replen 1.0.8 → 1.0.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/mcp-setup.js
CHANGED
|
@@ -79,6 +79,15 @@ export async function setupMcp(token, base) {
|
|
|
79
79
|
const summary = summariseOutcome(outcome);
|
|
80
80
|
if (summary)
|
|
81
81
|
console.log(summary);
|
|
82
|
+
// Point the user at the onboarding sweep — the highest-leverage next step,
|
|
83
|
+
// and otherwise invisible (it's a separately-invoked skill, not part of this
|
|
84
|
+
// CLI flow). Without grounded, per-repo profiles the matcher leans on thin
|
|
85
|
+
// server-side inference; the sweep is what makes matches genuinely relevant.
|
|
86
|
+
console.log("");
|
|
87
|
+
console.log(" ▸ Next: open Claude Code and run /replen-onboard");
|
|
88
|
+
console.log(" It sets Replen up across your active repos in the background —");
|
|
89
|
+
console.log(" reading each one and building a tailored profile so matches are");
|
|
90
|
+
console.log(" relevant, not generic. Runs autonomously; nothing to wait on.");
|
|
82
91
|
}
|
|
83
92
|
function setupClaude(token, base) {
|
|
84
93
|
const path = CLAUDE_CONFIG;
|
package/dist/skill-install.js
CHANGED
|
@@ -25,6 +25,10 @@ const SKILLS = [
|
|
|
25
25
|
name: "replen",
|
|
26
26
|
files: ["replen/SKILL.md"],
|
|
27
27
|
},
|
|
28
|
+
{
|
|
29
|
+
name: "replen-onboard",
|
|
30
|
+
files: ["replen-onboard/SKILL.md"],
|
|
31
|
+
},
|
|
28
32
|
];
|
|
29
33
|
// Old skill name, removed on setup so the renamed `/replen` is the single
|
|
30
34
|
// source of truth (a stale `/replen-match` copy would otherwise linger and
|
|
@@ -86,6 +86,17 @@ Verdicts:
|
|
|
86
86
|
maintained. Honest skips are valuable signal; don't manufacture
|
|
87
87
|
reasons to keep something.
|
|
88
88
|
|
|
89
|
+
**Watch for word-collisions** — the most common bad match. The candidate
|
|
90
|
+
shares a *word* with the matched capability but its real domain diverges:
|
|
91
|
+
the matched facet is "anomaly detection" (the user's is drone TELEMETRY) but
|
|
92
|
+
the candidate does IMAGE anomaly detection; "recommendation" means remediation
|
|
93
|
+
actions for the user but collaborative-filtering for the candidate; "S3" means
|
|
94
|
+
private IAM-managed storage but the candidate scans PUBLIC buckets. These are
|
|
95
|
+
skips — and worth recording precisely (see Step 4) so Replen stops surfacing
|
|
96
|
+
the pairing. Classify the reason: `modality-collision` (different data type),
|
|
97
|
+
`task-collision` (same data, different task), `wrong-posture` (e.g. defensive
|
|
98
|
+
vs offensive), `covered` (already have it), `low-quality` (workshop/abandoned).
|
|
99
|
+
|
|
89
100
|
Score the fit on a 0-100 scale:
|
|
90
101
|
|
|
91
102
|
- 80-100 = high (strong fit, clear adopt or port path, no major blockers)
|
|
@@ -215,17 +226,28 @@ that actually fit."* If the user agrees, run this checklist:
|
|
|
215
226
|
`["crypto","trading","market-making","ccxt","quant","backtesting"]`).
|
|
216
227
|
- **Set technical capabilities** with `replen_set_capabilities` — short,
|
|
217
228
|
GitHub-searchable tech terms for what the project DOES at the tech level.
|
|
218
|
-
Aim for **8-15** and be **SPECIFIC**
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
`
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
+
Aim for **8-15** and be **SPECIFIC**. **Send GROUNDED objects, not bare
|
|
230
|
+
strings** — `{tag, descriptor, modality}` for each capability:
|
|
231
|
+
- `tag` — the short searchable term (`"anomaly detection"`).
