mindforge-cc 11.5.1 → 11.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (214) hide show
  1. package/.agent/mindforge/skill-tdd.md +53 -0
  2. package/.agent/mindforge/skills-index.md +118 -0
  3. package/.agent/mindforge/systematic-debug.md +60 -0
  4. package/.agent/mindforge/wf-catalog.md +37 -0
  5. package/.agent/mindforge/wf-code-audit.md +31 -0
  6. package/.agent/mindforge/wf-competitive-analysis.md +31 -0
  7. package/.agent/mindforge/wf-deep-research.md +32 -0
  8. package/.agent/mindforge/wf-feature-planner.md +31 -0
  9. package/.agent/mindforge/wf-incident-response.md +31 -0
  10. package/.agent/mindforge/wf-onboard-codebase.md +31 -0
  11. package/.agent/mindforge/wf-perf-optimize.md +31 -0
  12. package/.agent/mindforge/wf-pr-review.md +31 -0
  13. package/.agent/mindforge/wf-refactor-plan.md +31 -0
  14. package/.agent/mindforge/wf-release-prep.md +31 -0
  15. package/.agent/mindforge/wf-tdd-sprint.md +31 -0
  16. package/.agent/mindforge/wf-tech-evaluation.md +31 -0
  17. package/.agent/skills/1password-skill/SKILL.md +156 -0
  18. package/.agent/skills/1password-skill/references/cli-examples.md +31 -0
  19. package/.agent/skills/1password-skill/references/get-started.md +21 -0
  20. package/.agent/skills/article-illustrator/SKILL.md +199 -0
  21. package/.agent/skills/article-illustrator/references/prompt-construction.md +426 -0
  22. package/.agent/skills/article-illustrator/references/style-presets.md +80 -0
  23. package/.agent/skills/article-illustrator/references/styles.md +224 -0
  24. package/.agent/skills/article-illustrator/references/usage.md +50 -0
  25. package/.agent/skills/article-illustrator/references/workflow.md +332 -0
  26. package/.agent/skills/arxiv/SKILL.md +275 -0
  27. package/.agent/skills/blogwatcher/SKILL.md +130 -0
  28. package/.agent/skills/code-wiki/SKILL.md +438 -0
  29. package/.agent/skills/code-wiki/templates/README.md +31 -0
  30. package/.agent/skills/code-wiki/templates/architecture.md +30 -0
  31. package/.agent/skills/code-wiki/templates/getting-started.md +47 -0
  32. package/.agent/skills/code-wiki/templates/module.md +38 -0
  33. package/.agent/skills/codebase-inspection/SKILL.md +109 -0
  34. package/.agent/skills/comic-creator/SKILL.md +240 -0
  35. package/.agent/skills/comic-creator/references/analysis-framework.md +176 -0
  36. package/.agent/skills/comic-creator/references/auto-selection.md +71 -0
  37. package/.agent/skills/comic-creator/references/base-prompt.md +98 -0
  38. package/.agent/skills/comic-creator/references/character-template.md +180 -0
  39. package/.agent/skills/comic-creator/references/ohmsha-guide.md +85 -0
  40. package/.agent/skills/comic-creator/references/partial-workflows.md +106 -0
  41. package/.agent/skills/comic-creator/references/storyboard-template.md +143 -0
  42. package/.agent/skills/comic-creator/references/workflow.md +401 -0
  43. package/.agent/skills/concept-diagrams/SKILL.md +355 -0
  44. package/.agent/skills/concept-diagrams/references/dashboard-patterns.md +43 -0
  45. package/.agent/skills/concept-diagrams/references/infrastructure-patterns.md +144 -0
  46. package/.agent/skills/concept-diagrams/references/physical-shape-cookbook.md +42 -0
  47. package/.agent/skills/creative-ideation/SKILL.md +144 -0
  48. package/.agent/skills/creative-ideation/references/full-prompt-library.md +110 -0
  49. package/.agent/skills/devops-cli/SKILL.md +149 -0
  50. package/.agent/skills/devops-cli/references/app-discovery.md +112 -0
  51. package/.agent/skills/devops-cli/references/authentication.md +59 -0
  52. package/.agent/skills/devops-cli/references/cli-reference.md +104 -0
  53. package/.agent/skills/devops-cli/references/running-apps.md +171 -0
  54. package/.agent/skills/devops-watchers/SKILL.md +103 -0
  55. package/.agent/skills/docker-management/SKILL.md +273 -0
  56. package/.agent/skills/domain-intel/SKILL.md +96 -0
