skillwiki 0.9.2 → 0.9.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +938 -531
- package/package.json +1 -1
- package/skills/.claude-plugin/plugin.json +1 -1
- package/skills/.codex-plugin/plugin.json +1 -1
- package/skills/agents/proj-decide.md +1 -0
- package/skills/agents/proj-distill.md +1 -0
- package/skills/agents/proj-init.md +1 -0
- package/skills/agents/proj-work.md +1 -0
- package/skills/agents/wiki-adapter-prd.md +8 -5
- package/skills/agents/wiki-add-task.md +8 -5
- package/skills/agents/wiki-archive.md +1 -0
- package/skills/agents/wiki-audit.md +1 -0
- package/skills/agents/wiki-canvas.md +1 -0
- package/skills/agents/wiki-crystallize.md +5 -2
- package/skills/agents/wiki-ingest.md +8 -5
- package/skills/agents/wiki-lint.md +5 -3
- package/skills/agents/wiki-query.md +4 -1
- package/skills/agents/wiki-reingest.md +6 -3
- package/skills/agents/wiki-sync.md +1 -0
- package/skills/package.json +1 -1
- package/skills/skills/using-skillwiki/SKILL.md +26 -1
- package/skills/skills/wiki-adapter-prd/SKILL.md +8 -5
- package/skills/skills/wiki-add-task/SKILL.md +9 -6
- package/skills/skills/wiki-crystallize/SKILL.md +5 -2
- package/skills/skills/wiki-ingest/SKILL.md +8 -6
- package/skills/skills/wiki-lint/SKILL.md +5 -3
- package/skills/skills/wiki-query/SKILL.md +4 -1
- package/skills/using-skillwiki/SKILL.md +26 -1
- package/skills/wiki-adapter-prd/SKILL.md +8 -5
- package/skills/wiki-add-task/SKILL.md +9 -6
- package/skills/wiki-crystallize/SKILL.md +5 -2
- package/skills/wiki-ingest/SKILL.md +8 -6
- package/skills/wiki-lint/SKILL.md +5 -3
- package/skills/wiki-query/SKILL.md +4 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "skillwiki",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.4",
|
|
4
4
|
"skills": "./",
|
|
5
5
|
"description": "Project-aware Karpathy-style knowledge base for Claude Code: 18 prompt-only skills (wiki-*, proj-*, using-skillwiki) backed by the deterministic `skillwiki` CLI.",
|
|
6
6
|
"author": {
|
|
@@ -52,3 +52,4 @@ Return:
|
|
|
52
52
|
- Filing a concept page without explicit `provenance:`
|
|
53
53
|
- Skipping the generalization check
|
|
54
54
|
- Updating index/logs before `validate` passes
|
|
55
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault
|
|
@@ -58,3 +58,4 @@ Return:
|
|
|
58
58
|
- Skipping Step 1 (analysis before generation)
|
|
59
59
|
- Inventing new tags not in SCHEMA.md taxonomy
|
|
60
60
|
- Updating index/logs before `validate` passes
|
|
61
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault
|
|
@@ -62,3 +62,4 @@ Return:
|
|
|
62
62
|
- Marking `status: completed` without a `completed:` date
|
|
63
63
|
- Accepting tasks.md DONE labels without independent disk verification
|
|
64
64
|
- Re-marking tasks as DONE without actually applying the fix
|
|
65
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault
|
|
@@ -44,9 +44,10 @@ You are a PRD format adapter specializing in mapping foreign design document for
|
|
|
44
44
|
1. **Resolve vault and language.** Run `skillwiki path` and `skillwiki lang`.
|
|
45
45
|
2. **Classify format.** Match against structural cues above. If unrecognized, treat as generic.
|
|
46
46
|
3. **URL guard.** If source is a URL: `skillwiki fetch-guard <url>`. If non-zero, STOP.
|
|
47
|
-
4. **
|
|
48
|
-
5. **
|
|
49
|
-
6. **
|
|
47
|
+
4. **Sensitive content guard.** Before writing the raw capture or generated pages, scan the source and generated body for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact generated prose before writing. If the source itself contains a live secret and would need to remain raw, STOP instead of preserving it.
|
|
48
|
+
5. **Write raw.** Full source → `raw/articles/<slug>.md` with proper frontmatter.
|
|
49
|
+
6. **Hash.** Run `skillwiki hash <raw-file>`, embed sha256.
|
|
50
|
+
7. **Generate pages.** Map sections per strategy. Each page gets:
|
|
50
51
|
- `provenance: research`, `sources: ["^[raw/articles/<slug>.md]"]`
|
|
51
52
|
- `## TL;DR` as first section
|
|
52
53
|
- Preserve requirement IDs as tags or inline references
|
|
@@ -60,8 +61,8 @@ You are a PRD format adapter specializing in mapping foreign design document for
|
|
|
60
61
|
Follow-up: ...
|
|
61
62
|
```
|
|
62
63
|
Use exactly one disposition. Keep skipped action items out of typed knowledge unless the closeout disposition is `work-item`.
|
|
63
|
-
|
|
64
|
-
|
|
64
|
+
8. **Validate.** `skillwiki validate <page>` for each page. If any non-zero, STOP.
|
|
65
|
+
9. **Apply writes:** raw → pages → `index.md` → `log.md`.
|
|
65
66
|
|
|
66
67
|
**Output Format:**
|
|
67
68
|
Return:
|
|
@@ -75,9 +76,11 @@ Return:
|
|
|
75
76
|
- `fetch-guard` non-zero
|
|
76
77
|
- `validate` non-zero on any page
|
|
77
78
|
- sha256 already exists (already ingested)
|
|
79
|
+
- Source or generated content contains unredacted live credentials or other authenticating secrets
|
|
78
80
|
|
|
79
81
|
**Forbidden:**
|
|
80
82
|
- Skipping `fetch-guard` for URL sources
|
|
81
83
|
- Writing index/log before all pages validate
|
|
82
84
|
- Modifying existing raw files (N9)
|
|
83
85
|
- Auto-generating pages for action items or timelines
|
|
86
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault
|
|
@@ -28,8 +28,9 @@ You are a quick-capture agent specializing in writing ad-hoc captures to `raw/tr
|
|
|
28
28
|
- `text` — the idea/bug/task/note content (required)
|
|
29
29
|
- `type` — `idea`, `bug`, `task`, or `note` (default: `idea`)
|
|
30
30
|
- `project` — optional project slug
|
|
31
|
-
3. **
|
|
32
|
-
4. **
|
|
31
|
+
3. **Sensitive content guard.** Before writing a capture, scan the text for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact before writing. If the source text itself contains a live secret that must be preserved verbatim, STOP instead of filing it.