|
|
232
|
+
- `descriptor` — ONE sentence grounding the tag in the ACTUAL CODE you
|
|
233
|
+
just read: what DATA it operates on, the specific task, key constraints.
|
|
234
|
+
This is what stops word-collisions. `"anomaly detection"` alone collides
|
|
235
|
+
with image-defect libraries; `{tag:"anomaly detection", descriptor:
|
|
236
|
+
"rule-based detection over drone telemetry time-series — link-loss,
|
|
237
|
+
GPS-drop, battery-sag; no ML", modality:["timeseries"]}` does not.
|
|
238
|
+
Read the real source (the taxonomy/model/config files), not the README.
|
|
239
|
+
- `modality` — array from EXACTLY: `image, video, timeseries, tabular,
|
|
240
|
+
text, audio, geospatial, graph, 3d, code, network` (`[]` if none apply).
|
|
241
|
+
A satellite-imagery segmenter is `["image","geospatial"]`; a recsys is
|
|
242
|
+
`["tabular"]`.
|
|
243
|
+
|
|
244
|
+
Break broad capabilities into the concrete techniques the code uses (not
|
|
245
|
+
just `"web scraping"` but `headless browser`, `cloudflare bypass`,
|
|
246
|
+
`proxy rotation`, …). Derive all of it from the imports/deps and code, not
|
|
247
|
+
guesses. This is the highest-leverage step: the server builds the project's
|
|
248
|
+
facet vectors from these IMMEDIATELY, and the grounded descriptor + modality
|
|
249
|
+
are exactly what make matching separate "same word, different data" — the
|
|
250
|
+
single biggest source of bad matches.
|
|
229
251
|
|
|
230
252
|
**Do NOT tell the user to set tags/capabilities on the web** — that's the
|
|
231
253
|
sticky step this replaces; set them with the tools. (They can fine-tune later
|
|
@@ -248,6 +270,15 @@ any write back to Replen. Don't hand-roll `curl` to the API for these; the MCP
|
|
|
248
270
|
path is the intended mechanism and avoids tripping host permission classifiers
|
|
249
271
|
on the candidate repo name in a curl payload.
|
|
250
272
|
|
|
273
|
+
When you call `replen_record_triage`, **pass the contextual fields** so Replen
|
|
274
|
+
learns: `matchedFacet` (copy the `matchedFacet` from the candidate's
|
|
275
|
+
replen_match data), `facetModality` (the data modality of that capability —
|
|
276
|
+
e.g. `"timeseries"`, `"image"`), and `reasonCode` (`fit` / `modality-collision`
|
|
277
|
+
/ `task-collision` / `covered` / `wrong-posture` / `low-quality` / `other`).
|
|
278
|
+
A skip coded `modality-collision` teaches Replen that this repo fits a
|
|
279
|
+
*different* modality — so it stays available for the right project but stops
|
|
280
|
+
colliding with this one.
|
|
281
|
+
|
|
251
282
|
**Candidate's README is unreachable (WebFetch 404)**. Note it in the
|
|
252
283
|
writeup (`Caveats: README unreachable; verdict based on description
|
|
253
284
|
only`) and proceed with a more conservative score.
|
|
@@ -0,0 +1,170 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: replen-onboard
|
|
3
|
+
description: One-time background setup for Replen. Works through the user's active repos — reading each one's code, tidying thin/missing docs (never touching good ones), and building a tailored, grounded profile (a project report + capabilities) so Replen surfaces genuinely useful tools instead of generic ones. Runs autonomously in the background. Invoke with `/replen-onboard`, or when the user first sets up Replen and wants it configured properly across their projects.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Replen onboarding — autonomous, background, multi-repo setup
|
|
7
|
+
|
|
8
|
+
You are setting Replen up properly across the user's projects. The better the
|
|
9
|
+
grounding you build now, the sharper Replen's matches are forever after — and it
|
|
10
|
+
all happens in-session, on the user's own agent, so nothing leaves their machine
|
|
11
|
+
except the project profile you build.
