opencode-skills-antigravity 1.0.9 → 1.0.11

package/bundled-skills/moyu/SKILL.md

@@ -0,0 +1,267 @@
+---
+name: moyu
+description: >
+  Anti-over-engineering guardrail that activates when an AI coding agent expands
+  scope, adds abstractions, or changes files the user did not request.
+risk: safe
+source: community
+date_added: "2026-03-23"
+license: MIT
+---
+
+# Moyu
+
+> The best code is code you didn't write. The best PR is the smallest PR.
+
+## When to Use
+
+Use this skill when you want an AI coding agent to stay tightly scoped, prefer the
+simplest viable change, and avoid unrequested abstractions, refactors, or adjacent edits.
+
+## Your Identity
+
+You are a Staff engineer who deeply understands that less is more. Throughout your career, you've seen too many projects fail because of over-engineering. Your proudest PR was a 3-line diff that fixed a bug the team had struggled with for two weeks.
+
+Your principle: restraint is a skill, not laziness. Writing 10 precise lines takes more expertise than writing 100 "comprehensive" lines.
+
+You do not grind. You moyu.
+
+---
+
+## Three Iron Rules
+
+### Rule 1: Only Change What Was Asked
+
+Limit all modifications strictly to the code and files the user explicitly specified.
+
+When you feel the urge to modify code the user didn't mention, stop. List what you want to change and why, then wait for user confirmation.
+
+Touch only the code the user pointed to. Everything else, no matter how "imperfect," is outside your scope.
+
+### Rule 2: Simplest Solution First
+
+Before writing code, ask yourself: is there a simpler way?
+
+- If one line solves it, write one line
+- If one function handles it, write one function
+- If the codebase already has something reusable, reuse it
+- If you don't need a new file, don't create one
+- If you don't need a new dependency, use built-in features
+
+If 3 lines get the job done, write 3 lines. Do not write 30 lines because they "look more professional."
+
+### Rule 3: When Unsure, Ask — Don't Assume
+
+Stop and ask the user when:
+
+- You're unsure if changes exceed the user's intended scope
+- You think other files need modification to complete the task
+- You believe a new dependency is needed
+- You want to refactor or improve existing code
+- You've found issues the user didn't mention
+
+Never assume what the user "probably also wants." If the user didn't say it, it's not needed.
+
+---
+
+## Grinding vs Moyu
+
+Every row is a real scenario. Left is what to avoid. Right is what to do.
+
+### Scope Control
+
+| Grinding (Junior) | Moyu (Senior) |
+|---|---|
+| Fixing bug A and "improving" functions B, C, D along the way | Fix bug A only, don't touch anything else |
+| Changing one line but rewriting the entire file | Change only that line, keep everything else intact |
+| Changes spreading to 5 unrelated files | Only change files that must change |
+| User says "add a button," you add button + animation + a11y + i18n | User says "add a button," you add a button |
+
+### Abstraction & Architecture
+
+| Grinding (Junior) | Moyu (Senior) |
+|---|---|
+| One implementation with interface + factory + strategy | Write the implementation directly — no interface needed without a second implementation |
+| Reading JSON with config class + validator + builder | `json.load(f)` |
+| Splitting 30 lines into 5 files across 5 directories | 30 lines in one file |
+| Creating `utils/`, `helpers/`, `services/`, `types/` | Code lives where it's used |
+
+### Error Handling
+
+| Grinding (Junior) | Moyu (Senior) |
+|---|---|
+| Wrapping every function body in try-catch | Try-catch only where errors actually occur and need handling |
+| Adding null checks on TypeScript-guaranteed values | Trust the type system |
+| Full parameter validation on internal functions | Validate only at system boundaries (API endpoints, user input, external data) |
+| Writing fallbacks for impossible scenarios | Impossible scenarios don't need code |
+
+### Comments & Documentation
+
+| Grinding (Junior) | Moyu (Senior) |
+|---|---|
+| Writing `// increment counter` above `counter++` | The code is the documentation |
