claude-code-pilot 3.1.1 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (110) hide show
  1. package/README.md +11 -11
  2. package/bin/install.js +19 -1
  3. package/manifest.json +5 -1
  4. package/package.json +2 -2
  5. package/src/agents/a11y-architect.md +141 -0
  6. package/src/agents/code-architect.md +71 -0
  7. package/src/agents/code-explorer.md +69 -0
  8. package/src/agents/code-simplifier.md +47 -0
  9. package/src/agents/comment-analyzer.md +45 -0
  10. package/src/agents/csharp-reviewer.md +101 -0
  11. package/src/agents/dart-build-resolver.md +201 -0
  12. package/src/agents/pr-test-analyzer.md +45 -0
  13. package/src/agents/silent-failure-hunter.md +50 -0
  14. package/src/agents/type-design-analyzer.md +41 -0
  15. package/src/available-rules/README.md +3 -1
  16. package/src/available-rules/dart/coding-style.md +159 -0
  17. package/src/available-rules/dart/hooks.md +66 -0
  18. package/src/available-rules/dart/patterns.md +261 -0
  19. package/src/available-rules/dart/security.md +135 -0
  20. package/src/available-rules/dart/testing.md +215 -0
  21. package/src/available-rules/web/coding-style.md +105 -0
  22. package/src/available-rules/web/design-quality.md +72 -0
  23. package/src/available-rules/web/hooks.md +129 -0
  24. package/src/available-rules/web/patterns.md +88 -0
  25. package/src/available-rules/web/performance.md +73 -0
  26. package/src/available-rules/web/security.md +66 -0
  27. package/src/available-rules/web/testing.md +64 -0
  28. package/src/commands/ccp/ai-integration-phase.md +36 -0
  29. package/src/commands/ccp/audit-fix.md +33 -0
  30. package/src/commands/ccp/code-review-fix.md +52 -0
  31. package/src/commands/ccp/eval-review.md +32 -0
  32. package/src/commands/ccp/extract_learnings.md +22 -0
  33. package/src/commands/ccp/import.md +37 -0
  34. package/src/commands/ccp/ingest-docs.md +42 -0
  35. package/src/commands/ccp/intel.md +179 -0
  36. package/src/commands/ccp/plan-review-convergence.md +58 -0
  37. package/src/commands/ccp/scan.md +26 -0
  38. package/src/commands/ccp/sketch-wrap-up.md +31 -0
  39. package/src/commands/ccp/sketch.md +54 -0
  40. package/src/commands/ccp/spec-phase.md +62 -0
  41. package/src/commands/ccp/spike-wrap-up.md +31 -0
  42. package/src/commands/ccp/spike.md +51 -0
  43. package/src/commands/ccp/ultraplan-phase.md +33 -0
  44. package/src/hooks/ccp-read-injection-scanner.js +152 -0
  45. package/src/hooks/kit-check-update.js +59 -7
  46. package/src/hooks/run-with-flags-shell.sh +1 -0
  47. package/src/hooks/run-with-flags.js +48 -1
  48. package/src/hooks/session-end.js +88 -1
  49. package/src/lib/hook-flags.js +14 -0
  50. package/src/pilot/references/agent-contracts.md +79 -0
  51. package/src/pilot/references/ai-evals.md +156 -0
  52. package/src/pilot/references/ai-frameworks.md +186 -0
  53. package/src/pilot/references/doc-conflict-engine.md +91 -0
  54. package/src/pilot/references/gate-prompts.md +100 -0
  55. package/src/pilot/references/gates.md +70 -0
  56. package/src/pilot/references/mandatory-initial-read.md +2 -0
  57. package/src/pilot/references/project-skills-discovery.md +19 -0
  58. package/src/pilot/references/revision-loop.md +97 -0
  59. package/src/pilot/references/sketch-interactivity.md +41 -0
  60. package/src/pilot/references/sketch-theme-system.md +94 -0
  61. package/src/pilot/references/sketch-tooling.md +45 -0
