="reproduced",
+                suggested_action="add authz",
+                severity="high",
+                reason=None,
+                suggested_architecture=None,
+                suspected_cause=None,
             )
         )
 
@@ -130,6 +194,11 @@ class OpenGitHubIssueTests(unittest.TestCase):
                     suggested_architecture=None,
                     problem_description="Repeated timeout warnings escalated into request failures.",
                     suspected_cause="handler.py:12",
+                    impact=None,
+                    evidence=None,
+                    suggested_action=None,
+                    severity=None,
+                    affected_scope=None,
                 )
             )
 
@@ -153,6 +222,11 @@ class OpenGitHubIssueTests(unittest.TestCase):
                     "- Difference/Impact: users still receive errors.\n"
                 ),
                 suspected_cause="handler.py:12",
+                impact=None,
+                evidence=None,
+                suggested_action=None,
+                severity=None,
+                affected_scope=None,
             )
         )
 
@@ -181,6 +255,11 @@ class OpenGitHubIssueTests(unittest.TestCase):
             suggested_architecture=None,
             repo="owner/repo",
             dry_run=True,
+            impact=None,
+            evidence=None,
+            suggested_action=None,
+            severity=None,
+            affected_scope=None,
         )
 
         with patch.object(MODULE, "parse_args", return_value=args), patch.object(

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@laitszkin/apollo-toolkit",
-  "version": "2.11.2",
+  "version": "2.11.3",
   "description": "Apollo Toolkit npm installer for managed skill copying across Codex, OpenClaw, and Trae.",
   "license": "MIT",
   "author": "LaiTszKin",

package/read-github-issue/SKILL.md

@@ -0,0 +1,83 @@
+---
+name: read-github-issue
+description: Read and search remote GitHub issues via GitHub CLI (`gh`). Use when users ask to list issues, filter issue candidates, inspect a specific issue with comments, or gather issue context before planning follow-up work.
+---
+
+# Read GitHub Issue
+
+## Dependencies
+
+- Required: none.
+- Conditional: none.
+- Optional: none.
+- Fallback: If `gh` is unavailable or unauthenticated, stop and report the exact blocked command instead of guessing repository state.
+
+## Standards
+
+- Evidence: Verify repository context first, then read remote issue data directly from `gh issue list` / `gh issue view` instead of paraphrasing from memory.
+- Execution: Confirm the target repo, find candidate issues with the bundled script, then inspect the chosen issue with comments and structured fields.
+- Quality: Keep the skill focused on issue discovery and retrieval only; do not embed any hardcoded fixing, branching, PR, or push workflow.
+- Output: Return candidate issues, selected issue details, comments summary, and any missing information needed before follow-up work.
+
+## Overview
+
+Use this skill to gather trustworthy GitHub issue context with `gh`: discover open or closed issues, narrow them with labels or search text, then inspect a chosen issue in detail before any separate planning or implementation workflow begins.
+
+## Prerequisites
+
+- `gh` is installed and authenticated (`gh auth status`).
+- The current directory is a git repository with the correct `origin`, or the user provides `--repo owner/name`.
+
+## Workflow
+
+### 1) Verify repository and remote context
+
+- Run `gh repo view --json nameWithOwner,isPrivate,defaultBranchRef` to confirm target repo.
+- If the user specifies another repository, always use `--repo <owner>/<repo>` in issue commands.
+
+### 2) Find candidate issues with the bundled script
+
+- Preferred command:
+
+```bash
+python3 scripts/find_issues.py --limit 50 --state open
+```
+
+- Optional filters:
+  - `--repo owner/name`
+  - `--label bug`
+  - `--search "panic in parser"`
+- If the issue target is still unclear, present top candidates and ask which issue number or URL should be inspected next.
+
+### 3) Read a specific issue in detail
+
+- Preferred command:
+
+```bash
+python3 scripts/read_issue.py 123 --comments
+```
+
+- Optional flags:
+  - `--repo owner/name`
+  - `--json`
+  - `--comments`
+- Use the returned title, body, labels, assignees, state, timestamps, and comments to summarize the issue precisely.
+
+### 4) Summarize gaps before any follow-up action
+
+- Identify missing acceptance criteria, repro details, affected components, or environment context.
+- If issue text and comments are insufficient, state exactly what is missing instead of inventing a fix plan.
+
+## Included Script
+
+### `scripts/find_issues.py`
+
+- Purpose: consistent remote issue listing via `gh issue list`.
+- Outputs a readable table by default, or JSON with `--output json`.
+- Uses only GitHub CLI so it reflects remote GitHub state.
+
+### `scripts/read_issue.py`
+
+- Purpose: deterministic issue detail retrieval via `gh issue view`.
+- Outputs either a human-readable summary or full JSON for downstream automation.
+- Can include issue comments so the agent can read the latest discussion before taking any other step.