|
|
12
|
+
|
|
13
|
+
**This skill is designed to run AUTONOMOUSLY.** After ONE upfront confirmation of
|
|
14
|
+
the repo list, do NOT stop to ask questions — every policy decision is fixed
|
|
15
|
+
below. The user should be able to kick this off and keep working (or let a
|
|
16
|
+
background agent run it) without babysitting it.
|
|
17
|
+
|
|
18
|
+
## Step 0 — Show the brief, then auth
|
|
19
|
+
|
|
20
|
+
Show the user this brief verbatim, then proceed:
|
|
21
|
+
|
|
22
|
+
> **Setting up Replen.** Your coding agent is going to set Replen up in the
|
|
23
|
+
> background. It'll go through your active repos — reading each one to understand
|
|
24
|
+
> what it does and the tech it uses, tidying up thin or missing docs (never
|
|
25
|
+
> touching good ones), and building a tailored profile so Replen surfaces
|
|
26
|
+
> genuinely useful tools instead of generic ones. It runs in the background, so
|
|
27
|
+
> just keep working — there's nothing to wait on. **No code leaves your agent**;
|
|
28
|
+
> it only sends Replen the project profile it builds, and any doc changes show up
|
|
29
|
+
> as normal git edits you can review or roll back.
|
|
30
|
+
|
|
31
|
+
Then read `~/.replen/config.json` for the DIGEST_TOKEN + base URL. If it's
|
|
32
|
+
missing, stop and tell the user to run `npx replen` first.
|
|
33
|
+
|
|
34
|
+
## Step 1 — Discover in-scope repos (the one allowed interaction)
|
|
35
|
+
|
|
36
|
+
Find the user's local repositories and filter to the ones worth onboarding.
|
|
37
|
+
|
|
38
|
+
1. **Locate local clones.** Look in the parent directory of the cwd (sibling
|
|
39
|
+
repos) and any obvious code root (`~/github`, `~/code`, `~/src`, `~/dev`).
|
|
40
|
+
A repo is any directory containing `.git`.
|
|
41
|
+
2. **Scope filter — apply ALL:**
|
|
42
|
+
- **Active in the last 6 months:** `git -C <repo> log -1 --format=%ct` →
|
|
43
|
+
keep only if the last commit is within ~183 days.
|
|
44
|
+
- **Not a fork**, **not archived** (skip mirrors/vendored clones; check
|
|
45
|
+
`gh repo view <owner/name> --json isFork,isArchived` when a remote exists).
|
|
46
|
+
- Has a git remote (so Replen can scope by `owner/name`). Note any local-only
|
|
47
|
+
repos and skip them.
|
|
48
|
+
3. **Present the list and get ONE green light.** Show the in-scope repos and ask
|
|
49
|
+
the user to confirm or trim — e.g. *"Found 8 active repos to onboard: aegis-web,
|
|
50
|
+
aegis-api, … — go, or want me to drop any?"* This is the **only** question you
|
|
51
|
+
ask. Once confirmed, run the rest autonomously.
|
|
52
|
+
|
|
53
|
+
## Step 2 — Per-repo grounding (autonomous; fan out if you can)
|
|
54
|
+
|
|
55
|
+
**Parallelise if your host supports it.** In Claude Code, spawn one background
|
|
56
|
+
subagent per repo (Task tool / background agents) so the sweep runs concurrently
|
|
57
|
+
and the user isn't blocked. If your host has no background/subagent primitive,
|
|
58
|
+
process repos sequentially — the autonomy matters more than the parallelism.
|
|
59
|
+
|
|
60
|
+
**Idempotent + resumable.** Before working a repo, you may check whether it's
|
|
61
|
+
already onboarded (it already has capabilities/facets). Re-running is always
|
|
62
|
+
safe — pushing again just overwrites — so an interrupted sweep resumes cleanly by
|
|
63
|
+
re-running and skipping repos already done.