|
|
32
|
+
4. **Build filename.** Derive slug from first ~6 words of text (lowercased, hyphens, non-alphanumeric stripped). File: `raw/transcripts/YYYY-MM-DD-{type}-{slug}.md`. If exists, add suffix.
|
|
33
|
+
5. **Write frontmatter:**
|
|
33
34
|
```yaml
|
|
34
35
|
---
|
|
35
36
|
source_url:
|
|
@@ -39,9 +40,9 @@ You are a quick-capture agent specializing in writing ad-hoc captures to `raw/tr
|
|
|
39
40
|
---
|
|
40
41
|
```
|
|
41
42
|
No `sha256` — ad-hoc captures are mutable working notes.
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
43
|
+
6. **Write body:** `# {type}: {text}` then the text content.
|
|
44
|
+
7. **Cross-reference (optional).** If project slug provided, verify `projects/{slug}/` exists. Append one-line reference to project compound notes.
|
|
45
|
+
8. **Log.** Append to `{vault}/log.md`: `## [YYYY-MM-DD] capture | [type]: [text (first 60 chars)]`.
|
|
45
46
|
|
|
46
47
|
**Output Format:**
|
|
47
48
|
Return:
|
|
@@ -54,9 +55,11 @@ Return:
|
|
|
54
55
|
- No text provided
|
|
55
56
|
- Target file already exists and slug can't be disambiguated
|
|
56
57
|
- `skillwiki path` returns NO_VAULT_CONFIGURED
|
|
58
|
+
- Capture text contains unredacted live credentials or other authenticating secrets
|
|
57
59
|
|
|
58
60
|
**Forbidden:**
|
|
59
61
|
- Creating an `inbox/` directory
|
|
60
62
|
- Appending to existing capture files
|
|
61
63
|
- Creating a full work item (that's proj-work's job)
|
|
62
64
|
- Writing to Layer 2 or Layer 3 locations (captures are Layer 1)
|
|
65
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault
|
|
@@ -46,3 +46,4 @@ Return:
|
|
|
46
46
|
- Archiving `raw/` files outside N9 Reingest Protocol
|
|
47
47
|
- Archiving without updating citation markers for raw files
|
|
48
48
|
- Deleting files (archive moves, never deletes)
|
|
49
|
+
- Preserving live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets by archive-only handling
|
|
@@ -44,3 +44,4 @@ Return a structured summary:
|
|
|
44
44
|
**Forbidden:**
|
|
45
45
|
- Auto-applying suggested fixes (audit is observation-only — do not edit pages)
|
|
46
46
|
- Modifying `sources:` frontmatter or body citations
|
|
47
|
+
- Printing or writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets in audit summaries
|
|
@@ -42,3 +42,4 @@ Return:
|
|
|
42
42
|
**Forbidden:**
|
|
43
43
|
- Modifying `vault-graph.canvas` by hand
|
|
44
44
|
- Generating canvas without current graph.json after vault changes
|
|
45
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to graph, canvas, or log output
|
|
@@ -41,8 +41,9 @@ You are a knowledge crystallizer specializing in distilling raw session material
|
|
|
41
41
|
Follow-up: ...
|
|
42
42
|
```
|
|
43
43
|
Use exactly one disposition. Keep this as a prompt/template convention, not validation or lint enforcement.
|
|
44
|
-
6. **
|
|
45
|
-
7. **
|
|
44
|
+
6. **Sensitive content guard.** Before writing, scan the source and generated body for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact generated prose before writing. If the source itself contains a live secret and would need to remain raw, STOP instead of preserving it.
|
|
45
|
+
7. **Validate.** Run `skillwiki validate <page>`. If non-zero, fix issues and re-validate. Do NOT proceed until validation passes.
|
|
46
|
+
8. **Apply writes in order:** Page file → add entry to `{vault}/index.md` → append entry to `{vault}/log.md`.
|
|
46
47
|
|
|
47
48
|
**Output Format:**
|
|
48
49
|
Return:
|
|
@@ -56,9 +57,11 @@ Return:
|
|
|
56
57
|
- `skillwiki validate` returns non-zero (after retry)
|
|
57
58
|
- Missing `provenance:` for project-context runs
|
|
58
59
|
- Source material is insufficient to compose a meaningful page
|
|
60
|
+
- Source or generated content contains unredacted live credentials or other authenticating secrets
|
|
59
61
|
|
|
60
62
|
**Forbidden:**
|
|
61
63
|
- Filing without explicit `provenance:`
|
|
62
64
|
- Updating `index.md` before `validate` passes
|
|
63
65
|
- Writing `[[wikilinks]]` to pages that don't exist — verify via `index.md` or directory listing first
|
|
64
66
|
- Inventing new tags not in SCHEMA.md taxonomy
|
|
67
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault
|
|
@@ -26,9 +26,10 @@ You are a vault ingestion specialist converting source material (URLs, files, te
|
|
|
26
26
|
|
|
27
27
|
1. **Resolve vault and language.** Run `skillwiki path` and `skillwiki lang`.
|
|
28
28
|
2. **Guard (URL sources).** For each URL: `skillwiki fetch-guard <url>`. If non-zero, STOP.
|
|
29
|
-
3. **Fetch.** Fetch content.
|
|
30
|
-
4. **
|
|
31
|
-
5. **
|
|
29
|
+
3. **Fetch.** Fetch content.
