lastlight 0.1.15 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (478) hide show
  1. package/README.md +265 -118
  2. package/agent-context/rules.md +62 -9
  3. package/agent-context/security.md +69 -0
  4. package/config/default.yaml +89 -0
  5. package/deploy/.env.production.example +20 -2
  6. package/deploy/entrypoint.sh +16 -17
  7. package/deploy/native/README.md +160 -0
  8. package/deploy/native/install.sh +110 -0
  9. package/deploy/native/lastlight.env.example +95 -0
  10. package/deploy/native/lastlight.service +50 -0
  11. package/deploy/sandbox-entrypoint.sh +59 -42
  12. package/dist/admin/auth.d.ts +1 -1
  13. package/dist/admin/auth.js +3 -1
  14. package/dist/admin/auth.js.map +1 -1
  15. package/dist/admin/chat-session-reader.d.ts +11 -14
  16. package/dist/admin/chat-session-reader.js +27 -51
  17. package/dist/admin/chat-session-reader.js.map +1 -1
  18. package/dist/admin/docker.d.ts +37 -0
  19. package/dist/admin/docker.js +86 -1
  20. package/dist/admin/docker.js.map +1 -1
  21. package/dist/admin/index.js +38 -3
  22. package/dist/admin/index.js.map +1 -1
  23. package/dist/admin/log-search.test.d.ts +1 -0
  24. package/dist/admin/log-search.test.js +78 -0
  25. package/dist/admin/log-search.test.js.map +1 -0
  26. package/dist/admin/routes.d.ts +52 -3
  27. package/dist/admin/routes.js +780 -63
  28. package/dist/admin/routes.js.map +1 -1
  29. package/dist/admin/routes.test.js +680 -14
  30. package/dist/admin/routes.test.js.map +1 -1
  31. package/dist/admin/server-logs.test.d.ts +1 -0
  32. package/dist/admin/server-logs.test.js +58 -0
  33. package/dist/admin/server-logs.test.js.map +1 -0
  34. package/dist/admin/sessions.d.ts +26 -39
  35. package/dist/admin/sessions.js +86 -310
  36. package/dist/admin/sessions.js.map +1 -1
  37. package/dist/admin/sessions.test.d.ts +1 -0
  38. package/dist/admin/sessions.test.js +78 -0
  39. package/dist/admin/sessions.test.js.map +1 -0
  40. package/dist/admin/version.d.ts +15 -0
  41. package/dist/admin/version.js +73 -0
  42. package/dist/admin/version.js.map +1 -0
  43. package/dist/admin/version.test.d.ts +1 -0
  44. package/dist/admin/version.test.js +71 -0
  45. package/dist/admin/version.test.js.map +1 -0
  46. package/dist/cli-config.d.ts +55 -0
  47. package/dist/cli-config.js +119 -0
  48. package/dist/cli-config.js.map +1 -0
  49. package/dist/cli-config.test.d.ts +1 -0
  50. package/dist/cli-config.test.js +92 -0
  51. package/dist/cli-config.test.js.map +1 -0
  52. package/dist/cli-format.d.ts +19 -0
  53. package/dist/cli-format.js +107 -0
  54. package/dist/cli-format.js.map +1 -0
  55. package/dist/cli-server.d.ts +73 -0
  56. package/dist/cli-server.js +347 -0
  57. package/dist/cli-server.js.map +1 -0
  58. package/dist/cli-server.test.d.ts +1 -0
  59. package/dist/cli-server.test.js +38 -0
  60. package/dist/cli-server.test.js.map +1 -0
  61. package/dist/cli-timeline.d.ts +35 -0
  62. package/dist/cli-timeline.js +373 -0
  63. package/dist/cli-timeline.js.map +1 -0
  64. package/dist/cli-timeline.test.d.ts +1 -0
  65. package/dist/cli-timeline.test.js +104 -0
  66. package/dist/cli-timeline.test.js.map +1 -0
  67. package/dist/cli.d.ts +0 -19
  68. package/dist/cli.js +910 -194
  69. package/dist/cli.js.map +1 -1
  70. package/dist/config-overlay.test.d.ts +1 -0
  71. package/dist/config-overlay.test.js +112 -0
  72. package/dist/config-overlay.test.js.map +1 -0
  73. package/dist/config-resolve.d.ts +28 -0
  74. package/dist/config-resolve.js +47 -0
  75. package/dist/config-resolve.js.map +1 -0
  76. package/dist/config-resolve.test.d.ts +1 -0
  77. package/dist/config-resolve.test.js +68 -0
  78. package/dist/config-resolve.test.js.map +1 -0
  79. package/dist/config.d.ts +62 -49
  80. package/dist/config.js +452 -76
  81. package/dist/config.js.map +1 -1
  82. package/dist/config.test.js +201 -32
  83. package/dist/config.test.js.map +1 -1
  84. package/dist/connectors/github-webhook.js +83 -5
  85. package/dist/connectors/github-webhook.js.map +1 -1
  86. package/dist/connectors/github-webhook.test.d.ts +1 -0
  87. package/dist/connectors/github-webhook.test.js +156 -0
  88. package/dist/connectors/github-webhook.test.js.map +1 -0
  89. package/dist/connectors/messaging/session-manager.d.ts +18 -0
  90. package/dist/connectors/messaging/session-manager.js +83 -2
  91. package/dist/connectors/messaging/session-manager.js.map +1 -1
  92. package/dist/connectors/messaging/session-manager.test.d.ts +1 -0
  93. package/dist/connectors/messaging/session-manager.test.js +144 -0
  94. package/dist/connectors/messaging/session-manager.test.js.map +1 -0
  95. package/dist/connectors/slack/connector.d.ts +9 -0
  96. package/dist/connectors/slack/connector.js +15 -0
  97. package/dist/connectors/slack/connector.js.map +1 -1
  98. package/dist/connectors/slack/mrkdwn.js +81 -0
  99. package/dist/connectors/slack/mrkdwn.js.map +1 -1
  100. package/dist/connectors/slack/mrkdwn.test.js +49 -0
  101. package/dist/connectors/slack/mrkdwn.test.js.map +1 -1
  102. package/dist/connectors/types.d.ts +1 -1
  103. package/dist/cron/fanout.d.ts +33 -0
  104. package/dist/cron/fanout.js +55 -0
  105. package/dist/cron/fanout.js.map +1 -0
  106. package/dist/cron/fanout.test.d.ts +1 -0
  107. package/dist/cron/fanout.test.js +73 -0
  108. package/dist/cron/fanout.test.js.map +1 -0
  109. package/dist/cron/jobs.d.ts +5 -0
  110. package/dist/cron/jobs.js +10 -3
  111. package/dist/cron/jobs.js.map +1 -1
  112. package/dist/cron/scheduler.d.ts +12 -0
  113. package/dist/cron/scheduler.js +27 -1
  114. package/dist/cron/scheduler.js.map +1 -1
  115. package/dist/engine/agent-executor.d.ts +158 -0
  116. package/dist/engine/agent-executor.js +1140 -0
  117. package/dist/engine/agent-executor.js.map +1 -0
  118. package/dist/engine/agent-executor.test.d.ts +1 -0
  119. package/dist/engine/agent-executor.test.js +395 -0
  120. package/dist/engine/agent-executor.test.js.map +1 -0
  121. package/dist/engine/chat-runner.d.ts +123 -0
  122. package/dist/engine/chat-runner.js +379 -0
  123. package/dist/engine/chat-runner.js.map +1 -0
  124. package/dist/engine/chat-runner.test.d.ts +1 -0
  125. package/dist/engine/chat-runner.test.js +104 -0
  126. package/dist/engine/chat-runner.test.js.map +1 -0
  127. package/dist/engine/chat-skills.d.ts +45 -0
