skillwiki 0.9.1 → 0.9.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +1125 -683
- package/package.json +1 -1
- package/skills/.claude-plugin/plugin.json +1 -1
- package/skills/.codex-plugin/plugin.json +1 -1
- package/skills/agents/proj-decide.md +1 -0
- package/skills/agents/proj-distill.md +1 -0
- package/skills/agents/proj-init.md +1 -0
- package/skills/agents/proj-work.md +1 -0
- package/skills/agents/wiki-adapter-prd.md +8 -5
- package/skills/agents/wiki-add-task.md +8 -5
- package/skills/agents/wiki-archive.md +1 -0
- package/skills/agents/wiki-audit.md +1 -0
- package/skills/agents/wiki-canvas.md +1 -0
- package/skills/agents/wiki-crystallize.md +5 -2
- package/skills/agents/wiki-ingest.md +8 -5
- package/skills/agents/wiki-lint.md +5 -3
- package/skills/agents/wiki-query.md +4 -1
- package/skills/agents/wiki-reingest.md +6 -3
- package/skills/agents/wiki-sync.md +1 -0
- package/skills/package.json +1 -1
- package/skills/skills/using-skillwiki/SKILL.md +26 -1
- package/skills/skills/wiki-adapter-prd/SKILL.md +8 -5
- package/skills/skills/wiki-add-task/SKILL.md +9 -6
- package/skills/skills/wiki-crystallize/SKILL.md +5 -2
- package/skills/skills/wiki-ingest/SKILL.md +8 -6
- package/skills/skills/wiki-lint/SKILL.md +5 -3
- package/skills/skills/wiki-query/SKILL.md +4 -1
- package/skills/using-skillwiki/SKILL.md +26 -1
- package/skills/wiki-adapter-prd/SKILL.md +8 -5
- package/skills/wiki-add-task/SKILL.md +9 -6
- package/skills/wiki-crystallize/SKILL.md +5 -2
- package/skills/wiki-ingest/SKILL.md +8 -6
- package/skills/wiki-lint/SKILL.md +5 -3
- package/skills/wiki-query/SKILL.md +4 -1
|
@@ -62,9 +62,10 @@ Map source sections to typed-knowledge pages:
|
|
|
62
62
|
0. Resolve vault and language: `skillwiki path` and `skillwiki lang`.
|
|
63
63
|
1. Classify the input format using the structural cues above.
|
|
64
64
|
2. If URL source: run `skillwiki fetch-guard <url>`, then fetch.
|
|
65
|
-
3.
|
|
66
|
-
4.
|
|
67
|
-
5.
|
|
65
|
+
3. **Sensitive content guard.** Before writing the raw capture or generated pages, scan the source and generated body for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact generated prose before writing. If the source itself contains a live secret and would need to remain raw, STOP instead of preserving it.
|
|
66
|
+
4. Write raw capture: frontmatter + full body → `raw/articles/<slug>.md`.
|
|
67
|
+
5. Run `skillwiki hash <raw-file>`, embed sha256.
|
|
68
|
+
6. Generate typed-knowledge pages following the mapping strategy.
|
|
68
69
|
For generated comparison or evaluation pages, end the body with:
|
|
69
70
|
```markdown
|
|
70
71
|
## Decision Closeout
|
|
@@ -74,8 +75,8 @@ Map source sections to typed-knowledge pages:
|
|
|
74
75
|
Follow-up: ...
|
|
75
76
|
```
|
|
76
77
|
Use exactly one disposition. Preserve action items as skipped project-management content unless the closeout explicitly says `work-item`.
|
|
77
|
-
|
|
78
|
-
|
|
78
|
+
7. For each page: run `skillwiki validate <page>`. If any fails, STOP.
|
|
79
|
+
8. Write pages, then update `index.md` and `log.md`.
|
|
79
80
|
|
|
80
81
|
## Provenance defaults
|
|
81
82
|
|
|
@@ -87,6 +88,7 @@ Map source sections to typed-knowledge pages:
|
|
|
87
88
|
- `fetch-guard` non-zero.