  57. package/.agent/skills/duckduckgo-search/SKILL.md +230 -0
  58. package/.agent/skills/github-auth/SKILL.md +240 -0
  59. package/.agent/skills/github-code-review/SKILL.md +474 -0
  60. package/.agent/skills/github-code-review/references/review-output-template.md +74 -0
  61. package/.agent/skills/github-issues/SKILL.md +363 -0
  62. package/.agent/skills/github-issues/templates/bug-report.md +35 -0
  63. package/.agent/skills/github-issues/templates/feature-request.md +31 -0
  64. package/.agent/skills/github-pr-workflow/SKILL.md +360 -0
  65. package/.agent/skills/github-pr-workflow/references/ci-troubleshooting.md +183 -0
  66. package/.agent/skills/github-pr-workflow/references/conventional-commits.md +71 -0
  67. package/.agent/skills/github-pr-workflow/templates/pr-body-bugfix.md +35 -0
  68. package/.agent/skills/github-pr-workflow/templates/pr-body-feature.md +33 -0
  69. package/.agent/skills/github-repo-management/SKILL.md +509 -0
  70. package/.agent/skills/github-repo-management/references/github-api-cheatsheet.md +161 -0
  71. package/.agent/skills/godmode/SKILL.md +396 -0
  72. package/.agent/skills/godmode/references/jailbreak-templates.md +128 -0
  73. package/.agent/skills/godmode/references/refusal-detection.md +142 -0
  74. package/.agent/skills/hyperframes/SKILL.md +182 -0
  75. package/.agent/skills/hyperframes/references/cli.md +185 -0
  76. package/.agent/skills/hyperframes/references/composition.md +129 -0
  77. package/.agent/skills/hyperframes/references/features.md +289 -0
  78. package/.agent/skills/hyperframes/references/gsap.md +136 -0
  79. package/.agent/skills/hyperframes/references/troubleshooting.md +137 -0
  80. package/.agent/skills/hyperframes/references/website-to-video.md +145 -0
  81. package/.agent/skills/jupyter-live-kernel/SKILL.md +160 -0
  82. package/.agent/skills/kanban-orchestrator/SKILL.md +209 -0
  83. package/.agent/skills/kanban-worker/SKILL.md +188 -0
  84. package/.agent/skills/llm-wiki/SKILL.md +499 -0
  85. package/.agent/skills/meme-generation/SKILL.md +122 -0
  86. package/.agent/skills/node-inspect-debugger/SKILL.md +312 -0
  87. package/.agent/skills/obsidian/SKILL.md +60 -0
  88. package/.agent/skills/osint-investigation/SKILL.md +269 -0
  89. package/.agent/skills/osint-investigation/templates/source-template.md +59 -0
  90. package/.agent/skills/oss-forensics/SKILL.md +422 -0
  91. package/.agent/skills/oss-forensics/references/evidence-types.md +89 -0
  92. package/.agent/skills/oss-forensics/references/github-archive-guide.md +184 -0
  93. package/.agent/skills/oss-forensics/references/investigation-templates.md +131 -0
  94. package/.agent/skills/oss-forensics/references/recovery-techniques.md +164 -0
  95. package/.agent/skills/oss-forensics/templates/forensic-report.md +151 -0
  96. package/.agent/skills/oss-forensics/templates/malicious-package-report.md +43 -0
  97. package/.agent/skills/parallel-cli/SKILL.md +384 -0
  98. package/.agent/skills/pinggy-tunnel/SKILL.md +302 -0
  99. package/.agent/skills/pixel-art/SKILL.md +209 -0
  100. package/.agent/skills/pixel-art/references/palettes.md +49 -0
  101. package/.agent/skills/plan/SKILL.md +331 -0
  102. package/.agent/skills/polymarket/SKILL.md +75 -0
  103. package/.agent/skills/polymarket/references/api-endpoints.md +220 -0
  104. package/.agent/skills/python-debugpy/SKILL.md +368 -0
  105. package/.agent/skills/requesting-code-review/SKILL.md +273 -0
  106. package/.agent/skills/research-paper-writing/SKILL.md +2367 -0
  107. package/.agent/skills/research-paper-writing/references/autoreason-methodology.md +394 -0
  108. package/.agent/skills/research-paper-writing/references/checklists.md +434 -0
  109. package/.agent/skills/research-paper-writing/references/citation-workflow.md +563 -0
  110. package/.agent/skills/research-paper-writing/references/experiment-patterns.md +728 -0