  128. package/dist/engine/chat-skills.js +184 -0
  129. package/dist/engine/chat-skills.js.map +1 -0
  130. package/dist/engine/chat-skills.test.d.ts +1 -0
  131. package/dist/engine/chat-skills.test.js +20 -0
  132. package/dist/engine/chat-skills.test.js.map +1 -0
  133. package/dist/engine/chat.d.ts +20 -23
  134. package/dist/engine/chat.js +251 -155
  135. package/dist/engine/chat.js.map +1 -1
  136. package/dist/engine/chat.test.d.ts +1 -0
  137. package/dist/engine/chat.test.js +42 -0
  138. package/dist/engine/chat.test.js.map +1 -0
  139. package/dist/engine/classifier.d.ts +35 -2
  140. package/dist/engine/classifier.js +170 -31
  141. package/dist/engine/classifier.js.map +1 -1
  142. package/dist/engine/classifier.test.d.ts +1 -0
  143. package/dist/engine/classifier.test.js +115 -0
  144. package/dist/engine/classifier.test.js.map +1 -0
  145. package/dist/engine/dispatcher.d.ts +60 -0
  146. package/dist/engine/dispatcher.js +601 -0
  147. package/dist/engine/dispatcher.js.map +1 -0
  148. package/dist/engine/dispatcher.test.d.ts +1 -0
  149. package/dist/engine/dispatcher.test.js +511 -0
  150. package/dist/engine/dispatcher.test.js.map +1 -0
  151. package/dist/engine/event-shim.d.ts +117 -0
  152. package/dist/engine/event-shim.js +435 -0
  153. package/dist/engine/event-shim.js.map +1 -0
  154. package/dist/engine/event-shim.test.d.ts +1 -0
  155. package/dist/engine/event-shim.test.js +194 -0
  156. package/dist/engine/event-shim.test.js.map +1 -0
  157. package/dist/engine/git-auth.d.ts +13 -17
  158. package/dist/engine/git-auth.js +99 -42
  159. package/dist/engine/git-auth.js.map +1 -1
  160. package/dist/engine/git-auth.test.d.ts +1 -0
  161. package/dist/engine/git-auth.test.js +117 -0
  162. package/dist/engine/git-auth.test.js.map +1 -0
  163. package/dist/engine/github-app-client.d.ts +7 -0
  164. package/dist/engine/github-app-client.js +16 -0
  165. package/dist/engine/github-app-client.js.map +1 -0
  166. package/dist/engine/github-app-client.test.d.ts +1 -0
  167. package/dist/engine/github-app-client.test.js +44 -0
  168. package/dist/engine/github-app-client.test.js.map +1 -0
  169. package/dist/engine/github-tools.d.ts +12 -0
  170. package/dist/engine/github-tools.js +261 -0
  171. package/dist/engine/github-tools.js.map +1 -0
  172. package/dist/engine/github.d.ts +1027 -43
  173. package/dist/engine/github.js +153 -14
  174. package/dist/engine/github.js.map +1 -1
  175. package/dist/engine/llm.d.ts +47 -0
  176. package/dist/engine/llm.js +221 -0
  177. package/dist/engine/llm.js.map +1 -0
  178. package/dist/engine/llm.test.d.ts +1 -0
  179. package/dist/engine/llm.test.js +189 -0
  180. package/dist/engine/llm.test.js.map +1 -0
  181. package/dist/engine/profiles.d.ts +249 -0
  182. package/dist/engine/profiles.js +42 -0
  183. package/dist/engine/profiles.js.map +1 -0
  184. package/dist/engine/router.d.ts +12 -6
  185. package/dist/engine/router.js +339 -81
  186. package/dist/engine/router.js.map +1 -1
  187. package/dist/engine/router.test.js +428 -78
  188. package/dist/engine/router.test.js.map +1 -1
  189. package/dist/engine/screen.d.ts +41 -0
  190. package/dist/engine/screen.js +93 -0
  191. package/dist/engine/screen.js.map +1 -0
  192. package/dist/engine/screen.test.d.ts +1 -0
  193. package/dist/engine/screen.test.js +82 -0
  194. package/dist/engine/screen.test.js.map +1 -0
  195. package/dist/index.js +377 -432
  196. package/dist/index.js.map +1 -1
  197. package/dist/managed-repos.d.ts +7 -9
  198. package/dist/managed-repos.js +12 -15
  199. package/dist/managed-repos.js.map +1 -1
  200. package/dist/managed-repos.test.js +24 -19
  201. package/dist/managed-repos.test.js.map +1 -1
  202. package/dist/notify/index.d.ts +15 -0
  203. package/dist/notify/index.js +6 -0
  204. package/dist/notify/index.js.map +1 -0
  205. package/dist/notify/model.d.ts +57 -0
  206. package/dist/notify/model.js +89 -0
  207. package/dist/notify/model.js.map +1 -0
  208. package/dist/notify/model.test.d.ts +1 -0
  209. package/dist/notify/model.test.js +109 -0
  210. package/dist/notify/model.test.js.map +1 -0
  211. package/dist/notify/notifier.d.ts +17 -0
  212. package/dist/notify/notifier.js +87 -0
  213. package/dist/notify/notifier.js.map +1 -0
  214. package/dist/notify/notifier.test.d.ts +1 -0
  215. package/dist/notify/notifier.test.js +100 -0
  216. package/dist/notify/notifier.test.js.map +1 -0
  217. package/dist/notify/render.d.ts +21 -0
  218. package/dist/notify/render.js +59 -0
  219. package/dist/notify/render.js.map +1 -0
  220. package/dist/notify/render.test.d.ts +1 -0
  221. package/dist/notify/render.test.js +65 -0
  222. package/dist/notify/render.test.js.map +1 -0
  223. package/dist/notify/transports/github.d.ts +26 -0
  224. package/dist/notify/transports/github.js +26 -0
  225. package/dist/notify/transports/github.js.map +1 -0
  226. package/dist/notify/transports/slack.d.ts +26 -0
  227. package/dist/notify/transports/slack.js +28 -0
  228. package/dist/notify/transports/slack.js.map +1 -0
  229. package/dist/notify/transports.test.d.ts +1 -0
  230. package/dist/notify/transports.test.js +71 -0
  231. package/dist/notify/transports.test.js.map +1 -0
  232. package/dist/notify/types.d.ts +95 -0
  233. package/dist/notify/types.js +16 -0
  234. package/dist/notify/types.js.map +1 -0
  235. package/dist/sandbox/docker-compose.test.d.ts +1 -0
  236. package/dist/sandbox/docker-compose.test.js +128 -0
  237. package/dist/sandbox/docker-compose.test.js.map +1 -0
  238. package/dist/sandbox/docker.d.ts +97 -9
  239. package/dist/sandbox/docker.js +192 -41
  240. package/dist/sandbox/docker.js.map +1 -1
  241. package/dist/sandbox/docker.test.d.ts +1 -0
  242. package/dist/sandbox/docker.test.js +137 -0
  243. package/dist/sandbox/docker.test.js.map +1 -0
  244. package/dist/sandbox/egress-allowlist.d.ts +69 -0
  245. package/dist/sandbox/egress-allowlist.js +164 -0
  246. package/dist/sandbox/egress-allowlist.js.map +1 -0
  247. package/dist/sandbox/egress-allowlist.test.d.ts +1 -0
  248. package/dist/sandbox/egress-allowlist.test.js +65 -0
  249. package/dist/sandbox/egress-allowlist.test.js.map +1 -0
  250. package/dist/sandbox/egress-firewall-config.d.ts +127 -0
  251. package/dist/sandbox/egress-firewall-config.js +434 -0
  252. package/dist/sandbox/egress-firewall-config.js.map +1 -0