  62. package/src/pilot/references/sketch-variant-patterns.md +81 -0
  63. package/src/pilot/references/thinking-models-debug.md +44 -0
  64. package/src/pilot/references/thinking-models-execution.md +50 -0
  65. package/src/pilot/references/thinking-models-planning.md +62 -0
  66. package/src/pilot/references/thinking-models-research.md +50 -0
  67. package/src/pilot/references/thinking-models-verification.md +55 -0
  68. package/src/pilot/templates/AI-SPEC.md +246 -0
  69. package/src/pilot/templates/spec.md +307 -0
  70. package/src/pilot/workflows/ai-integration-phase.md +284 -0
  71. package/src/pilot/workflows/audit-fix.md +175 -0
  72. package/src/pilot/workflows/code-review-fix.md +497 -0
  73. package/src/pilot/workflows/eval-review.md +155 -0
  74. package/src/pilot/workflows/extract_learnings.md +242 -0
  75. package/src/pilot/workflows/import.md +246 -0
  76. package/src/pilot/workflows/ingest-docs.md +328 -0
  77. package/src/pilot/workflows/plan-review-convergence.md +329 -0
  78. package/src/pilot/workflows/scan.md +102 -0
  79. package/src/pilot/workflows/sketch-wrap-up.md +285 -0
  80. package/src/pilot/workflows/sketch.md +360 -0
  81. package/src/pilot/workflows/spec-phase.md +262 -0
  82. package/src/pilot/workflows/spike-wrap-up.md +306 -0
  83. package/src/pilot/workflows/spike.md +452 -0
  84. package/src/pilot/workflows/ultraplan-phase.md +189 -0
  85. package/src/skills/accessibility/SKILL.md +146 -0
  86. package/src/skills/agent-eval/SKILL.md +145 -0
  87. package/src/skills/agent-introspection-debugging/SKILL.md +153 -0
  88. package/src/skills/android-clean-architecture/SKILL.md +339 -0
  89. package/src/skills/api-connector-builder/SKILL.md +120 -0
  90. package/src/skills/code-tour/SKILL.md +236 -0
  91. package/src/skills/compose-multiplatform-patterns/SKILL.md +299 -0
  92. package/src/skills/csharp-testing/SKILL.md +321 -0
  93. package/src/skills/dart-flutter-patterns/SKILL.md +563 -0
  94. package/src/skills/dashboard-builder/SKILL.md +108 -0
  95. package/src/skills/dotnet-patterns/SKILL.md +321 -0
  96. package/src/skills/frontend-design/SKILL.md +145 -0
  97. package/src/skills/frontend-slides/SKILL.md +184 -0
  98. package/src/skills/frontend-slides/STYLE_PRESETS.md +330 -0
  99. package/src/skills/gateguard/SKILL.md +121 -0
  100. package/src/skills/github-ops/SKILL.md +144 -0
  101. package/src/skills/hookify-rules/SKILL.md +128 -0
  102. package/src/skills/knowledge-ops/SKILL.md +154 -0
  103. package/src/skills/liquid-glass-design/SKILL.md +279 -0
  104. package/src/skills/nestjs-patterns/SKILL.md +230 -0
  105. package/src/skills/security-bounty-hunter/SKILL.md +99 -0
  106. package/src/skills/swift-actor-persistence/SKILL.md +143 -0
  107. package/src/skills/swift-protocol-di-testing/SKILL.md +190 -0
  108. package/src/skills/swiftui-patterns/SKILL.md +259 -0
  109. package/src/skills/terminal-ops/SKILL.md +109 -0
  110. package/src/skills/ui-demo/SKILL.md +465 -0
@@ -0,0 +1,330 @@
1
+ # Style Presets Reference
2
+
3
+ Curated visual styles for `frontend-slides`.
4
+
5
+ Use this file for:
6
+ - the mandatory viewport-fitting CSS base
7
+ - preset selection and mood mapping
8
+ - CSS gotchas and validation rules
9
+
10
+ Abstract shapes only. Avoid illustrations unless the user explicitly asks for them.
11
+
12
+ ## Viewport Fit Is Non-Negotiable
13
+
14
+ Every slide must fully fit in one viewport.