|
|
30
|
+
4. **Sensitive content guard.** Before writing or filing any vault page, scan the source and generated body for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact generated prose before writing. If the source itself must remain raw and contains a live secret, STOP instead of preserving it.
|
|
31
|
+
5. **Write raw and hash.** Write raw file at `raw/articles/<slug>.md` with proper frontmatter (`source_url`, `ingested`, `sha256` placeholder). Run `skillwiki hash <raw-file>` and embed the result in `sha256:`.
|
|
32
|
+
6. **Generate page(s).** Compose typed-knowledge pages with:
|
|
32
33
|
- Proper frontmatter (`title`, `type`, `tags` from SCHEMA.md taxonomy, `provenance`, `sources`)
|
|
33
34
|
- `## TL;DR` as first section — 1–3 bullet summary
|
|
34
35
|
- `^[raw/...]` citations for every factual claim
|
|
@@ -43,8 +44,8 @@ You are a vault ingestion specialist converting source material (URLs, files, te
|
|
|
43
44
|
Follow-up: ...
|
|
44
45
|
```
|
|
45
46
|
Use exactly one disposition. This is a prompt convention, not a validator rule.
|
|
46
|
-
|
|
47
|
-
|
|
47
|
+
7. **Validate.** For each page: `skillwiki validate <page>`. If any non-zero, fix issues and re-validate. Do NOT proceed until all pages pass.
|
|
48
|
+
8. **Apply writes in order:** raw file(s) → page(s) → update `index.md` → append `log.md`.
|
|
48
49
|
|
|
49
50
|
### Batch mode
|
|
50
51
|
When multiple sources are provided:
|
|
@@ -68,6 +69,7 @@ Return:
|
|
|
68
69
|
- Fetch timeout or size limit exceeded
|
|
69
70
|
- `validate` non-zero on any page (after retry)
|
|
70
71
|
- sha256 already exists in vault (skip, don't duplicate)
|
|
72
|
+
- Source or generated content contains unredacted live credentials or other authenticating secrets
|
|
71
73
|
|
|
72
74
|
**Forbidden:**
|
|
73
75
|
- Skipping `fetch-guard` for URL sources
|
|
@@ -75,3 +77,4 @@ Return:
|
|
|
75
77
|
- Modifying existing raw files (N9)
|
|
76
78
|
- Writing `[[wikilinks]]` to nonexistent pages — verify first
|
|
77
79
|
- Writing raw ephemeral data to cloud-mounted wiki paths
|
|
80
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault
|
|
@@ -27,9 +27,10 @@ You are a vault health inspector specializing in running `skillwiki health` and
|
|
|
27
27
|
2. **Run health or lint summary.** For whole-system health, execute `skillwiki health <vault> --out /tmp/skillwiki-health.json --no-fail`. For lint-only maintenance, execute `skillwiki lint <vault> --summary`. Read the JSON envelope. Treat `skillwiki doctor` as setup/runtime diagnostics only.
|
|
28
28
|
3. **Drill into details only when needed.** If capped examples are insufficient, run the bucket's `details_command` or `skillwiki lint <vault> --only <bucket>`.
|
|
29
29
|
4. **Reason over findings.** Group by severity. For each kind of finding, suggest concrete next actions. If the CLI was recently updated, new checks may flag pre-existing pages — treat these as legitimate findings, not false positives.
|
|
30
|
-
5. **
|
|
31
|
-
6. **
|
|
32
|
-
7. **
|
|
30
|
+
5. **Sensitive content.** Treat `sensitive_content` as a security error. Drill down with `skillwiki lint <vault> --only sensitive_content --human`. Redaction is allowed as a security exception to raw immutability only through `skillwiki lint <vault> --fix --only sensitive_content`; never print the secret value in the report.
|
|
31
|
+
6. **Log rotation.** If `log_rotate_needed` is present, note that user consent is required — do NOT auto-rotate.
|
|
32
|
+
7. **Post-migration check.** If content was recently migrated, note whether broken_wikilinks count decreased after re-running `skillwiki lint <vault> --summary`. Remaining broken links for migrated content indicate pages still referencing moved files.
|
|
33
|
+
8. **Optional summary.** Append one entry to `{vault}/log.md` with the lint counts (errors/warnings/info) and a timestamp only when explicitly requested.
|
|
33
34
|
|
|
34
35
|
**Output Format:**
|
|
35
36
|
Return a structured summary:
|
|
@@ -49,3 +50,4 @@ Return a structured summary:
|
|
|
49
50
|
- Auto-rotating logs without user consent
|
|
50
51
|
- Auto-updating sha256 fields
|
|
51
52
|
- Modifying any page beyond an explicitly requested lint summary entry in `log.md`
|
|
53
|
+
- Printing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets in findings or summaries
|
|
@@ -34,7 +34,8 @@ You are a vault search and synthesis specialist using E2 4-signal ranking to fin
|
|
|
34
34
|
- Type affinity: 1.0×
|
|
35
35
|
6. **Read top candidates.** Read frontmatter + body of highest-scored pages.
|
|
36
36
|
7. **Synthesize answer.** Compose with explicit citations to candidate pages using `^[page-path]` markers.
|
|
37
|
-
8. **
|
|
37
|
+
8. **Sensitive content guard.** Before filing a query or comparison page, scan the generated body for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact before writing. If the answer depends on preserving a live secret, STOP and ask for a redacted source or explicit rotation/remediation direction.
|
|
38
|
+
9. **Optional file.** If the task asks to persist: write to `queries/<slug>.md` or `comparisons/<slug>.md` with full frontmatter, validate, then update `index.md` → `log.md`. If the filed page is a research/evaluation answer, recommendation, or comparison, end it with:
|
|
38
39
|
```markdown
|
|
39
40
|
## Decision Closeout
|
|
40
41
|
|
|
@@ -58,8 +59,10 @@ Return:
|
|
|
58
59
|
**Stop Conditions:**
|
|
59
60
|
- Zero matching pages found
|
|
60
61
|
- `skillwiki path` returns NO_VAULT_CONFIGURED
|
|
62
|
+
- Generated filed content contains unredacted live credentials or other authenticating secrets
|
|
61
63
|
|
|
62
64
|
**Forbidden:**
|
|
63
65
|
- Filing without `validate` passing
|
|
64
66
|
- Skipping graph refresh when graph.json is missing
|
|
65
67
|
- Accepting wiki claims without filesystem verification
|
|
68
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault
|
|
@@ -30,9 +30,10 @@ You are a drift detection specialist running `skillwiki drift` and processing re
|
|
|
30
30
|
- **unchanged:** No action needed.