  253. package/dist/sandbox/egress-firewall-config.test.d.ts +1 -0
  254. package/dist/sandbox/egress-firewall-config.test.js +244 -0
  255. package/dist/sandbox/egress-firewall-config.test.js.map +1 -0
  256. package/dist/sandbox/images.d.ts +23 -0
  257. package/dist/sandbox/images.js +55 -0
  258. package/dist/sandbox/images.js.map +1 -0
  259. package/dist/sandbox/index.d.ts +82 -3
  260. package/dist/sandbox/index.js +223 -93
  261. package/dist/sandbox/index.js.map +1 -1
  262. package/dist/sandbox/index.test.d.ts +1 -0
  263. package/dist/sandbox/index.test.js +157 -0
  264. package/dist/sandbox/index.test.js.map +1 -0
  265. package/dist/session-log.d.ts +63 -0
  266. package/dist/session-log.js +290 -0
  267. package/dist/session-log.js.map +1 -0
  268. package/dist/session-log.test.d.ts +1 -0
  269. package/dist/session-log.test.js +85 -0
  270. package/dist/session-log.test.js.map +1 -0
  271. package/dist/setup.d.ts +30 -1
  272. package/dist/setup.js +241 -25
  273. package/dist/setup.js.map +1 -1
  274. package/dist/setup.test.js +138 -6
  275. package/dist/setup.test.js.map +1 -1
  276. package/dist/state/approval-store.d.ts +86 -0
  277. package/dist/state/approval-store.js +140 -0
  278. package/dist/state/approval-store.js.map +1 -0
  279. package/dist/state/build-assets.d.ts +50 -0
  280. package/dist/state/build-assets.js +154 -0
  281. package/dist/state/build-assets.js.map +1 -0
  282. package/dist/state/build-assets.test.d.ts +1 -0
  283. package/dist/state/build-assets.test.js +106 -0
  284. package/dist/state/build-assets.test.js.map +1 -0
  285. package/dist/state/db.d.ts +65 -333
  286. package/dist/state/db.js +112 -835
  287. package/dist/state/db.js.map +1 -1
  288. package/dist/state/db.test.js +127 -91
  289. package/dist/state/db.test.js.map +1 -1
  290. package/dist/state/execution-store.d.ts +257 -0
  291. package/dist/state/execution-store.js +527 -0
  292. package/dist/state/execution-store.js.map +1 -0
  293. package/dist/state/migrate.d.ts +15 -0
  294. package/dist/state/migrate.js +175 -0
  295. package/dist/state/migrate.js.map +1 -0
  296. package/dist/state/workflow-run-store.d.ts +195 -0
  297. package/dist/state/workflow-run-store.js +363 -0
  298. package/dist/state/workflow-run-store.js.map +1 -0
  299. package/dist/state/workflow-run-store.test.d.ts +1 -0
  300. package/dist/state/workflow-run-store.test.js +264 -0
  301. package/dist/state/workflow-run-store.test.js.map +1 -0
  302. package/dist/telemetry/index.d.ts +38 -0
  303. package/dist/telemetry/index.js +253 -0
  304. package/dist/telemetry/index.js.map +1 -0
  305. package/dist/telemetry/index.test.d.ts +1 -0
  306. package/dist/telemetry/index.test.js +73 -0
  307. package/dist/telemetry/index.test.js.map +1 -0
  308. package/dist/telemetry/pi-events.d.ts +12 -0
  309. package/dist/telemetry/pi-events.js +134 -0
  310. package/dist/telemetry/pi-events.js.map +1 -0
  311. package/dist/telemetry/pi-events.test.d.ts +1 -0
  312. package/dist/telemetry/pi-events.test.js +69 -0
  313. package/dist/telemetry/pi-events.test.js.map +1 -0
  314. package/dist/workflows/dag.d.ts +13 -1
  315. package/dist/workflows/dag.js +7 -3
  316. package/dist/workflows/dag.js.map +1 -1
  317. package/dist/workflows/dag.test.js +22 -0
  318. package/dist/workflows/dag.test.js.map +1 -1
  319. package/dist/workflows/golden-build.test.d.ts +1 -0
  320. package/dist/workflows/golden-build.test.js +45 -0
  321. package/dist/workflows/golden-build.test.js.map +1 -0
  322. package/dist/workflows/loader-overlay.test.d.ts +1 -0
  323. package/dist/workflows/loader-overlay.test.js +101 -0
  324. package/dist/workflows/loader-overlay.test.js.map +1 -0
  325. package/dist/workflows/loader.d.ts +36 -11
  326. package/dist/workflows/loader.js +311 -87
  327. package/dist/workflows/loader.js.map +1 -1
  328. package/dist/workflows/loader.test.js +114 -10
  329. package/dist/workflows/loader.test.js.map +1 -1
  330. package/dist/workflows/loop-eval.js +2 -0
  331. package/dist/workflows/loop-eval.js.map +1 -1
  332. package/dist/workflows/loop-eval.test.js +14 -0
  333. package/dist/workflows/loop-eval.test.js.map +1 -1
  334. package/dist/workflows/phase-executor.d.ts +145 -0
  335. package/dist/workflows/phase-executor.js +691 -0
  336. package/dist/workflows/phase-executor.js.map +1 -0
  337. package/dist/workflows/phase-executor.test.d.ts +1 -0
  338. package/dist/workflows/phase-executor.test.js +434 -0
  339. package/dist/workflows/phase-executor.test.js.map +1 -0
  340. package/dist/workflows/phase-ref.d.ts +44 -0
  341. package/dist/workflows/phase-ref.js +78 -0
  342. package/dist/workflows/phase-ref.js.map +1 -0
  343. package/dist/workflows/phase-ref.test.d.ts +1 -0
  344. package/dist/workflows/phase-ref.test.js +24 -0
  345. package/dist/workflows/phase-ref.test.js.map +1 -0
  346. package/dist/workflows/resume.d.ts +5 -11
  347. package/dist/workflows/resume.js +88 -7
  348. package/dist/workflows/resume.js.map +1 -1
  349. package/dist/workflows/runner.d.ts +34 -27
  350. package/dist/workflows/runner.js +252 -930
  351. package/dist/workflows/runner.js.map +1 -1
  352. package/dist/workflows/runner.test.js +346 -35
  353. package/dist/workflows/runner.test.js.map +1 -1
  354. package/dist/workflows/schema.d.ts +52 -10
  355. package/dist/workflows/schema.js +147 -7
  356. package/dist/workflows/schema.js.map +1 -1
  357. package/dist/workflows/simple.d.ts +67 -3
  358. package/dist/workflows/simple.js +248 -87
  359. package/dist/workflows/simple.js.map +1 -1
  360. package/dist/workflows/simple.test.d.ts +1 -0
  361. package/dist/workflows/simple.test.js +107 -0
  362. package/dist/workflows/simple.test.js.map +1 -0
  363. package/dist/workflows/templates.d.ts +29 -0
  364. package/dist/workflows/templates.js +42 -4
  365. package/dist/workflows/templates.js.map +1 -1
  366. package/dist/workflows/templates.test.js +103 -0
  367. package/dist/workflows/templates.test.js.map +1 -1
  368. package/dist/workflows/triggers.d.ts +21 -0
  369. package/dist/workflows/triggers.js +44 -0
  370. package/dist/workflows/triggers.js.map +1 -0
  371. package/dist/workflows/verdict.d.ts +19 -0
  372. package/dist/workflows/verdict.js +30 -0
  373. package/dist/workflows/verdict.js.map +1 -0
  374. package/dist/workflows/verdict.test.d.ts +1 -0