  111. package/.agent/skills/research-paper-writing/references/human-evaluation.md +476 -0
  112. package/.agent/skills/research-paper-writing/references/paper-types.md +481 -0
  113. package/.agent/skills/research-paper-writing/references/reviewer-guidelines.md +433 -0
  114. package/.agent/skills/research-paper-writing/references/sources.md +191 -0
  115. package/.agent/skills/research-paper-writing/references/writing-guide.md +474 -0
  116. package/.agent/skills/research-paper-writing/templates/README.md +251 -0
  117. package/.agent/skills/rest-graphql-debug/SKILL.md +507 -0
  118. package/.agent/skills/s6-container-supervision/SKILL.md +171 -0
  119. package/.agent/skills/scrapling/SKILL.md +328 -0
  120. package/.agent/skills/sherlock/SKILL.md +186 -0
  121. package/.agent/skills/simplify-code/SKILL.md +168 -0
  122. package/.agent/skills/skill-authoring/SKILL.md +158 -0
  123. package/.agent/skills/spike/SKILL.md +190 -0
  124. package/.agent/skills/subagent-driven-development/SKILL.md +345 -0
  125. package/.agent/skills/subagent-driven-development/references/context-budget-discipline.md +53 -0
  126. package/.agent/skills/subagent-driven-development/references/gates-taxonomy.md +93 -0
  127. package/.agent/skills/systematic-debugging/SKILL.md +360 -0
  128. package/.agent/skills/test-driven-development/SKILL.md +336 -0
  129. package/.agent/skills/video-orchestrator/SKILL.md +194 -0
  130. package/.agent/skills/video-orchestrator/references/examples.md +227 -0
  131. package/.agent/skills/video-orchestrator/references/intake.md +166 -0
  132. package/.agent/skills/video-orchestrator/references/kanban-setup.md +278 -0
  133. package/.agent/skills/video-orchestrator/references/monitoring.md +180 -0
  134. package/.agent/skills/video-orchestrator/references/role-archetypes.md +298 -0
  135. package/.agent/skills/video-orchestrator/references/tool-matrix.md +317 -0
  136. package/.agent/skills/web-pentest/SKILL.md +332 -0
  137. package/.agent/skills/web-pentest/references/bypass-techniques.md +133 -0
  138. package/.agent/skills/web-pentest/references/exploitation-techniques.md +204 -0
  139. package/.agent/skills/web-pentest/references/scope-enforcement.md +110 -0
  140. package/.agent/skills/web-pentest/references/vuln-taxonomy.md +81 -0
  141. package/.agent/skills/web-pentest/templates/authorization.md +69 -0
  142. package/.agent/skills/web-pentest/templates/pentest-report.md +178 -0
  143. package/.claude/commands/mindforge/skill-tdd.md +53 -0
  144. package/.claude/commands/mindforge/skills-index.md +118 -0
  145. package/.claude/commands/mindforge/systematic-debug.md +60 -0
  146. package/.claude/commands/mindforge/wf-catalog.md +37 -0
  147. package/.claude/commands/mindforge/wf-code-audit.md +31 -0
  148. package/.claude/commands/mindforge/wf-competitive-analysis.md +31 -0
  149. package/.claude/commands/mindforge/wf-deep-research.md +32 -0
  150. package/.claude/commands/mindforge/wf-feature-planner.md +31 -0
  151. package/.claude/commands/mindforge/wf-incident-response.md +31 -0
  152. package/.claude/commands/mindforge/wf-onboard-codebase.md +31 -0
  153. package/.claude/commands/mindforge/wf-perf-optimize.md +31 -0
  154. package/.claude/commands/mindforge/wf-pr-review.md +31 -0
  155. package/.claude/commands/mindforge/wf-refactor-plan.md +31 -0
  156. package/.claude/commands/mindforge/wf-release-prep.md +31 -0
  157. package/.claude/commands/mindforge/wf-tdd-sprint.md +31 -0
  158. package/.claude/commands/mindforge/wf-tech-evaluation.md +31 -0
  159. package/.mindforge/config.json +2 -2
  160. package/.mindforge/dynamic-workflows/REGISTRY.md +65 -0
  161. package/.mindforge/dynamic-workflows/index.json +171 -0
  162. package/.mindforge/dynamic-workflows/scripts/code-audit.js +103 -0
  163. package/.mindforge/dynamic-workflows/scripts/competitive-analysis.js +85 -0