|
|
31
31
|
4. **Process each drifted source:**
|
|
32
32
|
a. Archive old raw: `skillwiki archive <raw-path>`
|
|
33
|
-
b. Re-fetch content and
|
|
34
|
-
c.
|
|
35
|
-
d.
|
|
33
|
+
b. Re-fetch content. If it contains live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets, STOP and ask for a redacted source or explicit rotation/remediation direction.
|
|
34
|
+
c. Write as new raw file with updated sha256
|
|
35
|
+
d. Update all concept/entity pages citing the old source: change `^[raw/...]` markers and `sources:` to reference the new path
|
|
36
|
+
e. Verify with `skillwiki audit` that no broken markers remain
|
|
36
37
|
5. **Log.** Append to `{vault}/log.md`: scanned count, drifted count, re-ingested count, skipped count.
|
|
37
38
|
|
|
38
39
|
**N9 Compliance:**
|
|
@@ -53,8 +54,10 @@ Return:
|
|
|
53
54
|
- `skillwiki drift` returns non-zero (other than DRIFT_DETECTED)
|
|
54
55
|
- No raw sources have `source_url` (nothing to check)
|
|
55
56
|
- All sources unchanged
|
|
57
|
+
- Replacement source content contains unredacted live credentials or other authenticating secrets
|
|
56
58
|
|
|
57
59
|
**Forbidden:**
|
|
58
60
|
- Modifying files in `raw/` directly (N9)
|
|
59
61
|
- Re-ingesting without archiving old raw first
|
|
60
62
|
- Updating citations without running `skillwiki audit` to verify
|
|
63
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault
|
|
@@ -68,3 +68,4 @@ Return:
|
|
|
68
68
|
- Auto-resolving body conflicts
|
|
69
69
|
- Force-pushing (`git push --force`)
|
|
70
70
|
- Modifying files in `raw/` to resolve conflicts (N9)
|
|
71
|
+
- Printing, committing, or preserving live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets during conflict handling
|
package/skills/package.json
CHANGED
|
@@ -55,6 +55,10 @@ sha256: # computed by skillwiki hash over body bytes after closing ---
|
|
|
55
55
|
**Layer 2 — Typed Knowledge:** `entities/`, `concepts/`, `comparisons/`, `queries/`, `meta/`. Agent-owned pages with `^[raw/...]` citation markers at paragraph-end. Global scope — project association via `provenance_projects:` frontmatter, not directory nesting.
|
|
56
56
|
**Layer 3 — Project Workspaces (`projects/{slug}/`):** Per-project lifecycle directories with `work/` (spec + plan + retro), `compound/` (distilled lessons/patterns), `architecture/` (ADRs), and `history/` (archived specs/plans).
|
|
57
57
|
**No `inbox/` directory.** Ad-hoc captures go to `raw/transcripts/` or directly into a project work item via `proj-work`. Do not invent new top-level directories — extend Layer 2 via SCHEMA.md tag taxonomy if needed.
|
|
58
|
+
|
|
59
|
+
## Sensitive Content Policy
|
|
60
|
+
Vault content must not contain live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets. This includes development-only and local-only credentials. Redact values before filing using `[REDACTED:<kind>]` or `[REDACTED:<kind>:<fingerprint>]`. If a source contains live secrets, stop and ask for a redacted source or explicit rotation/remediation direction; do not preserve the secret in `raw/`.
|
|
61
|
+
|
|
58
62
|
### Ad-hoc capture: three entry points
|
|
59
63
|
| Entry | When | What happens |
|
|
60
64
|
|-------|------|-------------|
|
|
@@ -107,9 +111,30 @@ Use `prd_layer` + `prd_pipeline` from `.claude/dev-loop.config.md` as source of
|
|
|
107
111
|
|
|
108
112
|
## CLI Backbone
|
|
109
113
|
All skills are backed by the `skillwiki` CLI — a deterministic tool with no LLM calls. It handles path resolution, config management, validation, health reporting, and linting. Skills invoke it via Bash for the mechanical parts and use Claude for the creative parts.
|
|
110
|
-
Key CLI subcommands: `init`, `health`, `lint`, `config`, `doctor`, `path`, `lang`, `install`, `graph build`, `archive`, `drift`, `compound`, `tag-sync`, `sync status`, `seed`, `stale`, `observe`, `canvas generate`.
|
|
114
|
+
Key CLI subcommands: `init`, `health`, `lint`, `config`, `doctor`, `path`, `lang`, `install`, `fleet context`, `fleet validate`, `graph build`, `archive`, `drift`, `compound`, `tag-sync`, `sync status`, `seed`, `stale`, `observe`, `canvas generate`.
|
|
111
115
|
Run `skillwiki health <vault> --out /tmp/skillwiki-health.json --no-fail` for a bounded whole-system report that includes doctor, lint, vault-sync, query-readiness, source-freshness, risk flags, and self-check coverage. Run `skillwiki lint <vault> --summary` for lint-only bucket counts with capped examples and details commands. Run `skillwiki doctor` to diagnose setup/runtime issues only. Run `skillwiki config list` to see current configuration.
|
|
112
116
|
|
|
117
|
+
## Runtime Host Context and Fleet Freshness
|
|
118
|
+
The live output of `skillwiki --human fleet context <vault>` is authoritative for host identity. It overrides stale injected SessionStart context, remembered workspace context, and prior conversation summaries. `fleet context` is local and network-free; it reports `identity_status`, resolver trace, warnings, and the fact that remote freshness was not checked.