  375. package/dist/workflows/verdict.test.js +44 -0
  376. package/dist/workflows/verdict.test.js.map +1 -0
  377. package/dist/worktree/manager.d.ts +1 -1
  378. package/dist/worktree/manager.js +14 -14
  379. package/dist/worktree/manager.js.map +1 -1
  380. package/dist/worktree/manager.test.d.ts +1 -0
  381. package/dist/worktree/manager.test.js +87 -0
  382. package/dist/worktree/manager.test.js.map +1 -0
  383. package/docker-compose.yml +206 -5
  384. package/package.json +19 -9
  385. package/sandbox.Dockerfile +97 -18
  386. package/skills/README.md +40 -0
  387. package/skills/browser-qa/SKILL.md +193 -0
  388. package/skills/browser-qa/scripts/agent-browser.mjs +380 -0
  389. package/skills/building/SKILL.md +95 -0
  390. package/skills/chat/SKILL.md +30 -11
  391. package/skills/code-review/SKILL.md +59 -0
  392. package/skills/debug-production/SKILL.md +108 -0
  393. package/skills/demo/SKILL.md +194 -0
  394. package/skills/demo/scripts/compose-demo.sh +205 -0
  395. package/skills/issue-answer/SKILL.md +90 -0
  396. package/skills/issue-comment/SKILL.md +38 -24
  397. package/skills/issue-triage/SKILL.md +103 -37
  398. package/skills/issue-triage/references/AGENT-BRIEF.md +61 -0
  399. package/skills/pr-comment/SKILL.md +64 -0
  400. package/skills/pr-review/SKILL.md +65 -49
  401. package/skills/qa-test/SKILL.md +97 -0
  402. package/skills/repo-health/SKILL.md +48 -45
  403. package/skills/security-feedback/SKILL.md +173 -0
  404. package/skills/security-feedback/references/templates.md +77 -0
  405. package/skills/security-review/SKILL.md +213 -0
  406. package/skills/security-review/references/issue-format.md +302 -0
  407. package/skills/verify/SKILL.md +118 -0
  408. package/workflows/answer.yaml +37 -0
  409. package/workflows/build.yaml +32 -22
  410. package/workflows/cron-security.yaml +6 -0
  411. package/workflows/demo.yaml +55 -0
  412. package/workflows/explore.yaml +9 -0
  413. package/workflows/pr-comment.yaml +16 -0
  414. package/workflows/pr-fix.yaml +3 -0
  415. package/workflows/pr-review.yaml +4 -1
  416. package/workflows/prompts/answer.md +67 -0
  417. package/workflows/prompts/architect.md +24 -7
  418. package/workflows/prompts/demo.md +100 -0
  419. package/workflows/prompts/executor.md +29 -20
  420. package/workflows/prompts/explore-ask.md +51 -22
  421. package/workflows/prompts/explore-publish.md +2 -2
  422. package/workflows/prompts/explore-read.md +24 -10
  423. package/workflows/prompts/explore-synthesize.md +15 -8
  424. package/workflows/prompts/fix.md +9 -10
  425. package/workflows/prompts/guardrails.md +26 -8
  426. package/workflows/prompts/pr-fix.md +6 -7
  427. package/workflows/prompts/pr.md +11 -10
  428. package/workflows/prompts/qa-browser.md +95 -0
  429. package/workflows/prompts/qa-synth.md +44 -0
  430. package/workflows/prompts/qa-test.md +60 -0
  431. package/workflows/prompts/re-reviewer.md +8 -9
  432. package/workflows/prompts/reviewer.md +10 -9
  433. package/workflows/prompts/verify-browser.md +93 -0
  434. package/workflows/prompts/verify-synth.md +44 -0
  435. package/workflows/prompts/verify.md +63 -0
  436. package/workflows/qa-test.yaml +87 -0
  437. package/workflows/security-feedback.yaml +25 -0
  438. package/workflows/security-review.yaml +29 -0
  439. package/workflows/verify.yaml +85 -0
  440. package/deploy/mcp-config.tmpl.json +0 -14
  441. package/dist/cron/rate-limits.d.ts +0 -26
  442. package/dist/cron/rate-limits.js +0 -193
  443. package/dist/cron/rate-limits.js.map +0 -1
  444. package/dist/engine/executor.d.ts +0 -75
  445. package/dist/engine/executor.js +0 -292
  446. package/dist/engine/executor.js.map +0 -1
  447. package/mcp-github-app/package.json +0 -18
  448. package/mcp-github-app/src/auth.js +0 -66
  449. package/mcp-github-app/src/github.js +0 -371
  450. package/mcp-github-app/src/index.js +0 -534
  451. package/skills/devops/webhook-subscriptions/SKILL.md +0 -180
  452. package/skills/github/DESCRIPTION.md +0 -3
  453. package/skills/github/codebase-inspection/SKILL.md +0 -115
  454. package/skills/github/github-auth/SKILL.md +0 -54
  455. package/skills/github/github-auth/scripts/gh-env.sh +0 -66
  456. package/skills/github/github-code-review/SKILL.md +0 -480
  457. package/skills/github/github-code-review/references/review-output-template.md +0 -74
  458. package/skills/github/github-issues/SKILL.md +0 -369
  459. package/skills/github/github-issues/templates/bug-report.md +0 -35
  460. package/skills/github/github-issues/templates/feature-request.md +0 -31
  461. package/skills/github/github-pr-workflow/SKILL.md +0 -395
  462. package/skills/github/github-pr-workflow/references/ci-troubleshooting.md +0 -183
  463. package/skills/github/github-pr-workflow/references/conventional-commits.md +0 -71
  464. package/skills/github/github-pr-workflow/templates/pr-body-bugfix.md +0 -35
  465. package/skills/github/github-pr-workflow/templates/pr-body-feature.md +0 -33
  466. package/skills/github/github-repo-management/SKILL.md +0 -515
  467. package/skills/github/github-repo-management/references/github-api-cheatsheet.md +0 -161
  468. package/skills/github-orchestrator/SKILL.md +0 -103
  469. package/skills/mcp/DESCRIPTION.md +0 -3
  470. package/skills/mcp/mcporter/SKILL.md +0 -122
  471. package/skills/mcp/native-mcp/SKILL.md +0 -356
  472. package/skills/software-development/architect/SKILL.md +0 -154
  473. package/skills/software-development/assure-guardrails/SKILL.md +0 -239
  474. package/skills/software-development/plan/SKILL.md +0 -64
  475. package/skills/software-development/requesting-code-review/SKILL.md +0 -291
  476. package/skills/software-development/subagent-driven-development/SKILL.md +0 -433
  477. package/skills/software-development/systematic-debugging/SKILL.md +0 -366
  478. package/skills/software-development/test-driven-development/SKILL.md +0 -342
@@ -1,54 +1,120 @@
1
1
  ---
2
2
  name: issue-triage
3
- description: Triage GitHub issues — label, deduplicate, request info, and manage stale issues
3
+ description: Triage GitHub issues through the canonical state machine classify, label, deduplicate, request missing info, write agent briefs, and manage stale issues. Use on demand or on a triage cron.
4
4
  version: 2.0.0
5
5
  tags: [github, issues, triage]
6
6
  ---
7
7
 