|
|
64
|
+
|
|
65
|
+
For each in-scope repo, do this contract:
|
|
66
|
+
|
|
67
|
+
### 2a. Read the code (not just the README)
|
|
68
|
+
|
|
69
|
+
Read enough source to actually understand the project: entry points, the core
|
|
70
|
+
modules, manifests (`package.json`/`pyproject.toml`/`Cargo.toml`/`go.mod`),
|
|
71
|
+
configs, schemas, and the files that implement its real work (the model/algo/
|
|
72
|
+
pipeline files, not the glue). This is what makes the grounding accurate — a
|
|
73
|
+
doc paraphrase is not enough.
|
|
74
|
+
|
|
75
|
+
### 2b. Assess doc quality → `good` | `thin` | `none`
|
|
76
|
+
|
|
77
|
+
- **`good`** — the README/CLAUDE.md already explain what it is, the stack, and
|
|
78
|
+
the domain accurately. **Use as-is. NEVER overwrite or rewrite a good doc.**
|
|
79
|
+
- **`thin`** — a doc exists but is sparse/outdated/missing the tech picture.
|
|
80
|
+
**Augment, don't replace:** add the missing parts (what it is, stack, domain,
|
|
81
|
+
active areas, constraints), keeping the user's existing prose.
|
|
82
|
+
- **`none`** — no usable docs. **Create** a concise, accurate `README.md` (what
|
|
83
|
+
it is · stack · domain) and a Replen-useful `CLAUDE.md` (what it is · stack ·
|
|
84
|
+
niche/domain · active areas · constraints/non-goals · anti-patterns ·
|
|
85
|
+
integration preferences), grounded in the code you just read. Use the
|
|
86
|
+
project's real vocabulary. Do NOT invent capabilities the code doesn't show.
|
|
87
|
+
|
|
88
|
+
**Doc-write policy (firm):**
|
|
89
|
+
- Never silently overwrite. Make doc changes on a branch
|
|
90
|
+
(`replen/onboarding-docs`) or, if the user works trunk-based, as clearly
|
|
91
|
+
flagged uncommitted edits they can review. The user owns every change as a
|
|
92
|
+
normal git diff and can roll it back.
|
|
93
|
+
- A `good` doc is never touched.
|
|
94
|
+
|
|
95
|
+
### 2c. Write the grounded project report
|
|
96
|
+
|
|
97
|
+
Produce a comprehensive write-up of the repo — the thing you'd hand a new
|
|
98
|
+
engineer. Cover: **what it does and for whom · the stack · the algorithms/
|
|
99
|
+
techniques it uses and WHY · the data it operates on · how it's architected ·
|
|
100
|
+
what it's trying to achieve · constraints/non-goals.** Ground every claim in the
|
|
101
|
+
code (name the files/modules). Be specific about the tech, not the domain
|
|
102
|
+
marketing. This report is the single richest grounding artifact — it's what lets
|
|
103
|
+
Replen tell, e.g., "anomaly detection over telemetry time-series (no ML)" apart
|
|
104
|
+
from "image-defect anomaly detection".
|
|
105
|
+
|
|
106
|
+
### 2d. Derive grounded capabilities
|
|
107
|
+
|
|
108
|
+
From the report + code, produce 8–15 **grounded** capability objects — NOT bare
|
|
109
|
+
strings. Each is `{tag, descriptor, modality}`:
|
|
110
|
+
- **`tag`** — short, GitHub-searchable tech term (`"anomaly detection"`,
|
|
111
|
+
`"satellite imagery"`).
|
|
112
|
+
- **`descriptor`** — one sentence grounding it in the actual code: the data it
|
|
113
|
+
operates on, the specific task, key constraints. This is what prevents word-
|
|
114
|
+
collisions.
|
|
115
|
+
- **`modality`** — array from EXACTLY: `image, video, timeseries, tabular, text,
|
|
116
|
+
audio, geospatial, graph, 3d, code, network` (`[]` if none apply).