package/read-github-issue/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "Read GitHub Issue"
+  short_description: "Read and search remote GitHub issues"
+  default_prompt: "Use $read-github-issue to verify the target GitHub repository with gh, find candidate issues with the bundled issue-search script, inspect the selected issue with comments and structured fields, summarize the trustworthy issue context, and call out any missing details before any separate planning or implementation work."

package/{fix-github-issues/scripts/list_issues.py → read-github-issue/scripts/find_issues.py}

@@ -17,7 +17,7 @@ def positive_int(raw: str) -> int:
 
 def parse_args() -> argparse.Namespace:
     parser = argparse.ArgumentParser(
-        description="List remote GitHub issues with gh CLI and display table or JSON output."
+        description="Find remote GitHub issues with gh CLI and display table or JSON output."
     )
     parser.add_argument("--repo", help="Target repository in owner/name format.")
     parser.add_argument("--state", default="open", choices=["open", "closed", "all"])

package/read-github-issue/scripts/read_issue.py

@@ -0,0 +1,108 @@
+#!/usr/bin/env python3
+from __future__ import annotations
+
+import argparse
+import json
+import subprocess
+import sys
+
+
+ISSUE_FIELDS = "number,title,body,state,author,labels,assignees,comments,createdAt,updatedAt,closedAt,url"
+
+
+def parse_args() -> argparse.Namespace:
+    parser = argparse.ArgumentParser(
+        description="Read a remote GitHub issue with gh CLI and display summary or JSON output."
+    )
+    parser.add_argument("issue", help="Issue number or URL.")
+    parser.add_argument("--repo", help="Target repository in owner/name format.")
+    parser.add_argument(
+        "--comments",
+        action="store_true",
+        help="Keep issue comments in formatted output.",
+    )
+    parser.add_argument(
+        "--json",
+        action="store_true",
+        help="Print raw JSON output.",
+    )
+    return parser.parse_args()
+
+
+def build_command(args: argparse.Namespace) -> list[str]:
+    cmd = [
+        "gh",
+        "issue",
+        "view",
+        args.issue,
+        "--json",
+        ISSUE_FIELDS,
+    ]
+    if args.repo:
+        cmd.extend(["--repo", args.repo])
+    return cmd
+
+
+def join_names(items: list[dict], key: str) -> str:
+    values = [item.get(key, "") for item in items if item.get(key)]
+    return ", ".join(values) if values else "-"
+
+
+def print_summary(issue: dict, include_comments: bool) -> None:
+    print(f"Number: #{issue.get('number', '')}")
+    print(f"Title: {issue.get('title', '')}")
+    print(f"State: {issue.get('state', '')}")
+    print(f"URL: {issue.get('url', '')}")
+    print(f"Author: {(issue.get('author') or {}).get('login', '-')}")
+    print(f"Labels: {join_names(issue.get('labels', []), 'name')}")
+    print(f"Assignees: {join_names(issue.get('assignees', []), 'login')}")
+    print(f"Created: {issue.get('createdAt', '')}")
+    print(f"Updated: {issue.get('updatedAt', '')}")
+    print(f"Closed: {issue.get('closedAt', '') or '-'}")
+    print("")
+    print("Body:")
+    print(issue.get("body", "") or "-")
+
+    if include_comments:
+        comments = issue.get("comments", [])
+        print("")
+        print(f"Comments ({len(comments)}):")
+        if not comments:
+            print("-")
+            return
+        for comment in comments:
+            author = (comment.get("author") or {}).get("login", "-")
+            created = comment.get("createdAt", "")
+            body = comment.get("body", "") or "-"
+            print(f"- [{created}] {author}: {body}")
+
+
+def main() -> int:
+    args = parse_args()
+    cmd = build_command(args)
+
+    try:
+        result = subprocess.run(cmd, check=True, capture_output=True, text=True)
+    except FileNotFoundError:
+        print("Error: gh CLI is not installed or not in PATH.", file=sys.stderr)
+        return 1
+    except subprocess.CalledProcessError as exc:
+        print(exc.stderr.strip() or "gh issue view failed.", file=sys.stderr)
+        return exc.returncode
+
+    try:
+        issue = json.loads(result.stdout)
+    except json.JSONDecodeError:
+        print("Error: unable to parse gh output as JSON.", file=sys.stderr)
+        return 1
+
+    if args.json:
+        print(json.dumps(issue, indent=2))
+        return 0
+
+    print_summary(issue, include_comments=args.comments)
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