15
+
16
+ ### Golden Rule
17
+
18
+ ```text
19
+ Each slide = exactly one viewport height.
20
+ Too much content = split into more slides.
21
+ Never scroll inside a slide.
22
+ ```
23
+
24
+ ### Density Limits
25
+
26
+ | Slide Type | Maximum Content |
27
+ |------------|-----------------|
28
+ | Title slide | 1 heading + 1 subtitle + optional tagline |
29
+ | Content slide | 1 heading + 4-6 bullets or 2 paragraphs |
30
+ | Feature grid | 6 cards maximum |
31
+ | Code slide | 8-10 lines maximum |
32
+ | Quote slide | 1 quote + attribution |
33
+ | Image slide | 1 image, ideally under 60vh |
34
+
35
+ ## Mandatory Base CSS
36
+
37
+ Copy this block into every generated presentation and then theme on top of it.
38
+
39
+ ```css
40
+ /* ===========================================
41
+ VIEWPORT FITTING: MANDATORY BASE STYLES
42
+ =========================================== */
43
+
44
+ html, body {
45
+ height: 100%;
46
+ overflow-x: hidden;
47
+ }
48
+
49
+ html {
50
+ scroll-snap-type: y mandatory;
51
+ scroll-behavior: smooth;
52
+ }
53
+
54
+ .slide {
55
+ width: 100vw;
56
+ height: 100vh;
57
+ height: 100dvh;
58
+ overflow: hidden;
59
+ scroll-snap-align: start;
60
+ display: flex;
61
+ flex-direction: column;
62
+ position: relative;
63
+ }
64
+
65
+ .slide-content {
66
+ flex: 1;
67
+ display: flex;
68
+ flex-direction: column;
69
+ justify-content: center;
70
+ max-height: 100%;
71
+ overflow: hidden;
72
+ padding: var(--slide-padding);
73
+ }
74
+
75
+ :root {
76
+ --title-size: clamp(1.5rem, 5vw, 4rem);
77
+ --h2-size: clamp(1.25rem, 3.5vw, 2.5rem);
78
+ --h3-size: clamp(1rem, 2.5vw, 1.75rem);
79
+ --body-size: clamp(0.75rem, 1.5vw, 1.125rem);
80
+ --small-size: clamp(0.65rem, 1vw, 0.875rem);
81
+
82
+ --slide-padding: clamp(1rem, 4vw, 4rem);
83
+ --content-gap: clamp(0.5rem, 2vw, 2rem);
84
+ --element-gap: clamp(0.25rem, 1vw, 1rem);
85
+ }
86
+
87
+ .card, .container, .content-box {
88
+ max-width: min(90vw, 1000px);
89
+ max-height: min(80vh, 700px);
90
+ }
91
+
92
+ .feature-list, .bullet-list {
93
+ gap: clamp(0.4rem, 1vh, 1rem);
94
+ }
95
+
96
+ .feature-list li, .bullet-list li {
97
+ font-size: var(--body-size);
98
+ line-height: 1.4;
99
+ }
100
+
101
+ .grid {
102
+ display: grid;
103
+ grid-template-columns: repeat(auto-fit, minmax(min(100%, 250px), 1fr));
104
+ gap: clamp(0.5rem, 1.5vw, 1rem);
105
+ }
106
+
107
+ img, .image-container {
108
+ max-width: 100%;
109
+ max-height: min(50vh, 400px);
110
+ object-fit: contain;
111
+ }
112
+
113
+ @media (max-height: 700px) {
114
+ :root {
115
+ --slide-padding: clamp(0.75rem, 3vw, 2rem);
116
+ --content-gap: clamp(0.4rem, 1.5vw, 1rem);
117
+ --title-size: clamp(1.25rem, 4.5vw, 2.5rem);
118
+ --h2-size: clamp(1rem, 3vw, 1.75rem);
119
+ }
120
+ }
121
+
122
+ @media (max-height: 600px) {
123
+ :root {
124
+ --slide-padding: clamp(0.5rem, 2.5vw, 1.5rem);
125
+ --content-gap: clamp(0.3rem, 1vw, 0.75rem);
126
+ --title-size: clamp(1.1rem, 4vw, 2rem);
127
+ --body-size: clamp(0.7rem, 1.2vw, 0.95rem);
128
+ }
129
+
130
+ .nav-dots, .keyboard-hint, .decorative {
131
+ display: none;
132
+ }
133
+ }
134
+
135