  164. package/.mindforge/dynamic-workflows/scripts/deep-research.js +151 -0
  165. package/.mindforge/dynamic-workflows/scripts/feature-planner.js +104 -0
  166. package/.mindforge/dynamic-workflows/scripts/incident-response.js +106 -0
  167. package/.mindforge/dynamic-workflows/scripts/onboard-codebase.js +102 -0
  168. package/.mindforge/dynamic-workflows/scripts/perf-optimize.js +128 -0
  169. package/.mindforge/dynamic-workflows/scripts/pr-review.js +87 -0
  170. package/.mindforge/dynamic-workflows/scripts/refactor-plan.js +121 -0
  171. package/.mindforge/dynamic-workflows/scripts/release-prep.js +102 -0
  172. package/.mindforge/dynamic-workflows/scripts/tdd-sprint.js +103 -0
  173. package/.mindforge/dynamic-workflows/scripts/tech-evaluation.js +72 -0
  174. package/.mindforge/memory/sync-manifest.json +1 -1
  175. package/.mindforge/skills/arxiv/SKILL.md +294 -0
  176. package/.mindforge/skills/blogwatcher/SKILL.md +147 -0
  177. package/.mindforge/skills/code-wiki/SKILL.md +457 -0
  178. package/.mindforge/skills/codebase-inspection/SKILL.md +126 -0
  179. package/.mindforge/skills/concept-diagrams/SKILL.md +373 -0
  180. package/.mindforge/skills/creative-ideation/SKILL.md +162 -0
  181. package/.mindforge/skills/domain-intel/SKILL.md +116 -0
  182. package/.mindforge/skills/duckduckgo-search/SKILL.md +249 -0
  183. package/.mindforge/skills/github-code-review/SKILL.md +493 -0
  184. package/.mindforge/skills/github-issues/SKILL.md +382 -0
  185. package/.mindforge/skills/github-pr-workflow/SKILL.md +379 -0
  186. package/.mindforge/skills/jupyter-live-kernel/SKILL.md +179 -0
  187. package/.mindforge/skills/kanban-orchestrator/SKILL.md +227 -0
  188. package/.mindforge/skills/kanban-worker/SKILL.md +206 -0
  189. package/.mindforge/skills/meme-generation/SKILL.md +141 -0
  190. package/.mindforge/skills/obsidian/SKILL.md +80 -0
  191. package/.mindforge/skills/osint-investigation/SKILL.md +288 -0
  192. package/.mindforge/skills/oss-forensics/SKILL.md +421 -0
  193. package/.mindforge/skills/pixel-art/SKILL.md +228 -0
  194. package/.mindforge/skills/plan/SKILL.md +350 -0
  195. package/.mindforge/skills/requesting-code-review/SKILL.md +292 -0
  196. package/.mindforge/skills/research-paper-writing/SKILL.md +2384 -0
  197. package/.mindforge/skills/scrapling/SKILL.md +345 -0
  198. package/.mindforge/skills/sherlock/SKILL.md +203 -0
  199. package/.mindforge/skills/simplify-code/SKILL.md +187 -0
  200. package/.mindforge/skills/spike/SKILL.md +209 -0
  201. package/.mindforge/skills/subagent-driven-development/SKILL.md +364 -0
  202. package/.mindforge/skills/systematic-debugging/SKILL.md +379 -0
  203. package/.mindforge/skills/test-driven-development/SKILL.md +355 -0
  204. package/.mindforge/skills/web-pentest/SKILL.md +327 -0
  205. package/CHANGELOG.md +71 -0
  206. package/MINDFORGE.md +2 -2
  207. package/README.md +72 -3
  208. package/RELEASENOTES.md +109 -0
  209. package/bin/installer-core.js +6 -2
  210. package/bin/mindforge-cli.js +7 -0
  211. package/bin/workflows/workflow-runner.js +110 -0
  212. package/docs/commands-reference.md +25 -0
  213. package/docs/getting-started.md +42 -5
  214. package/package.json +2 -1
@@ -0,0 +1,493 @@
1
+ ---
2
+ name: github-code-review
3
+ description: "Review PRs: diffs, inline comments via gh or REST."
4
+ version: 1.1.0
5
+ status: stable
6
+ min_mindforge_version: 11.5.1
7
+ triggers: github code review, review PR github, pull request review workflow, review pull request, github PR review, code review github, github review, pr code review, review github changes, github review workflow, code review on github, review pr changes
8
+ ---
9
+
10
+ # GitHub Code Review
11
+
12
+ Perform code reviews on local changes before pushing, or review open PRs on GitHub. Most of this skill uses plain `git` — the `gh`/`curl` split only matters for PR-level interactions.