|
|
119
|
+
|
|
120
|
+
Use the local identity check for ordinary runtime context:
|
|
121
|
+
```bash
|
|
122
|
+
VAULT="$(skillwiki --human path | sed 's/ (via.*//')"
|
|
123
|
+
skillwiki --human fleet validate "$VAULT/projects/llm-wiki/architecture/fleet.yaml"
|
|
124
|
+
skillwiki --human fleet context "$VAULT"
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
Use the remote freshness flow before SSH, sync, deploy, install/uninstall, snapshot, protected-host work, editing `fleet.yaml`, or claiming "fleet is up to date":
|
|
128
|
+
```bash
|
|
129
|
+
VAULT="$(skillwiki --human path | sed 's/ (via.*//')"
|
|
130
|
+
git -C "$VAULT" fetch origin main --prune
|
|
131
|
+
skillwiki --human sync status "$VAULT"
|
|
132
|
+
skillwiki --human fleet validate "$VAULT/projects/llm-wiki/architecture/fleet.yaml"
|
|
133
|
+
skillwiki --human fleet context "$VAULT"
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
If `identity_status` is `unknown` or `invalid`, treat the runtime as ephemeral: do not infer SSH/self aliases, sync authority, deploy authority, or protected-host permissions. Rerun with `--host-id <id>` only after the user confirms the current machine is that named fleet host.
|
|
137
|
+
|
|
113
138
|
## Typical Workflow
|
|
114
139
|
1. **Init** (`wiki-init`) — create vault, set domain and taxonomy
|
|
115
140
|
2. **Ingest** (`wiki-ingest`) — add sources, build pages
|
|
@@ -62,9 +62,10 @@ Map source sections to typed-knowledge pages:
|
|
|
62
62
|
0. Resolve vault and language: `skillwiki path` and `skillwiki lang`.
|
|
63
63
|
1. Classify the input format using the structural cues above.
|
|
64
64
|
2. If URL source: run `skillwiki fetch-guard <url>`, then fetch.
|
|
65
|
-
3.
|
|
66
|
-
4.
|
|
67
|
-
5.
|
|
65
|
+
3. **Sensitive content guard.** Before writing the raw capture or generated pages, scan the source and generated body for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact generated prose before writing. If the source itself contains a live secret and would need to remain raw, STOP instead of preserving it.
|
|
66
|
+
4. Write raw capture: frontmatter + full body → `raw/articles/<slug>.md`.
|
|
67
|
+
5. Run `skillwiki hash <raw-file>`, embed sha256.
|
|
68
|
+
6. Generate typed-knowledge pages following the mapping strategy.
|
|
68
69
|
For generated comparison or evaluation pages, end the body with:
|
|
69
70
|
```markdown
|
|
70
71
|
## Decision Closeout
|
|
@@ -74,8 +75,8 @@ Map source sections to typed-knowledge pages:
|
|
|
74
75
|
Follow-up: ...
|
|
75
76
|
```
|
|
76
77
|
Use exactly one disposition. Preserve action items as skipped project-management content unless the closeout explicitly says `work-item`.
|
|
77
|
-
|
|
78
|
-
|
|
78
|
+
7. For each page: run `skillwiki validate <page>`. If any fails, STOP.
|
|
79
|
+
8. Write pages, then update `index.md` and `log.md`.
|
|
79
80
|
|
|
80
81
|
## Provenance defaults
|
|
81
82
|
|
|
@@ -87,6 +88,7 @@ Map source sections to typed-knowledge pages:
|
|
|
87
88
|
- `fetch-guard` non-zero.
|
|
88
89
|
- `validate` non-zero on any page.
|
|
89
90
|
- sha256 already exists for the same source (skip — already ingested).
|
|
91
|
+
- Source or generated content contains unredacted live credentials or other authenticating secrets.
|
|
90
92
|
|
|
91
93
|
## Forbidden
|
|
92
94
|
|
|
@@ -94,3 +96,4 @@ Map source sections to typed-knowledge pages:
|
|
|
94
96
|
- Writing index/log before all pages validate.
|
|
95
97
|
- Modifying existing raw files (N9).
|
|
96
98
|
- Auto-generating pages for action items, timelines, or process steps — those are project management, not knowledge.
|
|
99
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault.
|
|
@@ -32,8 +32,9 @@ Run `skillwiki lang` at the start. Entry prose and `--human` summaries use the r
|
|
|
32
32
|
- `text` — the idea/bug/task/note content (required)
|
|
33
33
|
- `type` — one of: `idea`, `bug`, `task`, `note` (default: `idea`)
|
|
34
34
|
- `project` — optional project slug to cross-reference (e.g., `llm-wiki`)
|
|
35
|
-
2. **
|
|
36
|
-
3. **
|
|
35
|
+
2. **Sensitive content guard.** Before writing a capture, scan the text for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact before writing. If the source text itself contains a live secret that must be preserved verbatim, STOP instead of filing it.
|
|
36
|
+
3. **Build filename.** Derive a slug from the first ~6 words of the text (lowercased, hyphens for spaces, non-alphanumeric stripped). The capture file is `raw/transcripts/YYYY-MM-DD-{type}-{slug}.md`. Each capture gets its own file — never append to an existing file.
|
|
37
|
+
4. **Write frontmatter.** Create the file with ad-hoc capture frontmatter:
|
|
37
38
|
```yaml
|
|
38
39
|
---
|
|
39
40
|
source_url:
|
|
@@ -47,19 +48,19 @@ project: "[[{slug}]]"
|
|
|
47
48
|
- If no project, omit the `project` field entirely.
|
|
48
49
|
- `source_url` is null (these are locally originated captures).
|
|
49
50
|
- No `sha256` — ad-hoc captures are mutable working notes, not immutable sources.
|
|
50
|
-
|
|
51
|
+
5. **Write body.** Below the frontmatter, write:
|
|
51
52
|
```markdown
|
|
52
53
|
# {type}: {text}
|
|
53
54
|
{text}
|
|
54
55
|
```
|
|
55
56
|
Use the resolved output language for any prose. The type label and frontmatter stay English.