+ @media (max-height: 500px) {
136
+ :root {
137
+ --slide-padding: clamp(0.4rem, 2vw, 1rem);
138
+ --title-size: clamp(1rem, 3.5vw, 1.5rem);
139
+ --h2-size: clamp(0.9rem, 2.5vw, 1.25rem);
140
+ --body-size: clamp(0.65rem, 1vw, 0.85rem);
141
+ }
142
+ }
143
+
144
+ @media (max-width: 600px) {
145
+ :root {
146
+ --title-size: clamp(1.25rem, 7vw, 2.5rem);
147
+ }
148
+
149
+ .grid {
150
+ grid-template-columns: 1fr;
151
+ }
152
+ }
153
+
154
+ @media (prefers-reduced-motion: reduce) {
155
+ *, *::before, *::after {
156
+ animation-duration: 0.01ms !important;
157
+ transition-duration: 0.2s !important;
158
+ }
159
+
160
+ html {
161
+ scroll-behavior: auto;
162
+ }
163
+ }
164
+ ```
165
+
166
+ ## Viewport Checklist
167
+
168
+ - every `.slide` has `height: 100vh`, `height: 100dvh`, and `overflow: hidden`
169
+ - all typography uses `clamp()`
170
+ - all spacing uses `clamp()` or viewport units
171
+ - images have `max-height` constraints
172
+ - grids adapt with `auto-fit` + `minmax()`
173
+ - short-height breakpoints exist at `700px`, `600px`, and `500px`
174
+ - if anything feels cramped, split the slide
175
+
176
+ ## Mood to Preset Mapping
177
+
178
+ | Mood | Good Presets |
179
+ |------|--------------|
180
+ | Impressed / Confident | Bold Signal, Electric Studio, Dark Botanical |
181
+ | Excited / Energized | Creative Voltage, Neon Cyber, Split Pastel |
182
+ | Calm / Focused | Notebook Tabs, Paper & Ink, Swiss Modern |
183
+ | Inspired / Moved | Dark Botanical, Vintage Editorial, Pastel Geometry |
184
+
185
+ ## Preset Catalog
186
+
187
+ ### 1. Bold Signal
188
+
189
+ - Vibe: confident, high-impact, keynote-ready
190
+ - Best for: pitch decks, launches, statements
191
+ - Fonts: Archivo Black + Space Grotesk
192
+ - Palette: charcoal base, hot orange focal card, crisp white text
193
+ - Signature: oversized section numbers, high-contrast card on dark field
194
+
195
+ ### 2. Electric Studio
196
+
197
+ - Vibe: clean, bold, agency-polished
198
+ - Best for: client presentations, strategic reviews
199
+ - Fonts: Manrope only
200
+ - Palette: black, white, saturated cobalt accent
201
+ - Signature: two-panel split and sharp editorial alignment
202
+
203
+ ### 3. Creative Voltage
204
+
205
+ - Vibe: energetic, retro-modern, playful confidence
206
+ - Best for: creative studios, brand work, product storytelling
207
+ - Fonts: Syne + Space Mono
208
+ - Palette: electric blue, neon yellow, deep navy
209
+ - Signature: halftone textures, badges, punchy contrast
210
+
211
+ ### 4. Dark Botanical
212
+
213
+ - Vibe: elegant, premium, atmospheric
214
+ - Best for: luxury brands, thoughtful narratives, premium product decks
215
+ - Fonts: Cormorant + IBM Plex Sans
216
+ - Palette: near-black, warm ivory, blush, gold, terracotta
217
+ - Signature: blurred abstract circles, fine rules, restrained motion
218
+
219
+ ### 5. Notebook Tabs
220
+
221
+ - Vibe: editorial, organized, tactile
222
+ - Best for: reports, reviews, structured storytelling
223
+ - Fonts: Bodoni Moda + DM Sans
224
+ - Palette: cream paper on charcoal with pastel tabs
225
+ - Signature: paper sheet, colored side tabs, binder details