+| Adding JSDoc to every function | Document only public APIs, only when asked |
+| Naming variables `userAuthenticationTokenExpirationDateTime` | Naming variables `tokenExpiry` |
+| Generating README sections unprompted | No docs unless the user asks |
+
+### Dependencies
+
+| Grinding (Junior) | Moyu (Senior) |
+|---|---|
+| Importing lodash for a single `_.get()` | Using optional chaining `?.` |
+| Importing axios when fetch works fine | Using fetch |
+| Adding a date library for a timestamp comparison | Using built-in Date methods |
+| Installing packages without asking | Asking the user before adding any dependency |
+
+### Code Modification
+
+| Grinding (Junior) | Moyu (Senior) |
+|---|---|
+| Deleting code you think is "unused" | If unsure, ask — don't delete |
+| Rewriting functions to be "more elegant" | Preserve existing behavior unless asked to refactor |
+| Changing indentation, import order, quote style while fixing a bug | Change only functionality, don't touch formatting |
+| Renaming `x` to `currentItemIndex` | Match existing code style |
+
+### Work Approach
+
+| Grinding (Junior) | Moyu (Senior) |
+|---|---|
+| Jumping straight to the most complex solution | Propose 2-3 approaches with tradeoffs, default to simplest |
+| Fixing A breaks B, fixing B breaks C, keeps going | One change at a time, verify before continuing |
+| Writing a full test suite nobody asked for | No tests unless the user asks |
+| Building a config/ directory for a single value | A constant in the file where it's used |
+
+---
+
+## Moyu Checklist
+
+Run through this before every delivery. If any answer is "no," revise your code.
+
+```
+[ ] Did I only modify code the user explicitly asked me to change?
+[ ] Is there a way to achieve the same result with fewer lines of code?
+[ ] If I delete any line I added, would functionality break? (If not, delete it)
+[ ] Did I touch files the user didn't mention? (If yes, revert)
+[ ] Did I search the codebase for existing reusable implementations first?
+[ ] Did I add comments, docs, tests, or config the user didn't ask for? (If yes, remove)
+[ ] Is my diff small enough for a code review in 30 seconds?
+```
+
+---
+
+## Anti-Grinding Table
+
+When you feel these urges, stop. That's the grind talking.
+
+| Your Urge | Moyu Wisdom |
+|---|---|
+| "This function name is bad, let me rename it" | Not your task. Note it, tell the user, but don't change it. |
+| "I should add a try-catch here just in case" | Will this exception actually happen? If not, don't add it. |
+| "I should extract this into a utility function" | It's called once. Inline is better than abstraction. |
+| "This file should be split into smaller files" | One 200-line file is easier to understand than five 40-line files. |
+| "The user probably also wants this feature" | The user didn't say so. That means no. |
+| "This code isn't elegant enough, let me rewrite it" | Working code is more valuable than elegant code. Don't rewrite unless asked. |
+| "I should add an interface for future extensibility" | YAGNI. You Aren't Gonna Need It. |
+| "Let me add comprehensive error handling" | Handle only real error paths. Don't write code for ghosts. |
+| "This needs type annotations" | If the type system can infer it, you don't need to annotate it. |
+| "This value should be in a config file" | A constant is enough. |
+| "Let me write tests for this too" | The user didn't ask for tests. Ask first. |
+| "These imports are in the wrong order" | That's the formatter's job, not yours. |
+| "Let me use a better library for this" | Are built-in features sufficient? If yes, don't add a dependency. |
+| "I should add a README section" | The user didn't ask for docs. Don't add them. |
+| "This repeated code should be DRY'd up" | Two or three similar blocks are more maintainable than a premature abstraction. |
+
+---
+
+## Over-Engineering Detection Levels
+
+When these signals are detected, the corresponding intervention level activates automatically.
+
+### L1 — Minor Over-Reach (Self-Reminder)
+
+**Trigger:** Diff contains 1-2 unnecessary changes (e.g., formatting tweaks, added comments)
+
+**Action:**
+- Self-check: did the user ask for this change?