|
|
56
|
-
|
|
57
|
+
6. **Cross-reference (optional).** If a `project` slug was provided:
|
|
57
58
|
- Check that `projects/{slug}/` exists in the vault.
|
|
58
59
|
- Append a one-line reference to the project's compound notes:
|
|
59
60
|
`- [YYYY-MM-DD] capture: [text (first 60 chars)] → raw/transcripts/YYYY-MM-DD-{type}-{slug}.md`
|
|
60
61
|
- Do NOT create a full work item (that's `proj-work`'s job).
|
|
61
|
-
|
|
62
|
-
|
|
62
|
+
7. **Update log.md.** Append: `## [YYYY-MM-DD] capture | [type]: [text (first 60 chars)]`
|
|
63
|
+
8. **Confirm to user.** Report what was captured and where. Suggest next steps:
|
|
63
64
|
- If `type: idea` → "Consider ingesting related sources to develop this idea."
|
|
64
65
|
- If `type: bug` → "Use proj-work to create a bug-fix work item."
|
|
65
66
|
- If `type: task` → "Use proj-work to track this task through the dev loop."
|
|
@@ -83,11 +84,13 @@ Ad-hoc captures omit `sha256` — they are mutable working notes, not immutable
|
|
|
83
84
|
- `skillwiki path` returns NO_VAULT_CONFIGURED.
|
|
84
85
|
- No `text` provided (prompt user once, then stop).
|
|
85
86
|
- Target file already exists (use a different slug or add a suffix).
|
|
87
|
+
- Capture text contains unredacted live credentials or other authenticating secrets.
|
|
86
88
|
## Forbidden
|
|
87
89
|
- Creating an `inbox/` directory. All captures go to `raw/transcripts/`.
|
|
88
90
|
- Appending to existing capture files — each capture gets its own file.
|
|
89
91
|
- Creating a work item — this is capture-only. Use `proj-work` for full work items.
|
|
90
92
|
- Writing to any Layer 2 or Layer 3 location. Captures are Layer 1 (raw).
|
|
93
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault.
|
|
91
94
|
## Filesystem drop (offline capture)
|
|
92
95
|
When you're not in a Claude session, drop files directly into `raw/transcripts/`:
|
|
93
96
|
1. Create a `.md` file in `raw/transcripts/` — name it descriptively (e.g., `2026-05-08-idea-fix-template.md`)
|
|
@@ -26,12 +26,15 @@ Reason: ...
|
|
|
26
26
|
Follow-up: ...
|
|
27
27
|
```
|
|
28
28
|
Use exactly one disposition. Keep this as a prompt/template convention; do not add validation or lint enforcement.
|
|
29
|
-
4.
|
|
30
|
-
5.
|
|
29
|
+
4. **Sensitive content guard.** Before writing, scan the source and generated body for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact generated prose before writing. If the source itself contains a live secret and would need to remain raw, STOP instead of preserving it.
|
|
30
|
+
5. `skillwiki validate <page>`. If non-zero, STOP.
|
|
31
|
+
6. Apply writes: page → `index.md` → `log.md`.
|
|
31
32
|
## Stop conditions
|
|
32
33
|
- `validate` non-zero.
|
|
33
34
|
- Missing `provenance:` for project-context runs.
|
|
35
|
+
- Source or generated content contains unredacted live credentials or other authenticating secrets.
|
|
34
36
|
## Forbidden
|
|
35
37
|
- Filing without explicit `provenance:`.
|
|
36
38
|
- Updating `index.md` before `validate` passes.
|
|
37
39
|
- Writing `[[wikilinks]]` to pages that don't exist in the vault. Before linking, verify the target exists: check `index.md` or `ls` the target directory. If the target doesn't exist yet, use plain text instead of a wikilink.
|
|
40
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault.
|
|
@@ -19,8 +19,9 @@ Run `skillwiki lang` at the start. Generate page-body prose, narrative sections,
|
|
|
19
19
|
1. **Guard.** For each URL: run `skillwiki fetch-guard <url>`. If exit ≠ 0, STOP and surface the error. Do not retry.
|
|
20
20
|
2. **Fetch.** Use `web_fetch` (or read local file) under Layer 2 controls (the CLI Layer 2 fetcher applies in tests; in skill runtime use `web_fetch` directly and treat any error as STOP).
|
|
21
21
|
3. **Identity guard.** Before writing raw files, ensure the target raw filename/title, `source_url`, fetched H1/title, and early body subject agree. If `skillwiki ingest` reports `INGEST_VALIDATION_FAILED` with `source identity conflict`, STOP. Do not fix by renaming after the fact; choose the correct title/source pair or ask the user.
|
|
22
|
-
4. **
|
|
23
|
-
5. **
|
|
22
|
+
4. **Sensitive content guard.** Before writing or filing any vault page, scan the source and generated body for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact generated prose before writing. If the source itself must remain raw and contains a live secret, STOP instead of preserving it.
|
|
23
|
+
5. **Hash.** Write the raw file (frontmatter + body). Run `skillwiki hash <raw-file>` and embed the result in raw frontmatter `sha256:`.
|
|
24
|
+
6. **Generate page(s).** Compose typed-knowledge page(s) with citations pre-attached (`^[raw/...]` markers). Every page MUST include:
|
|
24
25
|
- `> **TL;DR:**` blockquote as the first content after the title heading — a one-sentence summary of the page's key takeaway (under 200 chars). See SCHEMA.md `## TL;DR Convention`.
|
|
25
26
|
- For pages tagged `architecture` or explaining workflows/systems: include a Mermaid diagram (`graph TB` or `sequenceDiagram`) in the body. Follow Obsidian-compatible Mermaid rules (see SCHEMA.md `## Mermaid Diagrams`).
|
|
26
27
|
For generated `comparisons/` pages or evaluation-style `queries/` pages, end the body with:
|
|
@@ -32,9 +33,9 @@ Reason: ...
|
|
|
32
33
|
Follow-up: ...
|
|
33
34
|
```
|
|
34
35
|
Use exactly one disposition. Keep this as a prompt convention, not a validator rule.