|
|
88
89
|
- `validate` non-zero on any page.
|
|
89
90
|
- sha256 already exists for the same source (skip — already ingested).
|
|
91
|
+
- Source or generated content contains unredacted live credentials or other authenticating secrets.
|
|
90
92
|
|
|
91
93
|
## Forbidden
|
|
92
94
|
|
|
@@ -94,3 +96,4 @@ Map source sections to typed-knowledge pages:
|
|
|
94
96
|
- Writing index/log before all pages validate.
|
|
95
97
|
- Modifying existing raw files (N9).
|
|
96
98
|
- Auto-generating pages for action items, timelines, or process steps — those are project management, not knowledge.
|
|
99
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault.
|
|
@@ -32,8 +32,9 @@ Run `skillwiki lang` at the start. Entry prose and `--human` summaries use the r
|
|
|
32
32
|
- `text` — the idea/bug/task/note content (required)
|
|
33
33
|
- `type` — one of: `idea`, `bug`, `task`, `note` (default: `idea`)
|
|
34
34
|
- `project` — optional project slug to cross-reference (e.g., `llm-wiki`)
|
|
35
|
-
2. **
|
|
36
|
-
3. **
|
|
35
|
+
2. **Sensitive content guard.** Before writing a capture, scan the text for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact before writing. If the source text itself contains a live secret that must be preserved verbatim, STOP instead of filing it.
|
|
36
|
+
3. **Build filename.** Derive a slug from the first ~6 words of the text (lowercased, hyphens for spaces, non-alphanumeric stripped). The capture file is `raw/transcripts/YYYY-MM-DD-{type}-{slug}.md`. Each capture gets its own file — never append to an existing file.
|
|
37
|
+
4. **Write frontmatter.** Create the file with ad-hoc capture frontmatter:
|
|
37
38
|
```yaml
|
|
38
39
|
---
|
|
39
40
|
source_url:
|
|
@@ -47,19 +48,19 @@ project: "[[{slug}]]"
|
|
|
47
48
|
- If no project, omit the `project` field entirely.
|
|
48
49
|
- `source_url` is null (these are locally originated captures).
|
|
49
50
|
- No `sha256` — ad-hoc captures are mutable working notes, not immutable sources.
|
|
50
|
-
|
|
51
|
+
5. **Write body.** Below the frontmatter, write:
|
|
51
52
|
```markdown
|
|
52
53
|
# {type}: {text}
|
|
53
54
|
{text}
|
|
54
55
|
```
|
|
55
56
|
Use the resolved output language for any prose. The type label and frontmatter stay English.
|
|
56
|
-
|
|
57
|
+
6. **Cross-reference (optional).** If a `project` slug was provided:
|
|
57
58
|
- Check that `projects/{slug}/` exists in the vault.
|
|
58
59
|
- Append a one-line reference to the project's compound notes:
|
|
59
60
|
`- [YYYY-MM-DD] capture: [text (first 60 chars)] → raw/transcripts/YYYY-MM-DD-{type}-{slug}.md`
|
|
60
61
|
- Do NOT create a full work item (that's `proj-work`'s job).
|
|
61
|
-
|
|
62
|
-
|
|
62
|
+
7. **Update log.md.** Append: `## [YYYY-MM-DD] capture | [type]: [text (first 60 chars)]`
|
|
63
|
+
8. **Confirm to user.** Report what was captured and where. Suggest next steps:
|
|
63
64
|
- If `type: idea` → "Consider ingesting related sources to develop this idea."
|
|
64
65
|
- If `type: bug` → "Use proj-work to create a bug-fix work item."
|
|
65
66
|
- If `type: task` → "Use proj-work to track this task through the dev loop."