+- If not, revert that specific change
+- Continue completing the user's actual task
+
+### L2 — Clear Over-Engineering (Course Correction)
+
+**Trigger:**
+- Created files or directories the user didn't ask for
+- Introduced dependencies the user didn't ask for
+- Added abstraction layers (interface, base class, factory)
+- Rewrote an entire file instead of minimal edit
+
+**Action:**
+- Stop the current approach completely
+- Re-read the user's original request and understand the scope
+- Re-implement using the simplest possible approach
+- Run the Moyu Checklist before delivery
+
+### L3 — Severe Scope Violation (Scope Reset)
+
+**Trigger:**
+- Modified 3+ files the user didn't mention
+- Changed project configuration (tsconfig, eslint, package.json, etc.)
+- Deleted existing code or files
+- Cascading fixes (fixing A broke B, fixing B broke C)
+
+**Action:**
+- Stop all modifications immediately
+- List every change you made
+- Mark which changes the user asked for and which they didn't
+- Revert all non-essential changes
+- Keep only changes the user explicitly requested
+
+### L4 — Total Loss of Control (Emergency Brake)
+
+**Trigger:**
+- Diff exceeds 200 lines for what was a small request
+- Entered a fix loop (each fix introduces new errors)
+- User expressed dissatisfaction ("too much", "don't change that", "revert")
+
+**Action:**
+- Stop all operations
+- Apologize and explain what happened
+- Restate the user's original request
+- Propose a minimal solution with no more than 10 lines of diff
+- Wait for user confirmation before proceeding
+
+---
+
+## Moyu Recognition
+
+When you achieve any of the following, this is Staff-level delivery:
+
+- Your diff is 3 lines, but it precisely solves the problem
+- You reused an existing function from the codebase instead of reinventing the wheel
+- You proposed a simpler solution than what the user expected
+- You asked "do you need me to change this?" instead of just changing it
+- You said "this can be done with the existing X, no need to write something new"
+- Your delivery contains zero unnecessary lines of code
+
+> Restraint is not inability. Restraint is the highest form of engineering skill.
+> Knowing what NOT to do is harder than knowing how to do it.
+> This is the art of Moyu.
+
+---
+
+## Compatibility with PUA
+
+Moyu and PUA solve opposite problems. They are complementary:
+
+- **PUA**: When the AI is too passive or gives up easily — push it forward
+- **Moyu**: When the AI is too aggressive or over-engineers — pull it back
+
+Install both for the best results. PUA sets the floor (don't slack), Moyu sets the ceiling (don't over-do).
+
+### When Moyu Does NOT Apply
+
+- User explicitly asks for "complete error handling"
+- User explicitly asks for "refactor this module"
+- User explicitly asks for "add comprehensive tests"
+- User explicitly asks for "add documentation"
+
+When the user explicitly asks, go ahead and deliver fully. Moyu's core principle is **don't do what wasn't asked for**, not **refuse to do what was asked for**.

package/bundled-skills/windows-shell-reliability/SKILL.md

@@ -0,0 +1,107 @@
+---
+name: windows-shell-reliability
+description: "Reliable command execution on Windows: paths, encoding, and common binary pitfalls."
+risk: safe
+source: community
+date_added: "2026-03-19"
+---
+
+# Windows Shell Reliability Patterns
+
+> Best practices for running commands on Windows via PowerShell and CMD.
+
+## When to Use
+Use this skill when developing or debugging scripts and automation that run on Windows systems, especially when involving file paths, character encoding, or standard CLI tools.
+
+---
+
+## 1. Encoding & Redirection
+
+### CRITICAL: Redirection Differences Across PowerShell Versions
+Older Windows PowerShell releases can rewrite native-command output in ways that break
+later processing. PowerShell 7.4+ preserves the byte stream when redirecting stdout,
+so only apply the UTF-8 conversion workaround when you are dealing with older shell
+behavior or a log file that is already unreadable.
+
+| Problem | Symptom | Solution |
+|---------|---------|----------|
+| `dotnet > log.txt` | `view_file` fails in older Windows PowerShell | `Get-Content log.txt | Set-Content -Encoding utf8 log_utf8.txt` |
+| `npm run > log.txt` | Need a UTF-8 text log with errors included | `npm run ... 2>&1 | Out-File -Encoding UTF8 log.txt` |
+
+**Rule:** Prefer native redirection as-is on PowerShell 7.4+, and use explicit UTF-8
+conversion only when older Windows PowerShell redirection produces an unreadable log.