13
+
14
+ ## Prerequisites
15
+
16
+ - Authenticated with GitHub (see `github-auth` skill)
17
+ - Inside a git repository
18
+
19
+ ### Setup (for PR interactions)
20
+
21
+ ```bash
22
+ if command -v gh &>/dev/null && gh auth status &>/dev/null; then
23
+ AUTH="gh"
24
+ else
25
+ AUTH="git"
26
+ if [ -z "$GITHUB_TOKEN" ]; then
27
+ if _agent_env="${AGENT_HOME:-$HOME/.agent}/.env"; [ -f "$_agent_env" ] && grep -q "^GITHUB_TOKEN=" "$_agent_env"; then
28
+ GITHUB_TOKEN=$(grep "^GITHUB_TOKEN=" "$_agent_env" | head -1 | cut -d= -f2 | tr -d '\n\r')
29
+ elif grep -q "github.com" ~/.git-credentials 2>/dev/null; then
30
+ GITHUB_TOKEN=$(grep "github.com" ~/.git-credentials 2>/dev/null | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|')
31
+ fi
32
+ fi
33
+ fi
34
+
35
+ REMOTE_URL=$(git remote get-url origin)
36
+ OWNER_REPO=$(echo "$REMOTE_URL" | sed -E 's|.*github\.com[:/]||; s|\.git$||')
37
+ OWNER=$(echo "$OWNER_REPO" | cut -d/ -f1)
38
+ REPO=$(echo "$OWNER_REPO" | cut -d/ -f2)
39
+ ```
40
+
41
+ ---
42
+
43
+ ## 1. Reviewing Local Changes (Pre-Push)
44
+
45
+ This is pure `git` — works everywhere, no API needed.
46
+
47
+ ### Get the Diff
48
+
49
+ ```bash
50
+ # Staged changes (what would be committed)
51
+ git diff --staged
52
+
53
+ # All changes vs main (what a PR would contain)
54
+ git diff main...HEAD
55
+
56
+ # File names only
57
+ git diff main...HEAD --name-only
58
+
59
+ # Stat summary (insertions/deletions per file)
60
+ git diff main...HEAD --stat
61
+ ```
62
+
63
+ ### Review Strategy
64
+
65
+ 1. **Get the big picture first:**
66
+
67
+ ```bash
68
+ git diff main...HEAD --stat
69
+ git log main..HEAD --oneline
70
+ ```
71
+
72
+ 2. **Review file by file** — use `read_file` on changed files for full context, and the diff to see what changed:
73
+
74
+ ```bash
75
+ git diff main...HEAD -- src/auth/login.py
76
+ ```
77
+
78
+ 3. **Check for common issues:**
79
+
80
+ ```bash
81
+ # Debug statements, TODOs, console.logs left behind
82
+ git diff main...HEAD | grep -n "print(\|console\.log\|TODO\|FIXME\|HACK\|XXX\|debugger"
83
+
84
+ # Large files accidentally staged
85
+ git diff main...HEAD --stat | sort -t'|' -k2 -rn | head -10
86
+
87
+ # Secrets or credential patterns
88
+ git diff main...HEAD | grep -in "password\|secret\|api_key\|token.*=\|private_key"
89
+
90
+ # Merge conflict markers
91
+ git diff main...HEAD | grep -n "<<<<<<\|>>>>>>\|======="
92
+ ```
93
+
94
+ 4. **Present structured feedback** to the user.
95
+
96
+ ### Review Output Format
97
+
98
+ When reviewing local changes, present findings in this structure:
99
+
100
+ ```
101
+ ## Code Review Summary
102
+
103
+ ### Critical
104
+ - **src/auth.py:45** — SQL injection: user input passed directly to query.
105
+ Suggestion: Use parameterized queries.
106
+
107
+ ### Warnings
108
+ - **src/models/user.py:23** — Password stored in plaintext. Use bcrypt or argon2.
109
+ - **src/api/routes.py:112** — No rate limiting on login endpoint.
110
+
111
+ ### Suggestions
112
+ - **src/utils/helpers.py:8** — Duplicates logic in `src/core/utils.py:34`. Consolidate.
113
+ - **tests/test_auth.py** — Missing edge case: expired token test.
114
+
115
+ ### Looks Good
116
+ - Clean separation of concerns in the middleware layer
117
+ - Good test coverage for the happy path
118
+ ```
119
+
120
+ ---
121
+
122
+ ## 2. Reviewing a Pull Request on GitHub
123
+
124
+ ### View PR Details
125
+
126
+ **With gh:**
127
+
128
+ ```bash
129
+ gh pr view 123
130
+ gh pr diff 123
131
+ gh pr diff 123 --name-only
132
+ ```
133
+
134
+ **With git + curl:**
135
+
136
+ ```bash
137
+ PR_NUMBER=123
138
+
139
+ # Get PR details
140
+ curl -s \
141
+ -H "Authorization: token $GITHUB_TOKEN" \
142
+ https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER \
143
+ | python3 -c "
144
+ import sys, json
145
+ pr = json.load(sys.stdin)
146
+ print(f\"Title: {pr['title']}\")
147
+ print(f\"Author: {pr['user']['login']}\")
148
+ print(f\"Branch: {pr['head']['ref']} -> {pr['base']['ref']}\")
149
+ print(f\"State: {pr['state']}\")
150
+ print(f\"Body:\n{pr['body']}\")"
151
+
152
+ # List changed files
153
+ curl -s \
154
+ -H "Authorization: token $GITHUB_TOKEN" \
155
+ https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER/files \
156
+ | python3 -c "
157
+ import sys, json
158
+ for f in json.load(sys.stdin):
159
+ print(f\"{f['status']:10} +{f['additions']:-4} -{f['deletions']:-4} {f['filename']}\")"
160
+ ```
161
+
162
+ ### Check Out PR Locally for Full Review
163
+
164
+ This works with plain `git` — no `gh` needed:
165
+
166
+ ```bash
167
+ # Fetch the PR branch and check it out
168
+ git fetch origin pull/123/head:pr-123
169
+ git checkout pr-123
170
+
171
+ # Now you can use read_file, search_files, run tests, etc.