|
|
@@ -83,11 +84,13 @@ Ad-hoc captures omit `sha256` — they are mutable working notes, not immutable
|
|
|
83
84
|
- `skillwiki path` returns NO_VAULT_CONFIGURED.
|
|
84
85
|
- No `text` provided (prompt user once, then stop).
|
|
85
86
|
- Target file already exists (use a different slug or add a suffix).
|
|
87
|
+
- Capture text contains unredacted live credentials or other authenticating secrets.
|
|
86
88
|
## Forbidden
|
|
87
89
|
- Creating an `inbox/` directory. All captures go to `raw/transcripts/`.
|
|
88
90
|
- Appending to existing capture files — each capture gets its own file.
|
|
89
91
|
- Creating a work item — this is capture-only. Use `proj-work` for full work items.
|
|
90
92
|
- Writing to any Layer 2 or Layer 3 location. Captures are Layer 1 (raw).
|
|
93
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault.
|
|
91
94
|
## Filesystem drop (offline capture)
|
|
92
95
|
When you're not in a Claude session, drop files directly into `raw/transcripts/`:
|
|
93
96
|
1. Create a `.md` file in `raw/transcripts/` — name it descriptively (e.g., `2026-05-08-idea-fix-template.md`)
|
|
@@ -26,12 +26,15 @@ Reason: ...
|
|
|
26
26
|
Follow-up: ...
|
|
27
27
|
```
|
|
28
28
|
Use exactly one disposition. Keep this as a prompt/template convention; do not add validation or lint enforcement.
|
|
29
|
-
4.
|
|
30
|
-
5.
|
|
29
|
+
4. **Sensitive content guard.** Before writing, scan the source and generated body for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact generated prose before writing. If the source itself contains a live secret and would need to remain raw, STOP instead of preserving it.
|
|
30
|
+
5. `skillwiki validate <page>`. If non-zero, STOP.
|
|
31
|
+
6. Apply writes: page → `index.md` → `log.md`.
|
|
31
32
|
## Stop conditions
|
|
32
33
|
- `validate` non-zero.
|
|
33
34
|
- Missing `provenance:` for project-context runs.
|
|
35
|
+
- Source or generated content contains unredacted live credentials or other authenticating secrets.
|
|
34
36
|
## Forbidden
|
|
35
37
|
- Filing without explicit `provenance:`.
|
|
36
38
|
- Updating `index.md` before `validate` passes.
|
|
37
39
|
- Writing `[[wikilinks]]` to pages that don't exist in the vault. Before linking, verify the target exists: check `index.md` or `ls` the target directory. If the target doesn't exist yet, use plain text instead of a wikilink.
|
|
40
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault.
|
|
@@ -19,8 +19,9 @@ Run `skillwiki lang` at the start. Generate page-body prose, narrative sections,
|
|
|
19
19
|
1. **Guard.** For each URL: run `skillwiki fetch-guard <url>`. If exit ≠ 0, STOP and surface the error. Do not retry.
|
|
20
20
|
2. **Fetch.** Use `web_fetch` (or read local file) under Layer 2 controls (the CLI Layer 2 fetcher applies in tests; in skill runtime use `web_fetch` directly and treat any error as STOP).
|
|
21
21
|
3. **Identity guard.** Before writing raw files, ensure the target raw filename/title, `source_url`, fetched H1/title, and early body subject agree. If `skillwiki ingest` reports `INGEST_VALIDATION_FAILED` with `source identity conflict`, STOP. Do not fix by renaming after the fact; choose the correct title/source pair or ask the user.
|
|
22
|
-
4. **
|
|
23
|
-
5. **
|
|
22
|
+
4. **Sensitive content guard.** Before writing or filing any vault page, scan the source and generated body for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact generated prose before writing. If the source itself must remain raw and contains a live secret, STOP instead of preserving it.
|
|
23
|
+
5. **Hash.** Write the raw file (frontmatter + body). Run `skillwiki hash <raw-file>` and embed the result in raw frontmatter `sha256:`.