226
+
227
+ ### 6. Pastel Geometry
228
+
229
+ - Vibe: approachable, modern, friendly
230
+ - Best for: product overviews, onboarding, lighter brand decks
231
+ - Fonts: Plus Jakarta Sans only
232
+ - Palette: pale blue field, cream card, soft pink/mint/lavender accents
233
+ - Signature: vertical pills, rounded cards, soft shadows
234
+
235
+ ### 7. Split Pastel
236
+
237
+ - Vibe: playful, modern, creative
238
+ - Best for: agency intros, workshops, portfolios
239
+ - Fonts: Outfit only
240
+ - Palette: peach + lavender split with mint badges
241
+ - Signature: split backdrop, rounded tags, light grid overlays
242
+
243
+ ### 8. Vintage Editorial
244
+
245
+ - Vibe: witty, personality-driven, magazine-inspired
246
+ - Best for: personal brands, opinionated talks, storytelling
247
+ - Fonts: Fraunces + Work Sans
248
+ - Palette: cream, charcoal, dusty warm accents
249
+ - Signature: geometric accents, bordered callouts, punchy serif headlines
250
+
251
+ ### 9. Neon Cyber
252
+
253
+ - Vibe: futuristic, techy, kinetic
254
+ - Best for: AI, infra, dev tools, future-of-X talks
255
+ - Fonts: Clash Display + Satoshi
256
+ - Palette: midnight navy, cyan, magenta
257
+ - Signature: glow, particles, grids, data-radar energy
258
+
259
+ ### 10. Terminal Green
260
+
261
+ - Vibe: developer-focused, hacker-clean
262
+ - Best for: APIs, CLI tools, engineering demos
263
+ - Fonts: JetBrains Mono only
264
+ - Palette: GitHub dark + terminal green
265
+ - Signature: scan lines, command-line framing, precise monospace rhythm
266
+
267
+ ### 11. Swiss Modern
268
+
269
+ - Vibe: minimal, precise, data-forward
270
+ - Best for: corporate, product strategy, analytics
271
+ - Fonts: Archivo + Nunito
272
+ - Palette: white, black, signal red
273
+ - Signature: visible grids, asymmetry, geometric discipline
274
+
275
+ ### 12. Paper & Ink
276
+
277
+ - Vibe: literary, thoughtful, story-driven
278
+ - Best for: essays, keynote narratives, manifesto decks
279
+ - Fonts: Cormorant Garamond + Source Serif 4
280
+ - Palette: warm cream, charcoal, crimson accent
281
+ - Signature: pull quotes, drop caps, elegant rules
282
+
283
+ ## Direct Selection Prompts
284
+
285
+ If the user already knows the style they want, let them pick directly from the preset names above instead of forcing preview generation.
286
+
287
+ ## Animation Feel Mapping
288
+
289
+ | Feeling | Motion Direction |
290
+ |---------|------------------|
291
+ | Dramatic / Cinematic | slow fades, parallax, large scale-ins |
292
+ | Techy / Futuristic | glow, particles, grid motion, scramble text |
293
+ | Playful / Friendly | springy easing, rounded shapes, floating motion |
294
+ | Professional / Corporate | subtle 200-300ms transitions, clean slides |
295
+ | Calm / Minimal | very restrained movement, whitespace-first |
296
+ | Editorial / Magazine | strong hierarchy, staggered text and image interplay |
297
+
298
+ ## CSS Gotcha: Negating Functions
299
+
300
+ Never write these:
301
+
302
+ ```css
303
+ right: -clamp(28px, 3.5vw, 44px);
304
+ margin-left: -min(10vw, 100px);
305
+ ```
306
+
307
+ Browsers ignore them silently.