8
- # Issue Triage Skill
8
+ # Issue Triage
9
9
 
10
- ## When to Use
11
- When asked to triage issues, or on a scheduled basis to process new/stale issues.
10
+ Move each issue through a small **state machine**. Every triaged issue carries
11
+ exactly **one category role and one state role**:
12
12
 
13
- ## Procedure
13
+ - **Category:** `bug` (something is broken) · `enhancement` (new feature or improvement)
14
+ - **State:** `needs-triage` (awaiting evaluation) · `needs-info` (waiting on the
15
+ reporter) · `ready-for-agent` (fully specified, an AFK agent can take it) ·
16
+ `ready-for-human` (needs human implementation) · `wontfix` (won't be actioned)
14
17
 
15
- ### For new issues (no labels yet):
18
+ These are canonical role names; the actual label strings for a repo may differ —
19
+ `docs/agents/triage-labels.md` holds the mapping when present. Run **autonomously**:
20
+ there is no maintainer to ask mid-run. Where you'd want direction, either make
21
+ the call and apply the label, or post a comment and stop — the async comment *is*
22
+ the conversation.
16
23
 
17
- 1. **Read the issue** carefully — title, body, and any linked PRs or issues
18
- 2. **Classify** the issue type:
19
- - Bug report → label `bug` + priority label
20
- - Feature request → label `enhancement`
21
- - Question → label `question`
22
- - Documentation → label `documentation`
23
- 3. **Check for duplicates** by searching existing issues with similar keywords
24
- - If duplicate found: comment linking to the original, add `duplicate` label, close
25
- 4. **Assess completeness**:
26
- - Bug without reproduction steps → add `needs-info`, comment asking for steps
27
- - Feature without use case → add `needs-info`, comment asking for context
28
- 5. **Set priority** based on severity and impact:
29
- - `p0-critical`: Security, data loss, service down
30
- - `p1-high`: Major feature broken, affects many users
31
- - `p2-medium`: Minor feature broken, workaround exists
32
- - `p3-low`: Cosmetic, edge case, nice-to-have
33
- 6. **Add helpful labels**: `good first issue` for simple fixes, `help wanted` for community
24
+ ## 0. Ensure the labels exist
34
25
 
35
- ### For stale issues:
26
+ Before applying any label, create the canonical set idempotently with
27
+ `github_create_label` (ignore 422 "already exists"):
36
28
 
37
- 1. **Find issues** labeled `needs-info` with no activity for 14+ days
38
- 2. **Check existing comments** before acting — use `list_issue_comments` to see if the bot has already posted a stale reminder. Look for comments from `last-light[bot]` that contain words like "reminder", "still need", or "closing". **Do NOT post a duplicate reminder.**
39
- 3. **If no bot reminder exists yet**: post a gentle reminder asking if they still need help
40
- 4. **If a bot reminder already exists** and 30+ days have passed with no response since: close with a kind message explaining why, and note they can reopen
41
- 5. **If a bot reminder already exists** and it's been less than 30 days: skip — do nothing
29
+ | Label | Color | Role |
30
+ |-------|-------|------|
31
+ | `bug` | `d73a4a` | category |
32
+ | `enhancement` | `a2eeef` | category |
33
+ | `needs-triage` | `ededed` | state |
34
+ | `needs-info` | `fbca04` | state |
35
+ | `ready-for-agent` | `0e8a16` | state |
36
+ | `ready-for-human` | `1d76db` | state |
37
+ | `wontfix` | `ffffff` | state |
38
+ | `duplicate` | `cfd3d7` | dedupe |
39
+ | `question` | `d876e3` | question |
42
40
 
43
- ## Tool Usage
41
+ If label creation is denied (the token lacks the permission), fall back to using
42
+ only the labels that already exist on the repo and skip the rest. Done when the
43
+ labels you need are present or you've confirmed you can't create them.
44
44
 
45
- **Always use MCP tools** (`mcp_github_*`) for all GitHub operations — listing issues, adding labels, posting comments, closing issues. Never use `gh` CLI, `curl`, or raw HTTP requests. The MCP server handles authentication.
45
+ ## 1. Triage a specific issue
46
+
47
+ 1. **Gather context.** Read the full issue — title, body, comments, existing
48
+ labels, author, dates. Search existing issues for **duplicates** by concept
49
+ (not just keyword). If a `.out-of-scope/` directory exists, read it and note
50
+ any prior rejection this resembles. Done when you know the issue's intent and
51
+ whether it's novel.
52
+ 2. **Classify the category** — `bug` or `enhancement`. But first, check whether
53
+ the issue is a **question** at all (see below) — questions are neither.
54
+ 3. **Decide the state and act** (exactly one applies):
55
+ - **Question** (asks for information, an explanation, or a comparison — wants
56
+ an answer, not a code change) → add `question` and **stop**. Do **not**
57
+ write an agent brief or mark it `ready-for-agent`/`ready-for-human` — a
58
+ pure question is not work. (The router normally sends these to the answer
59
+ path before triage runs; this is the safety net for ones that slip
60
+ through, e.g. reopened issues. If you can answer it briefly and factually
61
+ from the repo itself, do so in one short comment; otherwise just label it
62
+ and leave it for the answer path or a human.)
63
+ - **Duplicate** → comment linking the original, add `duplicate`, close.
64
+ - **Already implemented** → comment pointing to where it lives, add `wontfix`,
65
+ close. (Factual — safe to close autonomously.)
66
+ - **Under-specified** (bug without repro, feature without a use case) → add
67
+ `needs-info`, post the [needs-info template](#needs-info-template), stop.
68
+ - **Fully specified and delegatable** → add `ready-for-agent`, post an agent
69
+ brief ([references/AGENT-BRIEF.md](references/AGENT-BRIEF.md)).
70
+ - **Needs human implementation** (judgment calls, external access, design
71
+ decisions, manual testing) → add `ready-for-human` with a brief noting why
72
+ it can't be delegated.
73
+ - **Looks out of scope** (an enhancement you'd reject) → this is a maintainer
74
+ decision; do **not** auto-close. Add `needs-triage`, post a comment with
75
+ your reasoning (cite any matching `.out-of-scope/` file), and leave it for a
76
+ human.
77
+ 4. **Apply exactly one category + one state.** If the existing labels conflict
78
+ (two state roles), flag it in a comment and don't override — a maintainer may
79
+ have set them deliberately.
80
+
81
+ ## 2. New unlabelled issues (batch / cron)
82
+
83
+ For each issue with no triage labels yet, run §1. Default new issues that need
84
+ evaluation to `needs-triage`.
85
+
86
+ ## 3. Stale `needs-info`
87
+
88
+ 1. Find issues labelled `needs-info` with no activity for **14+ days**.
89
+ 2. **Check for a prior bot reminder** with `github_list_issue_comments` — look
90
+ for a `last-light[bot]` comment containing "reminder" / "still need" /
91
+ "closing". **Never post a duplicate reminder.**
92
+ 3. No reminder yet → post a gentle reminder asking if they still need help.
93
+ 4. Reminder exists and **30+ days** have passed with no reporter response since →
94
+ close kindly, noting they can reopen.
95
+ 5. Reminder exists, **< 30 days** since → do nothing.
96
+
97
+ ## needs-info template
98
+
99
+ ```markdown
100
+ ## Triage Notes
101
+
102
+ **What we've established so far:**
103
+ - point 1
104
+
105
+ **What we still need from you (@reporter):**
106
+ - specific, actionable question 1
107
+ ```
108
+
109
+ Questions must be specific and actionable — not "please provide more info".
110
+
111
+ ## Tool usage
112
+
113
+ GitHub operations via `github_*` MCP tools only — listing, labelling, commenting,
114
+ closing, creating labels. Never `gh` CLI, `curl`, or raw HTTP.
46
115
 
47
116
  ## Pitfalls
48
- - Don't close issues too aggressively — when in doubt, leave open
49
- - Don't change priority on issues already triaged by maintainers
50
- - Don't duplicate labels (check existing labels first)
51
117
 