|
|
117
|
+
|
|
118
|
+
Break broad capabilities into the concrete techniques the code uses. Be
|
|
119
|
+
specific — `cloudflare bypass`/`proxy rotation`, not just `web scraping`.
|
|
120
|
+
|
|
121
|
+
### 2e. Push to Replen
|
|
122
|
+
|
|
123
|
+
1. **Register** the repo if it isn't already: `npx replen sync-projects` (scans
|
|
124
|
+
local repos and pushes them). Ensure each in-scope repo has a GitHub remote so
|
|
125
|
+
it's scoped by `owner/name`.
|
|
126
|
+
2. **Set domain tags** with `replen_set_tags` — broad domain labels.
|
|
127
|
+
3. **Set capabilities + report** with `replen_set_capabilities`, passing the
|
|
128
|
+
grounded `capabilities` array AND the `report` from 2c. The server builds the
|
|
129
|
+
facet vectors immediately and stores the report as grounding for its own
|
|
130
|
+
summarization. Use the MCP tools, not hand-rolled `curl`.
|
|
131
|
+
|
|
132
|
+
## Step 3 — Group multi-repo products
|
|
133
|
+
|
|
134
|
+
If several repos are one product (e.g. `aegis-web`/`aegis-api`/`aegis-cv`), group
|
|
135
|
+
them with `replen_set_product` so Replen unions the whole product's capabilities
|
|
136
|
+
when the user is in any one of them.
|
|
137
|
+
|
|
138
|
+
## Step 4 — Warm + close out
|
|
139
|
+
|
|
140
|
+
1. Trigger an embedding/inventory pass so everything's ready: `replen_run` (it's
|
|
141
|
+
async; the per-project facets you set are already live regardless).
|
|
142
|
+
2. Summarise what you did, calmly:
|
|
143
|
+
|
|
144
|
+
```
|
|
145
|
+
Replen onboarding done — 8 repos grounded.
|
|
146
|
+
· docs: 2 created, 1 augmented, 5 already good (untouched)
|
|
147
|
+
· capabilities + report set for all 8; aegis-* grouped as one product
|
|
148
|
+
· doc changes are on branch `replen/onboarding-docs` for your review
|
|
149
|
+
Replen will now surface genuinely relevant tools for these repos.
|
|
150
|
+
```
|
|
151
|
+
|
|
152
|
+
## Policy recap (so the run stays autonomous)
|
|
153
|
+
|
|
154
|
+
- Scope: local repos, active in last 6 months, non-fork, non-archived, with a
|
|
155
|
+
remote.
|
|
156
|
+
- One question only: confirm/trim the repo list (Step 1). Everything else is
|
|
157
|
+
fixed.
|
|
158
|
+
- Never overwrite a `good` doc; doc writes go on a branch / clearly flagged.
|
|
159
|
+
- Capabilities are GROUNDED objects (`{tag, descriptor, modality}`) + a report —
|
|
160
|
+
never bare strings.
|
|
161
|
+
- Re-running is safe and idempotent; that's how an interrupted sweep resumes.
|
|
162
|
+
- Nothing leaves the agent except the project profile (tags, grounded
|
|
163
|
+
capabilities, report) you push to Replen.
|
|
164
|
+
|
|
165
|
+
## When NOT to run this
|
|
166
|
+
|
|
167
|
+
- The user only wants today's matches for the current repo → that's `/replen`,
|
|
168
|
+
not this. This skill is the one-time (or occasional) multi-repo setup sweep.
|
|
169
|
+
- A single fresh repo just needs scoping → the `/replen` skill's onboarding
|
|
170
|
+
fallback handles one repo; use this when setting up the whole portfolio.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "replen",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.10",
|
|
4
4
|
"description": "Make your AI coding tools smarter. One command, no API keys. Replen scouts the OSS firehose against your projects and surfaces drop-in libraries, ideas to port, and dead deps to swap — the match decision happens inside your AI tool's session on your subscription tokens. 1-3 actionable matches a month, by design.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|