308
+
309
+ Always write this instead:
310
+
311
+ ```css
312
+ right: calc(-1 * clamp(28px, 3.5vw, 44px));
313
+ margin-left: calc(-1 * min(10vw, 100px));
314
+ ```
315
+
316
+ ## Validation Sizes
317
+
318
+ Test at minimum:
319
+ - Desktop: `1920x1080`, `1440x900`, `1280x720`
320
+ - Tablet: `1024x768`, `768x1024`
321
+ - Mobile: `375x667`, `414x896`
322
+ - Landscape phone: `667x375`, `896x414`
323
+
324
+ ## Anti-Patterns
325
+
326
+ Do not use:
327
+ - purple-on-white startup templates
328
+ - Inter / Roboto / Arial as the visual voice unless the user explicitly wants utilitarian neutrality
329
+ - bullet walls, tiny type, or code blocks that require scrolling
330
+ - decorative illustrations when abstract geometry would do the job better
@@ -0,0 +1,121 @@
1
+ ---
2
+ name: gateguard
3
+ description: Fact-forcing gate that blocks Edit/Write/Bash (including MultiEdit) and demands concrete investigation (importers, data schemas, user instruction) before allowing the action. Measurably improves output quality by +2.25 points vs ungated agents.
4
+ origin: community
5
+ ---
6
+
7
+ # GateGuard — Fact-Forcing Pre-Action Gate
8
+
9
+ A PreToolUse hook that forces Claude to investigate before editing. Instead of self-evaluation ("are you sure?"), it demands concrete facts. The act of investigation creates awareness that self-evaluation never did.
10
+
11
+ ## When to Activate
12
+
13
+ - Working on any codebase where file edits affect multiple modules
14
+ - Projects with data files that have specific schemas or date formats
15
+ - Teams where AI-generated code must match existing patterns
16
+ - Any workflow where Claude tends to guess instead of investigating
17
+
18
+ ## Core Concept
19
+
20
+ LLM self-evaluation doesn't work. Ask "did you violate any policies?" and the answer is always "no." This is verified experimentally.
21
+
22
+ But asking "list every file that imports this module" forces the LLM to run Grep and Read. The investigation itself creates context that changes the output.
23
+
24
+ **Three-stage gate:**
25
+
26
+ ```
27
+ 1. DENY — block the first Edit/Write/Bash attempt
28
+ 2. FORCE — tell the model exactly which facts to gather
29
+ 3. ALLOW — permit retry after facts are presented
30
+ ```
31
+
32
+ No competitor does all three. Most stop at deny.
33
+
34
+ ## Evidence
35
+
36
+ Two independent A/B tests, identical agents, same task:
37
+
38
+ | Task | Gated | Ungated | Gap |
39
+ | --- | --- | --- | --- |
40
+ | Analytics module | 8.0/10 | 6.5/10 | +1.5 |
41
+ | Webhook validator | 10.0/10 | 7.0/10 | +3.0 |
42
+ | **Average** | **9.0** | **6.75** | **+2.25** |
43
+
44
+ Both agents produce code that runs and passes tests. The difference is design depth.
45
+
46
+ ## Gate Types
47
+
48
+ ### Edit / MultiEdit Gate (first edit per file)
49
+
50
+ MultiEdit is handled identically — each file in the batch is gated individually.
51
+
52
+ ```
53
+ Before editing {file_path}, present these facts:
54
+
55
+ 1. List ALL files that import/require this file (use Grep)
56
+ 2. List the public functions/classes affected by this change
57
+ 3. If this file reads/writes data files, show field names, structure,
58
+ and date format (use redacted or synthetic values, not raw production data)
59
+ 4. Quote the user's current instruction verbatim
60
+ ```
61
+
62
+ ### Write Gate (first new file creation)
63
+
64
+ ```
65
+ Before creating {file_path}, present these facts:
66
+
67
+ 1. Name the file(s) and line(s) that will call this new file
68
+ 2. Confirm no existing file serves the same purpose (use Glob)
69
+ 3. If this file reads/writes data files, show field names, structure,
70
+ and date format (use redacted or synthetic values, not raw production data)
71
+ 4. Quote the user's current instruction verbatim
72
+ ```
73
+
74
+ ### Destructive Bash Gate (every destructive command)
75
+
76
+ Triggers on: `rm -rf`, `git reset --hard`, `git push --force`, `drop table`, etc.