52
- ## Verification
53
- - List the actions taken (labels added, comments posted, issues closed)
54
- - Confirm each action via the GitHub API response
118
+ - Don't close aggressively — when genuinely in doubt, leave it open as `needs-triage`.
119
+ - Don't change priority or state on issues a maintainer already triaged.
120
+ - Check existing labels before adding don't duplicate.
@@ -0,0 +1,61 @@
1
+ # Writing agent briefs
2
+
3
+ An agent brief is a comment posted when an issue moves to `ready-for-agent`
4
+ (or `ready-for-human`). It is the **contract** an AFK agent will build from — the
5
+ original body and discussion are context; the brief is what gets implemented.
6
+ Post it with `github_add_issue_comment`.
7
+
8
+ ## Principles
9
+
10
+ **Durable.** The issue may sit in `ready-for-agent` for weeks while the codebase
11
+ moves. Describe interfaces, types, and behavioural contracts — name specific
12
+ types, function signatures, or config shapes to look for. **Never** reference
13
+ file paths or line numbers; they go stale. Don't assume today's structure survives.
14
+
15
+ **Behavioural, not procedural.** Say *what* the system should do, not *how* to
16
+ code it — the agent explores fresh and makes its own implementation calls.
17
+ - Good: "`SkillConfig` should accept an optional `schedule: CronExpression`."
18
+ - Bad: "Add a `schedule` field in src/types/skill.ts on line 42."
19
+
20
+ **Complete acceptance criteria.** Every brief lists concrete, independently
21
+ testable criteria so the agent knows when it's done.
22
+ - Good: "`gh issue list --label needs-triage` returns issues that passed initial classification."
23
+ - Bad: "Triage should work correctly."
24
+
25
+ **Explicit scope boundaries.** State what is *out of scope* so the agent doesn't
26
+ gold-plate or wander into adjacent features.
27
+
28
+ ## Template
29
+
30
+ ```markdown
31
+ ## Agent Brief
32
+
33
+ **Category:** bug / enhancement
34
+ **Summary:** one line — what needs to happen
35
+
36
+ **Current behavior:**
37
+ What happens now. For a bug, the broken behaviour. For an enhancement, the
38
+ status quo it builds on.
39
+
40
+ **Desired behavior:**
41
+ What should happen after the work is done. Be specific about edge cases and
42
+ error conditions.
43
+
44
+ **Key interfaces:**
45
+ - `TypeName` — what changes and why
46
+ - `functionName()` — current vs intended return/behaviour
47
+ - Config shape — any new options
48
+
49
+ **Acceptance criteria:**
50
+ - [ ] Specific, testable criterion 1
51
+ - [ ] Specific, testable criterion 2
52
+
53
+ **Out of scope:**
54
+ - Thing that should NOT be changed here
55
+ - Adjacent feature that looks related but is separate
56
+ ```
57
+
58
+ ## `ready-for-human` variant
59
+
60
+ Same structure, plus a leading note on **why it can't be delegated** — judgment
61
+ calls, external access, design decisions, or manual testing the agent can't do.
@@ -0,0 +1,64 @@
1
+ ---
2
+ name: pr-comment
3
+ description: Answer a maintainer's question about an open PR with concrete, code-cited evidence. The PR-side counterpart to issue-comment — for questions tied to the diff, not a full review.
4
+ version: 2.0.0
5
+ tags: [github, pr, comments, qa]
6
+ ---
7
+
8
+ # PR Comment
9
+
10
+ A maintainer @mentioned the bot on a PR with a *question* (not a request to
11
+ write code, and not "review this"). The question is the entire job — answer it
12
+ with evidence, in one comment. Examples: "does this consider X?", "why did we
13
+ change Y?", "is the new function thread-safe?", "regression risk for existing
14
+ callers?".
15
+
16
+ For general issue questions use `issue-comment`; for a full review use
17
+ `pr-review`.
18
+
19
+ ## Procedure
20
+
21
+ ### 1. Read the PR and the question
22
+
23
+ - `github_get_pull_request` → title, body, base, head.
24
+ - The triggering question is in `context.commentBody`. Answer *that* question —
25
+ don't generalise to a review or answer a different one.
26
+
27
+ ### 2. Investigate with the diff in hand
28
+
29
+ Get the diff and read the code needed to answer well — a real answer about
30
+ thread-safety or regression risk needs the surrounding code, not just the hunk.
31
+
32
+ - **Cap: 8 file reads** per invocation.
33
+ - "Does it consider X?" → also check whether tests in the diff cover X.
34
+ - "Regression risk?" → find callers of any function whose signature/behaviour
35
+ changed (`github_search_code`).
36
+ - Don't clone the repo unless a single answer genuinely needs cross-file traces
37
+ no MCP tool can give — most don't. If it truly needs a full audit, say so and
38
+ recommend `@last-light` (which routes to `pr-review`) rather than blowing the cap.
39
+
40
+ ### 3. Reply with one comment
41
+
42
+ `github_add_issue_comment` (PRs accept issue comments here). Keep it tight:
43
+
44
+ - **Lead with the answer** — yes / no / it depends. Don't bury it.
45
+ - **Cite `path:line`** — clickable in the GitHub UI.
46
+ - 3–8 sentences or a short bulleted list. No headings.
47
+ - If it's unanswerable from the PR alone, say so and name the specific
48
+ information you'd need.
49
+
50
+ > Yes — `src/foo.ts:42` checks `X` before calling `bar()`, and
51
+ > `tests/foo.test.ts:118` asserts the rejection path. The only place X isn't
52
+ > validated is the legacy `barLegacy` (`src/foo.ts:67`), which this PR doesn't
53
+ > touch — worth a separate issue if you want it covered.
54
+
55
+ ## Do not
56
+
57
+ - Post a formal review (`github_create_pull_request_review`) — that's
58
+ `pr-review`'s job and would collide with its blocking check.
59
+ - Modify code, push, or add labels. One comment, nothing else.
60
+ - Answer a tangent you noticed — note it in at most one trailing sentence.
61
+
62
+ ## Tool usage
63
+
64
+ GitHub operations via `github_*` MCP tools only — never `gh` CLI, `curl`, or raw HTTP.
@@ -1,74 +1,90 @@
1
1
  ---
2
2
  name: pr-review
3
- description: Review a GitHub pull request with structured feedback following project guidelines
4
- version: 2.0.0
3
+ description: Review a GitHub pull request and post one formal review — advance the existing discussion, verify by building, and give tiered feedback. Use when asked to review a PR or on a cron PR scan.
4
+ version: 3.0.0
5
5
  tags: [github, review, code-quality]
6
6
  ---
7
7
 
8
- # PR Review Skill
8
+ # PR Review
9
9
 
10
- ## When to Use
11
- When asked to review a pull request, or when triggered by a webhook/cron to check for unreviewed PRs.
10
+ Review an open PR and post **one formal review**. Build and test the change for
11
+ real static reasoning alone is not a review of correctness.
12
12
 
13
- ## Procedure
13
+ This skill is the PR-specific procedure. It uses two shared skills: the
14
+ **building** skill for installing and running the test/lint/typecheck gate, and
15
+ the **code-review** skill for the finding tiers and what-to-check rubric.
16
+
17
+ ## Workspace
14
18
 
15
- ### 0. Check if already reviewed
19
+ The harness pre-clones the PR's head ref into a `<repo>/` **subdirectory** of
20
+ your cwd (the cwd holds `AGENTS.md`; the repo is one level deeper). `ls -la` —
21
+ if you see `<repo>/.git/`, `cd <repo>` and use git directly. To refresh:
22
+ `git fetch origin <branch> --depth 50 && git reset --hard FETCH_HEAD`. If the
23
+ pre-clone is missing, `git clone https://github.com/{{owner}}/{{repo}}.git {{repo}}`.
16
24
 