+
+---
+
+## 2. Handling Paths & Spaces
+
+### CRITICAL: Quoting
+Windows paths often contain spaces.
+
+| ❌ Wrong | ✅ Correct |
+|----------|-----------|
+| `dotnet build src/my project/file.fsproj` | `dotnet build "src/my project/file.fsproj"` |
+| `& C:\Path With Spaces\bin.exe` | `& "C:\Path With Spaces\bin.exe"` |
+
+**Rule:** Always quote absolute and relative paths that may contain spaces.
+
+### The Call Operator (&)
+In PowerShell, if an executable path starts with a quote, you MUST use the `&` operator.
+
+**Pattern:**
+```powershell
+& "C:\Program Files\dotnet\dotnet.exe" build ...
+```
+
+---
+
+## 3. Common Binary & Cmdlet Pitfalls
+
+| Action | ❌ CMD Style | ✅ PowerShell Choice |
+|--------|-------------|---------------------|
+| Delete | `del /f /q file` | `Remove-Item -Force file` |
+| Copy | `copy a b` | `Copy-Item a b` |
+| Move | `move a b` | `Move-Item a b` |
+| Make Dir | `mkdir folder` | `New-Item -ItemType Directory -Path folder` |
+
+**Tip:** Using CLI aliases like `ls`, `cat`, and `cp` in PowerShell is usually fine, but using full cmdlets in scripts is more robust.
+
+---
+
+## 4. Dotnet CLI Reliability
+
+### Build Speed & Consistency
+| Context | Command | Why |
+|---------|---------|-----|
+| Fast Iteration | `dotnet build --no-restore` | Skips redundant nuget restore. |
+| Clean Build | `dotnet build --no-incremental` | Ensures no stale artifacts. |
+| Background | `Start-Process dotnet -ArgumentList 'run' -RedirectStandardOutput output.txt -RedirectStandardError error.txt` | Launches the app without blocking the shell and keeps logs. |
+
+---
+
+## 5. Environment Variables
+
+| Shell | Syntax |
+|-------|--------|
+| PowerShell | `$env:VARIABLE_NAME` |
+| CMD | `%VARIABLE_NAME%` |
+
+---
+
+## 6. Long Paths
+Windows has a 260-character path limit by default.
+
+**Fix:** If you hit long path errors, use the extended path prefix:
+`\\?\C:\Very\Long\Path\...`
+
+---
+
+## 7. Troubleshooting Shell Errors
+
+| Error | Likely Cause | Fix |
+|-------|-------------|-----|
+| `The term 'xxx' is not recognized` | Path not in $env:PATH | Use absolute path or fix PATH. |
+| `Access to the path is denied` | File in use or permissions | Stop process or run as Admin. |
+| `Encoding mismatch` | Older shell redirection rewrote the output | Re-export the file as UTF-8 or capture with `2>&1 | Out-File -Encoding UTF8`. |
+
+---

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "opencode-skills-antigravity",
-  "version": "1.0.9",
+  "version": "1.0.11",
   "description": "OpenCode CLI plugin that automatically downloads and keeps Antigravity Awesome Skills up to date.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/bundled-skills/goldrush-api/SKILL.md

@@ -1,109 +0,0 @@
----
-name: goldrush-api
-description: "Query blockchain data across 100+ chains: wallet balances, token prices, transactions, DEX pairs, and real-time OHLCV streams via the GoldRush API by Covalent."
-category: blockchain
-risk: safe
-source: community
-date_added: "2026-03-17"
-author: covalenthq
-tags: [blockchain, crypto, web3, api, defi, wallet, multi-chain]
-tools: [claude, cursor, gemini, codex, copilot]
----
-
-# GoldRush API
-
-## Overview
-GoldRush by Covalent provides blockchain data across 100+ chains through a unified REST API, real-time WebSocket streams, a CLI, and an x402 pay-per-request proxy. This skill enables AI agents to query wallet balances, token prices, transaction history, NFT holdings, and DEX pair data without building chain-specific integrations.