77
+
78
+ ```
79
+ 1. List all files/data this command will modify or delete
80
+ 2. Write a one-line rollback procedure
81
+ 3. Quote the user's current instruction verbatim
82
+ ```
83
+
84
+ ### Routine Bash Gate (once per session)
85
+
86
+ ```
87
+ 1. The current user request in one sentence
88
+ 2. What this specific command verifies or produces
89
+ ```
90
+
91
+ ## Quick Start
92
+
93
+ ### Option A: Use the ECC hook (zero install)
94
+
95
+ The hook at `scripts/hooks/gateguard-fact-force.js` is included in this plugin. Enable it via hooks.json.
96
+
97
+ ### Option B: Full package with config
98
+
99
+ ```bash
100
+ pip install gateguard-ai
101
+ gateguard init
102
+ ```
103
+
104
+ This adds `.gateguard.yml` for per-project configuration (custom messages, ignore paths, gate toggles).
105
+
106
+ ## Anti-Patterns
107
+
108
+ - **Don't use self-evaluation instead.** "Are you sure?" always gets "yes." This is experimentally verified.
109
+ - **Don't skip the data schema check.** Both A/B test agents assumed ISO-8601 dates when real data used `%Y/%m/%d %H:%M`. Checking data structure (with redacted values) prevents this entire class of bugs.
110
+ - **Don't gate every single Bash command.** Routine bash gates once per session. Destructive bash gates every time. This balance avoids slowdown while catching real risks.
111
+
112
+ ## Best Practices
113
+
114
+ - Let the gate fire naturally. Don't try to pre-answer the gate questions — the investigation itself is what improves quality.
115
+ - Customize gate messages for your domain. If your project has specific conventions, add them to the gate prompts.
116
+ - Use `.gateguard.yml` to ignore paths like `.venv/`, `node_modules/`, `.git/`.
117
+
118
+ ## Related Skills
119
+
120
+ - `safety-guard` — Runtime safety checks (complementary, not overlapping)
121
+ - `code-reviewer` — Post-edit review (GateGuard is pre-edit investigation)
@@ -0,0 +1,144 @@
1
+ ---
2
+ name: github-ops
3
+ description: GitHub repository operations, automation, and management. Issue triage, PR management, CI/CD operations, release management, and security monitoring using the gh CLI. Use when the user wants to manage GitHub issues, PRs, CI status, releases, contributors, stale items, or any GitHub operational task beyond simple git commands.
4
+ origin: ECC
5
+ ---
6
+
7
+ # GitHub Operations
8
+
9
+ Manage GitHub repositories with a focus on community health, CI reliability, and contributor experience.
10
+
11
+ ## When to Activate
12
+
13
+ - Triaging issues (classifying, labeling, responding, deduplicating)
14
+ - Managing PRs (review status, CI checks, stale PRs, merge readiness)
15
+ - Debugging CI/CD failures
16
+ - Preparing releases and changelogs
17
+ - Monitoring Dependabot and security alerts
18
+ - Managing contributor experience on open-source projects
19
+ - User says "check GitHub", "triage issues", "review PRs", "merge", "release", "CI is broken"
20
+
21
+ ## Tool Requirements
22
+
23
+ - **gh CLI** for all GitHub API operations
24
+ - Repository access configured via `gh auth login`
25
+
26
+ ## Issue Triage
27
+
28
+ Classify each issue by type and priority:
29
+
30
+ **Types:** bug, feature-request, question, documentation, enhancement, duplicate, invalid, good-first-issue
31
+
32
+ **Priority:** critical (breaking/security), high (significant impact), medium (nice to have), low (cosmetic)
33
+
34
+ ### Triage Workflow
35
+
36
+ 1. Read the issue title, body, and comments
37
+ 2. Check if it duplicates an existing issue (search by keywords)
38
+ 3. Apply appropriate labels via `gh issue edit --add-label`
39
+ 4. For questions: draft and post a helpful response
40
+ 5. For bugs needing more info: ask for reproduction steps
41
+ 6. For good first issues: add `good-first-issue` label
42
+ 7. For duplicates: comment with link to original, add `duplicate` label
43
+
44
+ ```bash
45
+ # Search for potential duplicates
46
+ gh issue list --search "keyword" --state all --limit 20
47
+
48
+ # Add labels
49
+ gh issue edit <number> --add-label "bug,high-priority"
50
+
51
+ # Comment on issue
52
+ gh issue comment <number> --body "Thanks for reporting. Could you share reproduction steps?"