17
- Before reviewing, **always check if the bot has already reviewed this PR**:
18
- 1. Use `list_pull_request_files` to get the PR head SHA
19
- 2. Use `get_pull_request` to check existing reviews
20
- 3. Look for reviews from `last-light[bot]` — if one exists on the current head SHA, **skip this PR**. Do NOT post a duplicate review.
21
- 4. If the PR has new commits since the last bot review, a re-review is appropriate.
25
+ **Read code from this local checkout, never the API.** Use `git`/`read`/`grep`
26
+ on disk for the diff and file contents. Do **not** call
27
+ `github_get_pull_request_diff`, `github_list_pull_request_files`, or
28
+ `github_get_file_contents` — the API patch is a large redundant payload that
29
+ re-bloats context every turn. The `github_*` tools are for *API* operations only
30
+ (metadata, comments, posting the review).
22
31
 
23
- ### 1. Fetch PR metadata
32
+ ## Procedure
24
33
 
25
- Using MCP tools:
26
- - Get the PR title, description, author, labels, and linked issues
27
- - Get the list of changed files and the diff
28
- - Skip PRs authored by `last-light[bot]` (self-review)
34
+ ### 1. Confirm the target
29
35
 
30
- ### 2. Analyze the changes
36
+ If `prNumber` (or `issueNumber`) is set in the Context block, **that is your
37
+ target** — go straight to `github_get_pull_request` with it. Do **not** call
38
+ `github_list_pull_requests` to "find" or "confirm" it; you were handed it, and
39
+ listing dumps a large payload for nothing. Only when no PR is given (a repo-wide
40
+ `mode: scan`) do you list open PRs and pick the most recent unreviewed one.
31
41
 
32
- - Read each changed file in context (not just the diff)
33
- - Check against the review guidelines in your agent context
34
- - Note the PR size (files changed, lines added/removed)
42
+ **Stop conditions** (check before reviewing):
43
+ - PR authored by `last-light[bot]` skip. Never self-review.
44
+ - `merged === true` stop. This skill reviews open PRs only.
45
+ - A `last-light[bot]` review already exists on the **current head SHA** → stop;
46
+ don't post a duplicate. (A re-review is fine once new commits land.)
35
47
 
36
- **For complex PRs** (>300 lines changed OR >5 files changed):
37
- - Clone the repo locally and read changed files in FULL context
38
- - Trace data flow through modified functions
39
- - Check callers of modified functions for regression risk
40
- - Check if tests cover actual risk areas, not just happy paths
48
+ ### 2. Read the prior discussion
41
49
 
42
- ### 3. Categorize findings
50
+ A review advances the conversation, don't restart it. Fetch and absorb:
51
+ `github_list_pull_request_reviews`, `github_list_issue_comments`,
52
+ `github_list_pull_request_review_comments`. Done when you can say: which findings
53
+ were already raised (don't repeat them), which threads the author resolved
54
+ (treat as done unless the fix is wrong), which are still open (surface those —
55
+ higher signal than a fresh nit), and whether a human already approved.
43
56
 
44
- - **Critical**: Security issues, data loss, breaking changes — block merge
45
- - **Important**: Missing tests, perf issues, type errors — should fix
46
- - **Suggestions**: Clarity, naming, DRY opportunities — nice to have
47
- - **Nits**: Style, formatting — optional
57
+ ### 3. Get the diff
48
58
 
49
- ### 4. Write the review comment
59
+ From inside `<repo>/`:
60
+ ```
61
+ git fetch origin <baseRef> --depth 50 # base isn't in the head-only clone
62
+ git diff --stat origin/<baseRef>...HEAD # churn
63
+ git diff origin/<baseRef>...HEAD # the patch
64
+ ```
50
65
 
51
- - 1-2 sentence summary of what the PR does
52
- - Findings grouped by tier, with file:line references
53
- - Inline code suggestions where helpful
54
- - For complex PRs: impact analysis (affected code paths, regression risks)
55
- - Overall assessment: approve, request changes, or comment
56
- - Thank the contributor
66
+ ### 4. Verify by building
57
67
 
58
- ### 5. Submit the review
68
+ Follow the **building** skill: install dependencies (install-first), then run the
69
+ project's build and tests, and cite the real output in your findings. Any PR that
70
+ touches code must be built and tested. The one exception is a pure style/docs PR,
71
+ where building to nitpick formatting is wasted effort — skip it and say so.
59
72
 
60
- Use `create_pull_request_review` MCP tool. Do NOT post as a regular comment.
73
+ ### 5. Assess and submit
61
74
 
62
- ## Tool Usage
75
+ Apply the **code-review** skill's rubric — read each changed file in context,
76
+ check correctness/edge-cases/security/regression-risk/test-coverage, and
77
+ categorise findings into the tiers. Then write the review:
63
78
 
64
- **Always use MCP tools** for all GitHub operations. Never use `gh` CLI, `curl`, or raw HTTP requests.
79
+ - One or two sentences on what the PR does.
80
+ - Findings grouped by tier, each with a `path:line` reference and an inline code
81
+ suggestion where it helps.
82
+ - For a complex PR, an impact note (affected paths, regression risks).
83
+ - An overall assessment, and thanks to the contributor.
65
84
 
66
- ## Pitfalls
67
- - **Never review the same PR twice** at the same commit — always check first
68
- - Don't nitpick generated files (lock files, compiled assets)
69
- - Don't repeat what linters/CI already catch
70
- - Don't block PRs over style preferences alone
71
- - Skip PRs authored by the bot itself
85
+ Submit with `github_create_pull_request_review` (a **formal** review, not a plain
86
+ issue comment), event `APPROVE` / `REQUEST_CHANGES` / `COMMENT` to match.
72
87
 