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
36
|
+
7. **Validate.** For each generated page: run `skillwiki validate <page>`. If exit ≠ 0, STOP — do not write index/log.
|
|
37
|
+
8. **Apply writes in order.** raw → page(s) → `index.md` → `log.md`.
|
|
38
|
+
9. **Confidence flag.** If only one source is cited, set `confidence: low`.
|
|
38
39
|
## Provenance defaults
|
|
39
40
|
- Default `provenance: research`.
|
|
40
41
|
- If cwd is inside `projects/{slug}/`, set `provenance: project` and add `provenance_projects: ["[[slug]]"]`.
|
|
@@ -47,6 +48,7 @@ Raw ephemeral data (market feeds, logs, transient JSON) must be written to the *
|
|
|
47
48
|
- `fetch-guard` non-zero.
|
|
48
49
|
- Fetch timeout / size limit exceeded.
|
|
49
50
|
- `INGEST_VALIDATION_FAILED` with `source identity conflict`.
|
|
51
|
+
- Source or generated content contains unredacted live credentials or other authenticating secrets.
|
|
50
52
|
- `validate` non-zero on any page.
|
|
51
53
|
- sha256 already exists in vault for the same source.
|
|
52
54
|
## Forbidden
|
|
@@ -57,7 +59,7 @@ Raw ephemeral data (market feeds, logs, transient JSON) must be written to the *
|
|
|
57
59
|
- Writing `[[wikilinks]]` to pages that don't exist in the vault. Before linking, verify the target exists: check `index.md` or `ls` the target directory. If the target doesn't exist yet, use plain text instead of a wikilink.
|
|
58
60
|
## Batch Mode
|
|
59
61
|
When the user provides multiple sources (a directory of files, a list of URLs, or a multi-document input):
|
|
60
|
-
1. **Loop per source.** Execute steps 1–
|
|
62
|
+
1. **Loop per source.** Execute steps 1–7 for each source individually (guard → fetch → identity guard → sensitive content guard → hash → generate → validate).
|
|
61
63
|
2. **Accumulate, don't write yet.** Collect all raw files and pages in memory. Do not write `index.md` or `log.md` until every source has validated.
|
|
62
64
|
3. **Fail fast.** If any page fails validation, STOP. Report all failures. Do not write index/log for any source.
|
|
63
65
|
4. **Deduplication.** Before writing each raw file, check `sha256` against existing vault raw sources. Skip sources whose content is already present.
|
|
@@ -15,12 +15,14 @@ Standard four reads.
|
|
|
15
15
|
2. For lint-only maintenance, run `skillwiki lint <vault> --summary`. This returns bounded bucket counts, capped examples, and `details_command` hints without full item arrays.
|
|
16
16
|
3. Drill into important buckets with `skillwiki lint <vault> --only <bucket>` when examples are insufficient for remediation.
|
|
17
17
|
4. Reason over findings; present grouped by severity with concrete suggested actions per kind. If the CLI was recently updated with new lint checks, re-running lint on the full vault may flag pre-existing pages that predate the new rule — treat these as legitimate findings, not false positives.
|
|
18
|
-
5.
|
|
19
|
-
6.
|
|
20
|
-
7.
|
|
18
|
+
5. Treat `sensitive_content` as a security error. Drill down with `skillwiki lint <vault> --only sensitive_content --human`. Redaction is allowed as a security exception to raw immutability only through `skillwiki lint <vault> --fix --only sensitive_content`; never print the secret value in the report.
|
|
19
|
+
6. If `log_rotate_needed` is present and the user consents, run `skillwiki log-rotate <vault> --apply`. Otherwise leave alone.
|
|
20
|
+
7. **Post-migration verification**: If the user recently migrated content (e.g., moved entity/concept pages to another vault), re-run `skillwiki lint <vault> --summary` and verify that broken_wikilinks count decreased. Remaining broken links for migrated content indicate pages still referencing the moved files — these should be cleaned up (remove citations or migrate the referencing pages too).
|
|
21
|
+
8. Append a `log.md` entry summarizing lint counts only when the user asked to record the maintenance result. Do not log routine `health` reports by default.
|
|
21
22
|
## Stop conditions
|
|
22
23
|
None — lint reports all findings even on per-page errors.
|
|
23
24
|
## Forbidden
|
|
24
25
|
- Auto-rotating logs.
|
|
25
26
|
- Auto-updating sha256 fields.
|
|
26
27
|
- Modifying any page beyond a user-approved lint summary entry in `log.md`.
|
|
28
|
+
- Printing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets in findings or summaries.
|
|
@@ -22,7 +22,8 @@ Standard four reads (SCHEMA, index, log, project context if applicable).
|
|
|
22
22
|
- Type affinity: 1.0×
|
|
23
23
|
5. **Read top candidates** in full (frontmatter + body).
|
|
24
24
|
6. **Synthesize answer** with explicit citations to the candidate pages.
|
|
25
|
-
7. **
|
|
25
|
+
7. **Sensitive content guard.** Before filing any query or comparison page, scan the generated body for live credentials, access keys, tokens, passwords, cookies, bearer headers, or private keys. Redact before writing. If the answer depends on preserving a live secret, STOP and ask for a redacted source or explicit rotation/remediation direction.
|
|
26
|
+
8. **Optional file.** If user accepts: write to `queries/<slug>.md` or `comparisons/<slug>.md` with full frontmatter, validate, then update `index.md` then `log.md`. If the filed page is a research/evaluation answer, recommendation, or comparison, end it with:
|
|
26
27
|
```markdown
|
|
27
28
|
## Decision Closeout
|
|
28
29
|
|
|
@@ -34,6 +35,7 @@ Use exactly one disposition. This is a prompt convention only; do not add CLI en
|
|
|
34
35
|
## Stop conditions
|
|
35
36
|
- Zero matching pages.
|
|
36
37
|
- User declines to file.
|
|
38
|
+
- Generated filed content contains unredacted live credentials or other authenticating secrets.