172
+
173
+ # View diff against the base branch
174
+ git diff main...pr-123
175
+ ```
176
+
177
+ **With gh (shortcut):**
178
+
179
+ ```bash
180
+ gh pr checkout 123
181
+ ```
182
+
183
+ ### Leave Comments on a PR
184
+
185
+ **General PR comment — with gh:**
186
+
187
+ ```bash
188
+ gh pr comment 123 --body "Overall looks good, a few suggestions below."
189
+ ```
190
+
191
+ **General PR comment — with curl:**
192
+
193
+ ```bash
194
+ curl -s -X POST \
195
+ -H "Authorization: token $GITHUB_TOKEN" \
196
+ https://api.github.com/repos/$OWNER/$REPO/issues/$PR_NUMBER/comments \
197
+ -d '{"body": "Overall looks good, a few suggestions below."}'
198
+ ```
199
+
200
+ ### Leave Inline Review Comments
201
+
202
+ **Single inline comment — with gh (via API):**
203
+
204
+ ```bash
205
+ HEAD_SHA=$(gh pr view 123 --json headRefOid --jq '.headRefOid')
206
+
207
+ gh api repos/$OWNER/$REPO/pulls/123/comments \
208
+ --method POST \
209
+ -f body="This could be simplified with a list comprehension." \
210
+ -f path="src/auth/login.py" \
211
+ -f commit_id="$HEAD_SHA" \
212
+ -f line=45 \
213
+ -f side="RIGHT"
214
+ ```
215
+
216
+ **Single inline comment — with curl:**
217
+
218
+ ```bash
219
+ # Get the head commit SHA
220
+ HEAD_SHA=$(curl -s \
221
+ -H "Authorization: token $GITHUB_TOKEN" \
222
+ https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER \
223
+ | python3 -c "import sys,json; print(json.load(sys.stdin)['head']['sha'])")
224
+
225
+ curl -s -X POST \
226
+ -H "Authorization: token $GITHUB_TOKEN" \
227
+ https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER/comments \
228
+ -d "{
229
+ \"body\": \"This could be simplified with a list comprehension.\",
230
+ \"path\": \"src/auth/login.py\",
231
+ \"commit_id\": \"$HEAD_SHA\",
232
+ \"line\": 45,
233
+ \"side\": \"RIGHT\"
234
+ }"
235
+ ```
236
+
237
+ ### Submit a Formal Review (Approve / Request Changes)
238
+
239
+ **With gh:**
240
+
241
+ ```bash
242
+ gh pr review 123 --approve --body "LGTM!"
243
+ gh pr review 123 --request-changes --body "See inline comments."
244
+ gh pr review 123 --comment --body "Some suggestions, nothing blocking."
245
+ ```
246
+
247
+ **With curl — multi-comment review submitted atomically:**
248
+
249
+ ```bash
250
+ HEAD_SHA=$(curl -s \
251
+ -H "Authorization: token $GITHUB_TOKEN" \
252
+ https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER \
253
+ | python3 -c "import sys,json; print(json.load(sys.stdin)['head']['sha'])")
254
+
255
+ curl -s -X POST \
256
+ -H "Authorization: token $GITHUB_TOKEN" \
257
+ https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews \
258
+ -d "{
259
+ \"commit_id\": \"$HEAD_SHA\",
260
+ \"event\": \"COMMENT\",
261
+ \"body\": \"Code review from
262
+ \"comments\": [
263
+ {\"path\": \"src/auth.py\", \"line\": 45, \"body\": \"Use parameterized queries to prevent SQL injection.\"},
264
+ {\"path\": \"src/models/user.py\", \"line\": 23, \"body\": \"Hash passwords with bcrypt before storing.\"},
265
+ {\"path\": \"tests/test_auth.py\", \"line\": 1, \"body\": \"Add test for expired token edge case.\"}
266
+ ]
267
+ }"
268
+ ```
269
+
270
+ Event values: `"APPROVE"`, `"REQUEST_CHANGES"`, `"COMMENT"`
271
+
272
+ The `line` field refers to the line number in the *new* version of the file. For deleted lines, use `"side": "LEFT"`.