|
|
24
|
+
6. **Generate page(s).** Compose typed-knowledge page(s) with citations pre-attached (`^[raw/...]` markers). Every page MUST include:
|
|
24
25
|
- `> **TL;DR:**` blockquote as the first content after the title heading — a one-sentence summary of the page's key takeaway (under 200 chars). See SCHEMA.md `## TL;DR Convention`.
|
|
25
26
|
- For pages tagged `architecture` or explaining workflows/systems: include a Mermaid diagram (`graph TB` or `sequenceDiagram`) in the body. Follow Obsidian-compatible Mermaid rules (see SCHEMA.md `## Mermaid Diagrams`).
|
|
26
27
|
For generated `comparisons/` pages or evaluation-style `queries/` pages, end the body with:
|
|
@@ -32,9 +33,9 @@ Reason: ...
|
|
|
32
33
|
Follow-up: ...
|
|
33
34
|
```
|
|
34
35
|
Use exactly one disposition. Keep this as a prompt convention, not a validator rule.
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
36
|
+
7. **Validate.** For each generated page: run `skillwiki validate <page>`. If exit ≠ 0, STOP — do not write index/log.
|
|
37
|
+
8. **Apply writes in order.** raw → page(s) → `index.md` → `log.md`.
|
|
38
|
+
9. **Confidence flag.** If only one source is cited, set `confidence: low`.
|
|
38
39
|
## Provenance defaults
|
|
39
40
|
- Default `provenance: research`.
|
|
40
41
|
- If cwd is inside `projects/{slug}/`, set `provenance: project` and add `provenance_projects: ["[[slug]]"]`.
|
|
@@ -47,6 +48,7 @@ Raw ephemeral data (market feeds, logs, transient JSON) must be written to the *
|
|
|
47
48
|
- `fetch-guard` non-zero.
|
|
48
49
|
- Fetch timeout / size limit exceeded.
|
|
49
50
|
- `INGEST_VALIDATION_FAILED` with `source identity conflict`.
|
|
51
|
+
- Source or generated content contains unredacted live credentials or other authenticating secrets.
|
|
50
52
|
- `validate` non-zero on any page.
|
|
51
53
|
- sha256 already exists in vault for the same source.
|
|
52
54
|
## Forbidden
|
|
@@ -57,7 +59,7 @@ Raw ephemeral data (market feeds, logs, transient JSON) must be written to the *
|
|
|
57
59
|
- Writing `[[wikilinks]]` to pages that don't exist in the vault. Before linking, verify the target exists: check `index.md` or `ls` the target directory. If the target doesn't exist yet, use plain text instead of a wikilink.
|
|
58
60
|
## Batch Mode
|
|
59
61
|
When the user provides multiple sources (a directory of files, a list of URLs, or a multi-document input):
|
|
60
|
-
1. **Loop per source.** Execute steps 1–
|
|
62
|
+
1. **Loop per source.** Execute steps 1–7 for each source individually (guard → fetch → identity guard → sensitive content guard → hash → generate → validate).
|
|
61
63
|
2. **Accumulate, don't write yet.** Collect all raw files and pages in memory. Do not write `index.md` or `log.md` until every source has validated.
|
|
62
64
|
3. **Fail fast.** If any page fails validation, STOP. Report all failures. Do not write index/log for any source.
|
|
63
65
|
4. **Deduplication.** Before writing each raw file, check `sha256` against existing vault raw sources. Skip sources whose content is already present.
|
|
@@ -15,12 +15,14 @@ Standard four reads.
|
|
|
15
15
|
2. For lint-only maintenance, run `skillwiki lint <vault> --summary`. This returns bounded bucket counts, capped examples, and `details_command` hints without full item arrays.
|
|
16
16
|
3. Drill into important buckets with `skillwiki lint <vault> --only <bucket>` when examples are insufficient for remediation.