package/{fix-github-issues/tests/test_list_issues.py → read-github-issue/tests/test_find_issues.py}

@@ -12,13 +12,13 @@ from pathlib import Path
 from unittest.mock import patch
 
 
-SCRIPT_PATH = Path(__file__).resolve().parents[1] / "scripts" / "list_issues.py"
-SPEC = importlib.util.spec_from_file_location("list_issues", SCRIPT_PATH)
+SCRIPT_PATH = Path(__file__).resolve().parents[1] / "scripts" / "find_issues.py"
+SPEC = importlib.util.spec_from_file_location("find_issues", SCRIPT_PATH)
 MODULE = importlib.util.module_from_spec(SPEC)
 SPEC.loader.exec_module(MODULE)
 
 
-class ListIssuesTests(unittest.TestCase):
+class FindIssuesTests(unittest.TestCase):
     def test_build_command_with_filters(self) -> None:
         args = Namespace(
             repo="owner/repo",

package/read-github-issue/tests/test_read_issue.py

@@ -0,0 +1,109 @@
+#!/usr/bin/env python3
+
+from __future__ import annotations
+
+import importlib.util
+import io
+import json
+import unittest
+from argparse import Namespace
+from pathlib import Path
+from unittest.mock import patch
+
+
+SCRIPT_PATH = Path(__file__).resolve().parents[1] / "scripts" / "read_issue.py"
+SPEC = importlib.util.spec_from_file_location("read_issue", SCRIPT_PATH)
+MODULE = importlib.util.module_from_spec(SPEC)
+SPEC.loader.exec_module(MODULE)
+
+
+class ReadIssueTests(unittest.TestCase):
+    def test_build_command_with_repo(self) -> None:
+        args = Namespace(issue="123", repo="owner/repo", comments=False, json=False)
+
+        self.assertEqual(
+            MODULE.build_command(args),
+            [
+                "gh",
+                "issue",
+                "view",
+                "123",
+                "--json",
+                MODULE.ISSUE_FIELDS,
+                "--repo",
+                "owner/repo",
+            ],
+        )
+
+    def test_main_returns_error_when_gh_missing(self) -> None:
+        args = Namespace(issue="123", repo=None, comments=False, json=False)
+
+        with patch.object(MODULE, "parse_args", return_value=args), patch(
+            "subprocess.run", side_effect=FileNotFoundError
+        ), patch("sys.stderr", new_callable=io.StringIO) as stderr:
+            code = MODULE.main()
+
+        self.assertEqual(code, 1)
+        self.assertIn("not in PATH", stderr.getvalue())
+
+    def test_main_json_output(self) -> None:
+        args = Namespace(issue="123", repo=None, comments=False, json=True)
+        payload = {
+            "number": 123,
+            "title": "Need better retries",
+            "body": "detail",
+            "state": "OPEN",
+            "author": {"login": "octocat"},
+            "labels": [],
+            "assignees": [],
+            "comments": [],
+            "createdAt": "2026-03-24T00:00:00Z",
+            "updatedAt": "2026-03-24T01:00:00Z",
+            "closedAt": None,
+            "url": "https://github.com/owner/repo/issues/123",
+        }
+
+        class Result:
+            stdout = json.dumps(payload)
+
+        with patch.object(MODULE, "parse_args", return_value=args), patch(
+            "subprocess.run", return_value=Result()
+        ), patch("sys.stdout", new_callable=io.StringIO) as stdout:
+            code = MODULE.main()
+
+        self.assertEqual(code, 0)
+        self.assertEqual(json.loads(stdout.getvalue()), payload)
+
+    def test_print_summary_includes_comments(self) -> None:
+        issue = {
+            "number": 123,
+            "title": "Need better retries",
+            "body": "detail",
+            "state": "OPEN",
+            "author": {"login": "octocat"},
+            "labels": [{"name": "bug"}],
+            "assignees": [{"login": "alice"}],
+            "comments": [
+                {
+                    "author": {"login": "bob"},
+                    "createdAt": "2026-03-24T02:00:00Z",
+                    "body": "extra context",
+                }
+            ],
+            "createdAt": "2026-03-24T00:00:00Z",
+            "updatedAt": "2026-03-24T01:00:00Z",
+            "closedAt": None,
+            "url": "https://github.com/owner/repo/issues/123",
+        }
+
+        with patch("sys.stdout", new_callable=io.StringIO) as stdout:
+            MODULE.print_summary(issue, include_comments=True)
+
+        output = stdout.getvalue()
+        self.assertIn("#123", output)
+        self.assertIn("bug", output)
+        self.assertIn("extra context", output)
+
+
+if __name__ == "__main__":
+    unittest.main()