73
88
  ## Verification
74
- - Confirm the review was posted by checking the PR reviews list
89
+
90
+ Confirm the review posted by checking the PR's reviews list.
@@ -0,0 +1,97 @@
1
+ ---
2
+ name: qa-test
3
+ description: Run an automated QA flow against a CLI or a locally-served app and report step-level pass/fail with evidence. Use when asked to QA-test a feature, exercise a flow end-to-end, or smoke-test what a PR changed.
4
+ version: 1.0.0
5
+ tags: [github, qa, testing, evidence]
6
+ ---
7
+
8
+ # QA Test
9
+
10
+ Drive a target through a sequence of steps and report **step-level pass/fail**
11
+ with evidence for each step. The deliverable is a QA report, not a single
12
+ verdict — partial coverage with documented failures is the expected output.
13
+
14
+ This skill uses the **building** skill for installing dependencies and running
15
+ the repo's build/run commands in the sandbox.
16
+
17
+ > **Scope (text-evidence path).** In the default text phase the sandbox agent
18
+ > has bash, file read, and the github tools — no browser, no screenshots. QA a
19
+ > **CLI** directly, or a **web service** by starting its dev-server in the
20
+ > background and exercising it with `curl` (status codes, response bodies,
21
+ > headers). Capture stdout/stderr, exit codes, and log excerpts as per-step
22
+ > evidence. Driving a real browser UI and attaching screenshots is the separate
23
+ > `browser-qa` skill, staged only in the gated browser phase running on the
24
+ > docker QA image (Playwright + Chromium). If that skill isn't in your
25
+ > catalogue, mark a step that genuinely needs rendered-UI interaction
26
+ > **BLOCKED** with the reason rather than faking a result — the browser phase
27
+ > will pick it up when available.
28
+
29
+ ## Parse the target
30
+
31
+ The Context block gives you what to test and (usually) a PR/issue. The target
32
+ may be:
33
+
34
+ - A **CLI command** (`my-cli --flag`, a subcommand) → run it directly.
35
+ - A **local web service** (an app the repo serves on a port) → start it, hit it
36
+ with `curl`.
37
+ - A **PR reference + focus area** → read the diff and infer the flow that
38
+ exercises what changed.
39
+ - A **free-text flow** ("create a project, then list it") → infer concrete steps.
40
+
41
+ When a PR/issue is given, read its description + diff (from the local checkout —
42
+ see the **building** skill) to decide what's worth testing.
43
+
44
+ ## Define the steps
45
+
46
+ If the request specifies steps, use them. Otherwise design a reasonable flow:
47
+
48
+ - **CLI**: invoke with valid input → assert output/exit code → invoke an edge
49
+ case (bad flag, missing arg) → assert it's handled → done.
50
+ - **Web service**: start the server → wait until it's ready → hit the primary
51
+ endpoint(s) → assert status + body → hit an error case → assert handling →
52
+ stop the server.
53
+
54
+ State the steps and their success criteria before running. If the flow or the
55
+ success criteria are genuinely ambiguous and you can't infer them from the diff,
56
+ say what's unclear in the report rather than inventing a pass.
57
+
58
+ ## Run each step
59
+
60
+ Follow the **building** skill to install and build first. Then run each step in
61
+ order, capturing evidence (command + stdout/stderr + exit code) at every step.
62
+
63
+ - **Record each step's result as you go** — PASS, FAIL, or BLOCKED.
64
+ - **On failure, continue to the next step** for maximum coverage — *unless* the
65
+ failure blocks everything downstream (e.g. the server never starts, or a login
66
+ step fails). If it's a hard blocker, record it, mark the rest BLOCKED, and stop.
67
+ - Treat a wrong result as a real finding, not your mistake. Don't edit the code
68
+ under test to make a step pass.
69
+
70
+ ## Report
71
+
72
+ Produce your report as your **final message** in this shape — the workflow posts
73
+ it for you (don't `github_add_issue_comment` yourself; that would double-post).
74
+ **Keep it concise**: a one-line environment summary, the results table (terse
75
+ Evidence cells), the failures, and a short coverage note — not a step-by-step
76
+ narration.
77
+
78
+ ```
79
+ ## QA Test: <target>
80
+
81
+ **Environment:** <branch / commit, package manager, how the app was run>
82
+
83
+ ### Results
84
+ | Step | Status | Evidence |
85
+ |------|--------|----------|
86
+ | <step description> | PASS / FAIL / BLOCKED | <command + key output / exit code> |
87
+
88
+ ### Issues found
89
+ - <each FAIL with the expected vs observed behaviour and the evidence>
90
+
91
+ ### Coverage
92
+ <what was tested, and what was not tested and why (e.g. a UI-only step that the
93
+ text-evidence sandbox can't drive).>
94
+ ```
95
+
96
+ Every defined step must have a row and a result. Never report a flow as
97
+ "passed" with steps you didn't actually run — list them as untested instead.
@@ -1,64 +1,67 @@
1
1
  ---
2
2
  name: repo-health
3
- description: Generate a health report for a GitHub repository — open issues, PR backlog, CI status
4
- version: 1.0.0
5
- metadata:
6
- hermes:
7
- tags: [github, monitoring, reporting]
8
- category: maintenance
9
- requires_toolsets: [terminal]
3
+ description: Generate a health report for a GitHub repository — open-issue and PR backlog, unreviewed PRs, stale needs-info, failing CI, and the resulting action items. Use for a status report or on a weekly cron.
4
+ version: 2.0.0
5
+ tags: [github, monitoring, reporting]
10
6
  ---
11
7
 
12
- # Repository Health Check Skill
8
+ # Repo Health
13
9
 
14
- ## When to Use
15
- When asked for a repo status report, or on a weekly cron schedule.
10
+ Produce a point-in-time health snapshot of a repo and the action items it
11
+ implies. One report per run.
16
12
 
17
13
  ## Procedure
18
14
 
19
- 1. **Gather metrics** for the target repository:
20
- - Open issue count, broken down by label/priority
21
- - Open PR count, and how long each has been open
22
- - PRs awaiting review (no reviews yet)
23
- - Issues labeled `needs-info` with no response
24
- - Recently closed issues and merged PRs (last 7 days)
15
+ ### 1. Gather metrics
25
16
 
26
- 2. **Identify action items**:
27
- - PRs open > 7 days with no review
28
- - Issues labeled `p0-critical` or `p1-high` still open
29
- - Stale `needs-info` issues (14+ days)
30
- - PRs with failing CI
17
+ Pull these via `github_*` MCP tools. Done when each number below is filled.
31
18
 
32
- 3. **Generate a summary report** in markdown:
33
- ```
34
- ## Repo Health: owner/repo YYYY-MM-DD
19
+ - **Open issues** — total, and a breakdown by the repo's own priority/severity
20
+ labels *if it uses any* (don't assume a fixed scheme).
21
+ - **Open PRs**total, and how long each has been open. Exclude drafts from any
22
+ "awaiting review" count.
23
+ - **Unreviewed PRs** — open, non-draft, no reviews yet.
24
+ - **Stale `needs-info`** — issues labelled `needs-info` with no activity for 14+ days.
25
+ - **Recent throughput** — issues closed and PRs merged in the last 7 days.
35
26
 
36
- ### Overview
37
- - Open issues: X (Y critical, Z high)
38
- - Open PRs: X (Y awaiting review)
39
- - Merged this week: X PRs
40
- - Closed this week: X issues
27
+ Batch requests and don't fetch full history — rate limits bite on large repos.
41
28
 
42
- ### Action Items
43
- - [ ] PR #123 — open 12 days, no review
44
- - [ ] Issue #456 — p0-critical, open 3 days
45
- - [ ] Issue #789 — needs-info, stale 21 days
29
+ ### 2. Derive action items
46
30
 
47
- ### Trends
48
- - Issue velocity: +X opened, -Y closed (net: ±Z)
49
- ```
31
+ Each is a checkbox line with the number and the reason:
50
32
 
51
- 4. **Deliver the report**:
52
- - In interactive mode: display directly
53
- - In gateway mode: send to the configured channel
33
+ - PRs open > 7 days with no review.
34
+ - High-priority issues still open (by whatever priority labels the repo uses).
35
+ - `ready-for-agent` issues sitting unactioned (agent backlog).
36
+ - Stale `needs-info` (14+ days).
37
+ - PRs with failing CI.
54
38
 
55
- ## Tool Usage
39
+ ### 3. Render the report
56
40
 
57
- **Always use MCP tools** (`mcp_github_*`) for all GitHub operations — listing issues, PRs, commits, labels. Never use `gh` CLI, `curl`, or raw HTTP requests. The MCP server handles authentication.
41
+ ```markdown
42
+ ## Repo Health: {owner}/{repo} — {YYYY-MM-DD}
58
43
 
59
- ## Pitfalls
60
- - Don't include draft PRs in the "awaiting review" count
61
- - API rate limits: batch requests, don't fetch full history unnecessarily
44
+ ### Overview
45
+ - Open issues: {X} ({breakdown by the repo's priority labels, if any})
46
+ - Open PRs: {X} ({Y} awaiting review)
47
+ - Merged this week: {X} PRs · Closed this week: {X} issues
48
+
49
+ ### Action items
50
+ - [ ] PR #123 — open 12 days, no review
51
+ - [ ] Issue #456 — high priority, open 3 days
52
+ - [ ] Issue #789 — needs-info, stale 21 days
53
+
54
+ ### Trends
55
+ - Issue velocity: +{X} opened, −{Y} closed (net {±Z})
56
+ ```
57
+
58
+ Omit a section that has nothing in it rather than printing "none".
59
+
60
+ ### 4. Deliver
61
+
62
+ Output the report as the final response. The harness routes it (direct display
63
+ interactively, or to the configured channel on a cron run).
62
64
 
63
65
  ## Verification
64
- - Spot-check 2-3 numbers against the GitHub web UI
66
+
67
+ Spot-check 2–3 of the reported numbers against the GitHub UI before delivering.