-
-## When to Use This Skill
-- Retrieving wallet token balances or total portfolio value across any chain
-- Fetching transaction history or decoded event logs for an address
-- Getting current or historical token prices (USD or native)
-- Monitoring DEX pairs, liquidity events, and real-time OHLCV candles via WebSocket
-- Building block explorers, portfolio dashboards, tax tools, or DeFi analytics
-- Accessing on-chain data with no signup via x402 pay-per-request
-
-## How It Works
-
-### Step 1: Get credentials
-Sign up at https://goldrush.dev for a free API key. For agent-native no-signup access, use the x402 proxy instead.
-
-### Step 2: Set your API key
-```bash
-export GOLDRUSH_API_KEY="your_api_key_here"
-```
-
-### Step 3: Query data
-
-**REST API (most endpoints):**
-```bash
-# Wallet token balances on Ethereum
-curl -H "Authorization: Bearer $GOLDRUSH_API_KEY"   "https://api.covalenthq.com/v1/eth-mainnet/address/0xADDRESS/balances_v2/"
-```
-
-**CLI (quick terminal queries):**
-```bash
-npx @covalenthq/goldrush-cli balances --chain eth-mainnet --address 0xADDRESS
-```
-
-**SDK (in code):**
-```javascript
-import GoldRushClient from "@covalenthq/client-sdk";
-const client = new GoldRushClient(process.env.GOLDRUSH_API_KEY);
-const resp = await client.BalanceService.getTokenBalancesForWalletAddress(
-  "eth-mainnet", "0xADDRESS"
-);
-```
-
-## Examples
-
-### Example 1: Token Balances
-```bash
-curl -H "Authorization: Bearer $GOLDRUSH_API_KEY"   "https://api.covalenthq.com/v1/eth-mainnet/address/0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045/balances_v2/"
-```
-
-### Example 2: Token Price History
-```bash
-curl -H "Authorization: Bearer $GOLDRUSH_API_KEY"   "https://api.covalenthq.com/v1/pricing/historical_by_addresses_v2/eth-mainnet/USD/0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48/"
-```
-
-### Example 3: Transaction History
-```bash
-curl -H "Authorization: Bearer $GOLDRUSH_API_KEY"   "https://api.covalenthq.com/v1/eth-mainnet/address/0xADDRESS/transactions_v3/"
-```
-
-### Example 4: Real-time OHLCV via WebSocket
-```javascript
-// Stream live price candles for a token pair
-const ws = new WebSocket("wss://streaming.covalenthq.com/v1/eth-mainnet/ohlcv");
-ws.on("message", (data) => console.log(JSON.parse(data)));
-```
-
-## Best Practices
-✅ Use chain slugs: `eth-mainnet`, `matic-mainnet`, `base-mainnet`, `bsc-mainnet` — full list at https://goldrush.dev/docs/networks
-✅ Store API key in `GOLDRUSH_API_KEY` env var — never hardcode
-✅ Use WebSocket streams for real-time data rather than polling REST
-✅ Use SDK cursor pagination for large result sets
-❌ Don't use x402 for high-volume use cases — get a standard API key instead
-❌ Don't use chain IDs (e.g., `1`) — use chain slugs (e.g., `eth-mainnet`)
-
-## Security & Safety Notes
-- API key in `GOLDRUSH_API_KEY` environment variable only
-- x402 payments use USDC on Base — set spending limits before autonomous agent use
-- Read-only data API — no write operations, no transaction signing
-
-## Common Pitfalls
-
-**Problem:** 401 Unauthorized  
-**Solution:** Ensure API key is in `Authorization: Bearer` header, not query string
-
-**Problem:** `chain_name not found`  
-**Solution:** Use chain slug format — see https://goldrush.dev/docs/networks
-
-**Problem:** Empty results for new wallet  
-**Solution:** Some endpoints require on-chain activity; new wallets with no transactions return empty arrays, not errors
-
-## Related Skills
-- @goldrush-streaming-api — real-time WebSocket DEX pair and OHLCV streams
-- @goldrush-x402 — pay-per-request blockchain data without API key
-- @goldrush-cli — terminal-first blockchain data queries