package/fix-github-issues/SKILL.md

@@ -1,105 +0,0 @@
----
-name: fix-github-issues
-description: Resolve issues from remote GitHub repositories via GitHub CLI (`gh`), implement and validate fixes locally, then either open a pull request through `open-source-pr-workflow` (or `open-pr-workflow` in environments that use that alias) or hand off to `commit-and-push` when the user explicitly wants a direct push. Use when users ask to list remote issues, pick one or more issues to fix, and deliver the result through a linked PR or an explicit direct-push workflow.
----
-
-# Fix GitHub Issues
-
-## Dependencies
-
-- Required: `systematic-debug` for diagnosis and validated fixes.
-- Conditional: `open-source-pr-workflow` (or `open-pr-workflow`) when the user wants a PR; `commit-and-push` when the user explicitly wants a direct commit/push flow.
-- Optional: none.
-- Fallback: If the required handoff for the user's requested delivery mode is unavailable, stop and report the blocked dependency instead of improvising another release path.
-
-## Standards
-
-- Evidence: Verify repository context, fetch remote issue details, and derive expected behavior from issue text before coding.
-- Execution: Select the issue, open an isolated worktree by default, fix it through `systematic-debug`, validate locally, then hand off to the delivery workflow that matches the user's request.
-- Quality: Keep scope limited to the selected issue, capture exact validation commands, preserve issue linkage in the final PR or commit message, and treat temporary worktree cleanup as part of completion rather than an optional follow-up.
-- Output: Finish with either a linked PR or a direct pushed commit, then clean up the temporary worktree plus any matching local branch before reporting completion.
-
-## Overview
-
-Use this skill to run an end-to-end issue-fixing loop with `gh`: discover open issues, select a target, implement and test the fix, then hand off either to `open-source-pr-workflow` for PR submission or to `commit-and-push` when the user explicitly wants a direct push.
-
-## Prerequisites
-
-- `gh` is installed and authenticated (`gh auth status`).
-- The current directory is a git repository with the correct `origin`.
-- The repository has test or validation commands that can prove the fix.
-
-## Workflow
-
-### 1) Verify repository and remote context
-
-- Run `gh repo view --json nameWithOwner,isPrivate,defaultBranchRef` to confirm target repo.
-- If the user specifies another repository, always use `--repo <owner>/<repo>` in issue commands.
-- Run `git fetch --all --prune` before implementation.
-
-### 2) List remote issues with GitHub CLI
-
-- Preferred command:
-
-```bash
-python3 scripts/list_issues.py --limit 50 --state open
-```
-
-- Optional filters:
-  - `--repo owner/name`
-  - `--label bug`
-  - `--search "panic in parser"`
-- If the issue target is still unclear, present top candidates and ask the user which issue number to fix.
-
-### 3) Read issue details before coding
-
-- Run `gh issue view <issue-number> --comments` (plus `--repo` when needed).
-- Identify expected behavior, edge cases, and acceptance signals from issue text/comments.