273
+
274
+ ---
275
+
276
+ ## 3. Review Checklist
277
+
278
+ When performing a code review (local or PR), systematically check:
279
+
280
+ ### Correctness
281
+ - Does the code do what it claims?
282
+ - Edge cases handled (empty inputs, nulls, large data, concurrent access)?
283
+ - Error paths handled gracefully?
284
+
285
+ ### Security
286
+ - No hardcoded secrets, credentials, or API keys
287
+ - Input validation on user-facing inputs
288
+ - No SQL injection, XSS, or path traversal
289
+ - Auth/authz checks where needed
290
+
291
+ ### Code Quality
292
+ - Clear naming (variables, functions, classes)
293
+ - No unnecessary complexity or premature abstraction
294
+ - DRY — no duplicated logic that should be extracted
295
+ - Functions are focused (single responsibility)
296
+
297
+ ### Testing
298
+ - New code paths tested?
299
+ - Happy path and error cases covered?
300
+ - Tests readable and maintainable?
301
+
302
+ ### Performance
303
+ - No N+1 queries or unnecessary loops
304
+ - Appropriate caching where beneficial
305
+ - No blocking operations in async code paths
306
+
307
+ ### Documentation
308
+ - Public APIs documented
309
+ - Non-obvious logic has comments explaining "why"
310
+ - README updated if behavior changed
311
+
312
+ ---
313
+
314
+ ## 4. Pre-Push Review Workflow
315
+
316
+ When the user asks you to "review the code" or "check before pushing":
317
+
318
+ 1. `git diff main...HEAD --stat` — see scope of changes
319
+ 2. `git diff main...HEAD` — read the full diff
320
+ 3. For each changed file, use `read_file` if you need more context
321
+ 4. Apply the checklist above
322
+ 5. Present findings in the structured format (Critical / Warnings / Suggestions / Looks Good)
323
+ 6. If critical issues found, offer to fix them before the user pushes
324
+
325
+ ---
326
+
327
+ ## 5. PR Review Workflow (End-to-End)
328
+
329
+ When the user asks you to "review PR #N", "look at this PR", or gives you a PR URL, follow this recipe:
330
+
331
+ ### Step 1: Set up environment
332
+
333
+ ```bash
334
+ source "${AGENT_HOME:-$HOME/.agent}/skills/github/github-auth/scripts/gh-env.sh"
335
+ # Or run the inline setup block from the top of this skill
336
+ ```
337
+
338
+ ### Step 2: Gather PR context
339
+
340
+ Get the PR metadata, description, and list of changed files to understand scope before diving into code.
341
+
342
+ **With gh:**
343
+ ```bash
344
+ gh pr view 123
345
+ gh pr diff 123 --name-only
346
+ gh pr checks 123
347
+ ```
348
+
349
+ **With curl:**
350
+ ```bash
351
+ PR_NUMBER=123
352
+
353
+ # PR details (title, author, description, branch)
354
+ curl -s -H "Authorization: token $GITHUB_TOKEN" \
355
+ https://api.github.com/repos/$GH_OWNER/$GH_REPO/pulls/$PR_NUMBER
356
+
357
+ # Changed files with line counts
358
+ curl -s -H "Authorization: token $GITHUB_TOKEN" \
359
+ https://api.github.com/repos/$GH_OWNER/$GH_REPO/pulls/$PR_NUMBER/files
360
+ ```
361
+
362
+ ### Step 3: Check out the PR locally
363
+
364
+ This gives you full access to `read_file`, `search_files`, and the ability to run tests.
365
+
366
+ ```bash
367
+ git fetch origin pull/$PR_NUMBER/head:pr-$PR_NUMBER
368
+ git checkout pr-$PR_NUMBER
369
+ ```
370
+
371
+ ### Step 4: Read the diff and understand changes
372
+
373
+ ```bash
374
+ # Full diff against the base branch
375
+ git diff main...HEAD
376
+
377
+ # Or file-by-file for large PRs
378
+ git diff main...HEAD --name-only
379
+ # Then for each file:
380
+ git diff main...HEAD -- path/to/file.py
381
+ ```
382
+
383
+ For each changed file, use `read_file` to see full context around the changes — diffs alone can miss issues visible only with surrounding code.