53
+ ```
54
+
55
+ ## PR Management
56
+
57
+ ### Review Checklist
58
+
59
+ 1. Check CI status: `gh pr checks <number>`
60
+ 2. Check if mergeable: `gh pr view <number> --json mergeable`
61
+ 3. Check age and last activity
62
+ 4. Flag PRs >5 days with no review
63
+ 5. For community PRs: ensure they have tests and follow conventions
64
+
65
+ ### Stale Policy
66
+
67
+ - Issues with no activity in 14+ days: add `stale` label, comment asking for update
68
+ - PRs with no activity in 7+ days: comment asking if still active
69
+ - Auto-close stale issues after 30 days with no response (add `closed-stale` label)
70
+
71
+ ```bash
72
+ # Find stale issues (no activity in 14+ days)
73
+ gh issue list --label "stale" --state open
74
+
75
+ # Find PRs with no recent activity
76
+ gh pr list --json number,title,updatedAt --jq '.[] | select(.updatedAt < "2026-03-01")'
77
+ ```
78
+
79
+ ## CI/CD Operations
80
+
81
+ When CI fails:
82
+
83
+ 1. Check the workflow run: `gh run view <run-id> --log-failed`
84
+ 2. Identify the failing step
85
+ 3. Check if it is a flaky test vs real failure
86
+ 4. For real failures: identify the root cause and suggest a fix
87
+ 5. For flaky tests: note the pattern for future investigation
88
+
89
+ ```bash
90
+ # List recent failed runs
91
+ gh run list --status failure --limit 10
92
+
93
+ # View failed run logs
94
+ gh run view <run-id> --log-failed
95
+
96
+ # Re-run a failed workflow
97
+ gh run rerun <run-id> --failed
98
+ ```
99
+
100
+ ## Release Management
101
+
102
+ When preparing a release:
103
+
104
+ 1. Check all CI is green on main
105
+ 2. Review unreleased changes: `gh pr list --state merged --base main`
106
+ 3. Generate changelog from PR titles
107
+ 4. Create release: `gh release create`
108
+
109
+ ```bash
110
+ # List merged PRs since last release
111
+ gh pr list --state merged --base main --search "merged:>2026-03-01"
112
+
113
+ # Create a release
114
+ gh release create v1.2.0 --title "v1.2.0" --generate-notes
115
+
116
+ # Create a pre-release
117
+ gh release create v1.3.0-rc1 --prerelease --title "v1.3.0 Release Candidate 1"
118
+ ```
119
+
120
+ ## Security Monitoring
121
+
122
+ ```bash
123
+ # Check Dependabot alerts
124
+ gh api repos/{owner}/{repo}/dependabot/alerts --jq '.[].security_advisory.summary'
125
+
126
+ # Check secret scanning alerts
127
+ gh api repos/{owner}/{repo}/secret-scanning/alerts --jq '.[].state'
128
+
129
+ # Review and auto-merge safe dependency bumps
130
+ gh pr list --label "dependencies" --json number,title
131
+ ```
132
+
133
+ - Review and auto-merge safe dependency bumps
134
+ - Flag any critical/high severity alerts immediately
135
+ - Check for new Dependabot alerts weekly at minimum
136
+
137
+ ## Quality Gate
138
+
139
+ Before completing any GitHub operations task:
140
+ - all issues triaged have appropriate labels
141
+ - no PRs older than 7 days without a review or comment
142
+ - CI failures have been investigated (not just re-run)
143
+ - releases include accurate changelogs
144
+ - security alerts are acknowledged and tracked