-- Do not guess missing requirements; ask the user when critical details are ambiguous.
-
-### 4) Open worktree by default after issue selection
-
-- Immediately create and enter an isolated worktree once the issue number is selected and confirmed.
-- Use a compliant branch name (`codex/{change_type}/{changes}`) and keep all edits in that worktree.
-- If the user explicitly asks to stay in the current tree, follow that request; otherwise worktree is the default path.
-
-### 5) Implement the fix with `systematic-debug`
-
-- Execute the `systematic-debug` workflow: inspect, reproduce with tests, diagnose, then apply minimal fix.
-- Keep scope limited to the selected issue.
-- Reuse existing code patterns and avoid unrelated refactors.
-
-### 6) Validate the fix
-
-- Run focused tests/lint/build relevant to the touched area.
-- Capture exact commands and outcomes; these will be reused in the PR body.
-- Ensure the change can be linked back to the issue number.
-
-### 7) Open PR via dependency skill
-
-- If the user explicitly asks to commit and push directly, invoke `commit-and-push` instead of opening a PR.
-- In direct-push mode:
-  - keep the issue number in the commit message or final summary when appropriate
-  - state the exact target branch the user requested
-  - push only after validation is complete
-- Otherwise invoke `open-source-pr-workflow` (or `open-pr-workflow` if that alias exists in the environment).
-- In PR mode, provide:
-  - issue number or link
-  - motivation and engineering decisions
-  - executed test commands and results
-- Include issue-closing reference (for example, `Closes #<issue-number>`) whenever a PR is opened.
-
-### 8) Clean up the temporary worktree after PR creation or direct push
-
-- Once the PR is opened or the direct push is complete and no more work is needed in that isolated tree, remove the worktree you created for the fix.
-- Also clean up the matching local branch reference if it is no longer needed locally.
-- Verify the cleanup with `git worktree list` and confirm the temporary path no longer appears before finishing.
-- If the worktree cannot be removed because of uncommitted changes or a still-checked-out branch, resolve that state immediately instead of leaving cleanup for a later user request.
-
-## Included Script
-
-### `scripts/list_issues.py`
-
-- Purpose: consistent remote issue listing via `gh issue list`.
-- Outputs a readable table by default, or JSON with `--output json`.
-- Uses only GitHub CLI so it reflects remote GitHub state.

package/fix-github-issues/agents/openai.yaml

@@ -1,4 +0,0 @@
-interface:
-  display_name: "Fix GitHub Issues"
-  short_description: "Resolve remote GitHub issues, then open a PR or push directly"
-  default_prompt: "Use $fix-github-issues to verify the target GitHub repository with gh, list and inspect remote issues, create an isolated worktree and compliant branch after issue selection, use $systematic-debug to reproduce and fix the issue with tests, validate the result, then either hand off to $open-source-pr-workflow for a linked PR or to $commit-and-push when the user explicitly wants a direct push, and finally delete the temporary worktree."