|
|
17
17
|
4. Reason over findings; present grouped by severity with concrete suggested actions per kind. If the CLI was recently updated with new lint checks, re-running lint on the full vault may flag pre-existing pages that predate the new rule — treat these as legitimate findings, not false positives.
|
|
18
|
-
5.
|
|
19
|
-
6.
|
|
20
|
-
7.
|
|
18
|
+
5. Treat `sensitive_content` as a security error. Drill down with `skillwiki lint <vault> --only sensitive_content --human`. Redaction is allowed as a security exception to raw immutability only through `skillwiki lint <vault> --fix --only sensitive_content`; never print the secret value in the report.
|
|
19
|
+
6. If `log_rotate_needed` is present and the user consents, run `skillwiki log-rotate <vault> --apply`. Otherwise leave alone.
|
|
20
|
+
7. **Post-migration verification**: If the user recently migrated content (e.g., moved entity/concept pages to another vault), re-run `skillwiki lint <vault> --summary` and verify that broken_wikilinks count decreased. Remaining broken links for migrated content indicate pages still referencing the moved files — these should be cleaned up (remove citations or migrate the referencing pages too).
|
|
21
|
+
8. Append a `log.md` entry summarizing lint counts only when the user asked to record the maintenance result. Do not log routine `health` reports by default.
|
|
21
22
|
## Stop conditions
|
|
22
23
|
None — lint reports all findings even on per-page errors.
|
|
23
24
|
## Forbidden
|
|
24
25
|
- Auto-rotating logs.
|
|
25
26
|
- Auto-updating sha256 fields.
|
|
26
27
|
- Modifying any page beyond a user-approved lint summary entry in `log.md`.
|
|
28
|
+
- Printing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets in findings or summaries.
|
|
@@ -22,7 +22,8 @@ Standard four reads (SCHEMA, index, log, project context if applicable).
|
|
|
22
22
|
- Type affinity: 1.0×
|
|
23
23
|
5. **Read top candidates** in full (frontmatter + body).
|
|
24
24
|
6. **Synthesize answer** with explicit citations to the candidate pages.
|
|
25
|
-
7. **
|
|
25
|
+
7. **Sensitive content guard.** Before filing any query or comparison page, scan the generated body for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact before writing. If the answer depends on preserving a live secret, STOP and ask for a redacted source or explicit rotation/remediation direction.
|
|
26
|
+
8. **Optional file.** If user accepts: write to `queries/<slug>.md` or `comparisons/<slug>.md` with full frontmatter, validate, then update `index.md` then `log.md`. If the filed page is a research/evaluation answer, recommendation, or comparison, end it with:
|
|
26
27
|
```markdown
|
|
27
28
|
## Decision Closeout
|
|
28
29
|
|
|
@@ -34,6 +35,7 @@ Use exactly one disposition. This is a prompt convention only; do not add CLI en
|
|
|
34
35
|
## Stop conditions
|
|
35
36
|
- Zero matching pages.
|
|
36
37
|
- User declines to file.
|
|
38
|
+
- Generated filed content contains unredacted live credentials or other authenticating secrets.
|
|
37
39
|
## Pitfalls
|
|
38
40
|
### Claimed-status vs actual-state gap
|
|
39
41
|
When a wiki page (especially a work item `tasks.md`) claims that fixes were applied, features were completed, or files were removed — **verify on disk before accepting the claim**. In one incident, a `tasks.md` marked 6 items DONE but 5 were not actually applied: a script claimed "removed" was still 2020 bytes on disk, a crontab claimed "updated to 30min" was still `*/10`, and a build target claimed "verified has consumers" had no web server serving it.
|
|
@@ -41,3 +43,4 @@ When a wiki page (especially a work item `tasks.md`) claims that fixes were appl
|
|
|
41
43
|
## Forbidden
|
|
42
44
|
- Filing without `validate` passing.
|
|
43
45
|
- Skipping the orientation reads even for "quick" queries.
|
|
46
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault.
|