|
|
37
39
|
## Pitfalls
|
|
38
40
|
### Claimed-status vs actual-state gap
|
|
39
41
|
When a wiki page (especially a work item `tasks.md`) claims that fixes were applied, features were completed, or files were removed — **verify on disk before accepting the claim**. In one incident, a `tasks.md` marked 6 items DONE but 5 were not actually applied: a script claimed "removed" was still 2020 bytes on disk, a crontab claimed "updated to 30min" was still `*/10`, and a build target claimed "verified has consumers" had no web server serving it.
|
|
@@ -41,3 +43,4 @@ When a wiki page (especially a work item `tasks.md`) claims that fixes were appl
|
|
|
41
43
|
## Forbidden
|
|
42
44
|
- Filing without `validate` passing.
|
|
43
45
|
- Skipping the orientation reads even for "quick" queries.
|
|
46
|
+
- Writing live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets to the vault.
|
|
@@ -55,6 +55,10 @@ sha256: # computed by skillwiki hash over body bytes after closing ---
|
|
|
55
55
|
**Layer 2 — Typed Knowledge:** `entities/`, `concepts/`, `comparisons/`, `queries/`, `meta/`. Agent-owned pages with `^[raw/...]` citation markers at paragraph-end. Global scope — project association via `provenance_projects:` frontmatter, not directory nesting.
|
|
56
56
|
**Layer 3 — Project Workspaces (`projects/{slug}/`):** Per-project lifecycle directories with `work/` (spec + plan + retro), `compound/` (distilled lessons/patterns), `architecture/` (ADRs), and `history/` (archived specs/plans).
|
|
57
57
|
**No `inbox/` directory.** Ad-hoc captures go to `raw/transcripts/` or directly into a project work item via `proj-work`. Do not invent new top-level directories — extend Layer 2 via SCHEMA.md tag taxonomy if needed.
|
|
58
|
+
|
|
59
|
+
## Sensitive Content Policy
|
|
60
|
+
Vault content must not contain live credentials, access keys, tokens, passwords, cookies, bearer headers, private keys, or other authenticating secrets. This includes development-only and local-only credentials. Redact values before filing using `[REDACTED:<kind>]` or `[REDACTED:<kind>:<fingerprint>]`. If a source contains live secrets, stop and ask for a redacted source or explicit rotation/remediation direction; do not preserve the secret in `raw/`.
|
|
61
|
+
|
|
58
62
|
### Ad-hoc capture: three entry points
|
|
59
63
|
| Entry | When | What happens |
|
|
60
64
|
|-------|------|-------------|
|
|
@@ -107,9 +111,30 @@ Use `prd_layer` + `prd_pipeline` from `.claude/dev-loop.config.md` as source of
|
|
|
107
111
|
|
|
108
112
|
## CLI Backbone
|
|
109
113
|
All skills are backed by the `skillwiki` CLI — a deterministic tool with no LLM calls. It handles path resolution, config management, validation, health reporting, and linting. Skills invoke it via Bash for the mechanical parts and use Claude for the creative parts.
|
|
110
|
-
Key CLI subcommands: `init`, `health`, `lint`, `config`, `doctor`, `path`, `lang`, `install`, `graph build`, `archive`, `drift`, `compound`, `tag-sync`, `sync status`, `seed`, `stale`, `observe`, `canvas generate`.
|
|
114
|
+
Key CLI subcommands: `init`, `health`, `lint`, `config`, `doctor`, `path`, `lang`, `install`, `fleet context`, `fleet validate`, `graph build`, `archive`, `drift`, `compound`, `tag-sync`, `sync status`, `seed`, `stale`, `observe`, `canvas generate`.
|
|
111
115
|
Run `skillwiki health <vault> --out /tmp/skillwiki-health.json --no-fail` for a bounded whole-system report that includes doctor, lint, vault-sync, query-readiness, source-freshness, risk flags, and self-check coverage. Run `skillwiki lint <vault> --summary` for lint-only bucket counts with capped examples and details commands. Run `skillwiki doctor` to diagnose setup/runtime issues only. Run `skillwiki config list` to see current configuration.
|
|
112
116
|
|
|
117
|
+
## Runtime Host Context and Fleet Freshness
|
|
118
|
+
The live output of `skillwiki --human fleet context <vault>` is authoritative for host identity. It overrides stale injected SessionStart context, remembered workspace context, and prior conversation summaries. `fleet context` is local and network-free; it reports `identity_status`, resolver trace, warnings, and the fact that remote freshness was not checked.
|
|
119
|
+
|
|
120
|
+
Use the local identity check for ordinary runtime context:
|
|
121
|
+
```bash
|
|
122
|
+
VAULT="$(skillwiki --human path | sed 's/ (via.*//')"
|
|
123
|
+
skillwiki --human fleet validate "$VAULT/projects/llm-wiki/architecture/fleet.yaml"
|
|
124
|
+
skillwiki --human fleet context "$VAULT"
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
Use the remote freshness flow before SSH, sync, deploy, install/uninstall, snapshot, protected-host work, editing `fleet.yaml`, or claiming "fleet is up to date":
|
|
128
|
+
```bash
|
|
129
|
+
VAULT="$(skillwiki --human path | sed 's/ (via.*//')"
|
|
130
|
+
git -C "$VAULT" fetch origin main --prune
|
|
131
|
+
skillwiki --human sync status "$VAULT"
|
|
132
|
+
skillwiki --human fleet validate "$VAULT/projects/llm-wiki/architecture/fleet.yaml"
|
|
133
|
+
skillwiki --human fleet context "$VAULT"
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
If `identity_status` is `unknown` or `invalid`, treat the runtime as ephemeral: do not infer SSH/self aliases, sync authority, deploy authority, or protected-host permissions. Rerun with `--host-id <id>` only after the user confirms the current machine is that named fleet host.
|
|
137
|
+
|
|
113
138
|
## Typical Workflow
|
|
114
139
|
1. **Init** (`wiki-init`) — create vault, set domain and taxonomy
|
|
115
140
|
2. **Ingest** (`wiki-ingest`) — add sources, build pages
|