384
+
385
+ ### Step 5: Run automated checks locally (if applicable)
386
+
387
+ ```bash
388
+ # Run tests if there's a test suite
389
+ python -m pytest 2>&1 | tail -20
390
+ # or: npm test, cargo test, go test ./..., etc.
391
+
392
+ # Run linter if configured
393
+ ruff check . 2>&1 | head -30
394
+ # or: eslint, clippy, etc.
395
+ ```
396
+
397
+ ### Step 6: Apply the review checklist (Section 3)
398
+
399
+ Go through each category: Correctness, Security, Code Quality, Testing, Performance, Documentation.
400
+
401
+ ### Step 7: Post the review to GitHub
402
+
403
+ Collect your findings and submit them as a formal review with inline comments.
404
+
405
+ **With gh:**
406
+ ```bash
407
+ # If no issues — approve
408
+ gh pr review $PR_NUMBER --approve --body "Reviewed by
409
+
410
+ # If issues found — request changes with inline comments
411
+ gh pr review $PR_NUMBER --request-changes --body "Found a few issues — see inline comments."
412
+ ```
413
+
414
+ **With curl — atomic review with multiple inline comments:**
415
+ ```bash
416
+ HEAD_SHA=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
417
+ https://api.github.com/repos/$GH_OWNER/$GH_REPO/pulls/$PR_NUMBER \
418
+ | python3 -c "import sys,json; print(json.load(sys.stdin)['head']['sha'])")
419
+
420
+ # Build the review JSON — event is APPROVE, REQUEST_CHANGES, or COMMENT
421
+ curl -s -X POST \
422
+ -H "Authorization: token $GITHUB_TOKEN" \
423
+ https://api.github.com/repos/$GH_OWNER/$GH_REPO/pulls/$PR_NUMBER/reviews \
424
+ -d "{
425
+ \"commit_id\": \"$HEAD_SHA\",
426
+ \"event\": \"REQUEST_CHANGES\",
427
+ \"body\": \"##
428
+ \"comments\": [
429
+ {\"path\": \"src/auth.py\", \"line\": 45, \"body\": \"🔴 **Critical:** User input passed directly to SQL query — use parameterized queries.\"},
430
+ {\"path\": \"src/models.py\", \"line\": 23, \"body\": \"⚠️ **Warning:** Password stored without hashing.\"},
431
+ {\"path\": \"src/utils.py\", \"line\": 8, \"body\": \"💡 **Suggestion:** This duplicates logic in core/utils.py:34.\"}
432
+ ]
433
+ }"
434
+ ```
435
+
436
+ ### Step 8: Also post a summary comment
437
+
438
+ In addition to inline comments, leave a top-level summary so the PR author gets the full picture at a glance. Use the review output format from `references/review-output-template.md`.
439
+
440
+ **With gh:**
441
+ ```bash
442
+ gh pr comment $PR_NUMBER --body "$(cat <<'EOF'
443
+ ## Code Review Summary
444
+
445
+ **Verdict: Changes Requested** (2 issues, 1 suggestion)
446
+
447
+ ### 🔴 Critical
448
+ - **src/auth.py:45** — SQL injection vulnerability
449
+
450
+ ### ⚠️ Warnings
451
+ - **src/models.py:23** — Plaintext password storage
452
+
453
+ ### 💡 Suggestions
454
+ - **src/utils.py:8** — Duplicated logic, consider consolidating
455
+
456
+ ### ✅ Looks Good
457
+ - Clean API design
458
+ - Good error handling in the middleware layer
459
+
460
+ ---
461
+ *Reviewed by
462
+ EOF
463
+ )"
464
+ ```
465
+
466
+ ### Step 9: Clean up
467
+
468
+ ```bash
469
+ git checkout main
470
+ git branch -D pr-$PR_NUMBER
471
+ ```
472
+
473
+ ### Decision: Approve vs Request Changes vs Comment
474
+
475
+ - **Approve** — no critical or warning-level issues, only minor suggestions or all clear
476
+ - **Request Changes** — any critical or warning-level issue that should be fixed before merge
477
+ - **Comment** — observations and suggestions, but nothing blocking (use when you're unsure or the PR is a draft)
478
+
479
+ ## Mandatory actions when this skill is active
480
+
481
+ Before applying this skill:
482
+ - [ ] Read the task requirements fully before acting
483
+ - [ ] Confirm you understand the goal and constraints
484
+ - [ ] Check for existing work or prior context in the codebase
485
+
486
+ While working:
487
+ - [ ] Follow the methodology described above step by step
488
+ - [ ] Document any decisions or findings as you go
489
+
490
+ After completing:
491
+ - [ ] Self-check: does the output satisfy the original requirement?
492
+ - [ ] Verify no regressions or unintended side effects
493
+