Conversation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add spec, architecture decision, and implementation plan for restructuring the validator into a five-pass pipeline (Parse → Structure → Content → References → Security) with four-tier diagnostics, sizeyness-aware severity escalation, configurable thresholds, and optional semgrep integration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Foundation data model for the five-pass validation pipeline: four-tier Severity with Ord, Sizeyness from file/dir/orchestration counts, CheckName enum (38 variants, kebab-case serde), Diagnostic struct, PipelineError with thiserror, escalate() function, SkillContext for accumulated pipeline state, and FileEntry/FileType/Heading/Link/CodeBlock helper structs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add #![allow(dead_code)] for new pipeline types awaiting consumers, add size_bytes field to FileEntry, clarify frontmatter placeholder type. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement ValidatorConfig with sections (SizeynessConfig, ContentConfig, ReferencesConfig, SecurityConfig), TOML loading with XDG path resolution, env var overrides, and validation that reverts invalid values to defaults with diagnostic warnings. Add setup subcommand to generate commented default config and completions subcommand for shell completion generation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Test the try_env_usize/bool/string helpers directly to avoid parallel test interference from process-global env vars. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implement the parse pass that finds SKILL.md (exact casing enforced via directory listing to handle case-insensitive filesystems), extracts YAML frontmatter, and parses the markdown body into typed collections (headings, links, code blocks, prose-only view). Placeholder modules added for passes 2-5. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use directory listing instead of Path::exists() to prevent case-insensitive filesystem matches on macOS. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… detection Implements the structure pass that walks the skill directory tree, classifies files by type (Markdown, Script, Binary, Config, Other), detects binaries via null-byte sniffing and known extensions, computes sizeyness tier from config thresholds, and emits diagnostics for binary files, scripts in root, and sizeyness classification. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Implements frontmatter validation (name format, description length, trigger language, unknown/extension fields, context/agent/model semantics), content quality checks with per-check sizeyness escalation, word-boundary matching for behavioral constraints, and positive reinforcement diagnostics. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…safety Implement the references pass that walks markdown link chains from SKILL.md, detects broken references, orphaned files, circular references, path traversal attempts, hop limit violations, and missing hooks scripts. Severity escalates with skill sizeyness. Includes 17 integration tests and 7 unit tests across three new fixture directories. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… detection Implements the security pass with two modes: semgrep-based analysis when the binary is available, and regex-based remote execution detection that always runs. Bundled semgrep rules cover shell injection, Python exec, env exfiltration, hardcoded URLs, and filesystem escape patterns. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds run_pipeline() which sequences Parse -> Structure -> Content -> References -> Security, stopping early only on fatal parse errors. Includes exit_code() with strict-mode support and sizeyness reason building from SkillContext. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add format_human() (warm tone, emoji markers, severity grouping, doc links) and format_json() (spare machine output, schema_version: 2, sizeyness_reasons). Both support --severity filtering to hide lower tiers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…rity flags Replace direct validate() calls with run_pipeline() + formatter in both the validate and scan commands. Add --strict (promotes warnings to exit 1), --output-format (human|json, replaces --json), and --severity (minimum display level). Deprecate --json with a stderr warning pointing users to --output-format json. Mark validator::validate() as #[deprecated]. Export new pipeline/formatter types from lib.rs. All 397 tests pass. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bump version 0.1.7 -> 0.2.0. Rewrite README.md to document the five-pass pipeline, severity tiers, sizeyness escalation, config system, new CLI flags, and breaking changes. Clean up README corruption artifacts. Add 0.2.0 section to CHANGELOG with migration guide. Update AGENTS.md project structure to reflect new modules (passes/, pipeline.rs, config.rs, formatter.rs). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update specification to reflect v0.2.0 codebase: - Bump version from 0.1.7 to 0.2.0 - Update description max length from 1024 to 250 chars - Add complete runtime dependencies table (19 deps) - Note dev dependencies as empty - Add Commands section with all 6 commands - Add Validation Pipeline section describing five-pass architecture - Add Diagnostic Severity Tiers section - Add Sizeyness Classification section - Add Configuration section - Add Scan Command section Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rewrites the system diagram, module table, public API surface, validation flow diagram, design patterns, key algorithms, and testing architecture to reflect the five-pass pipeline introduced in v0.2.0. Marks validator.rs as deprecated and adds Diagnostic/Severity, sizeyness, and pipeline orchestration descriptions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces the v0.1.x validator-centric API doc with full coverage of the v0.2.0 pipeline, formatter, scan, discovery, parser, prompt, and infrastructure APIs. Marks validate/ValidationResult as deprecated and updates CLI docs to include --strict, --output-format, --severity, and the scan/setup/completions subcommands. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Rewrites validation-rules.md to reflect the v0.2.0 five-pass pipeline: - Adds Severity Tiers section with exit code behavior and --strict flag - Adds Sizeyness Escalation section with escalation table per check - Updates description max length from 1024 to 250 chars - Changes unknown fields from error to warning (reflects actual behavior) - Restructures Validation Order into five-pass pipeline - Documents new checks: binary detection, sizeyness classification, reference chain walking (5-hop limit), orphan detection, path boundary checks, remote execution patterns (curl|bash), semgrep integration - Updates keyword detection to note word-boundary matching and prose-only view - Documents SKILL.md exact casing enforcement - Adds exit code 2 for scan/configuration errors Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update documentation to reflect current codebase state: - Project structure now includes all source files with passes/ subdirectory - Add all new modules: config, discovery, formatter, git, paths, pipeline, scan - Update lib.rs exports to match current API surface - Expand test organization to include all test files and pass-specific tests - Replace validator.rs pattern with five-pass pipeline approach - Add semgrep as optional prerequisite for security pass - Update release process to use v0.2.0 and remove manual cli.rs version update - Clarify Justfile recipes with actual names and deps recipe Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Update test organization tree to list all 15 test files - Add config, formatter, pipeline, and 5-pass test sections - Update integration test example to use run_pipeline() - Expand CLI tests section with --strict, --output-format, --severity flags - Update fixture directory structure with new test categories - Add detailed coverage descriptions for each test module Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Sizeyness uses file/subdir counts and orchestration fields, not KB/MB - Diagnostic struct has 7 fields, not 2 - Sizeyness tiers are Simple/Moderate/Hefty (3), not Small/Medium/Large/Huge (4) - Body line limit default is 300, not 500 - Unknown fields produce warnings, not errors - Strict mode uses exit code 1, not 2 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Updated Key Features to reflect five-pass validation pipeline, configurable severity, multi-directory scanning, human/JSON output formats, optional security scanning, TOML configuration, shell completions, and Rust library API. Added missing scan, setup, and completions commands. Added exit code 2 for scan/configuration errors. Updated overview to mention five-pass pipeline and severity model. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Disambiguate duplicate 'scan' headings in api-reference.md - Fix ordered list numbering in development-guide.md - Rename duplicate 'Configuration' heading in README.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Line 16 of plans: Add h2 heading to fix MD001 (heading-increment) - Line 160 of specs: Rename "Behavior" to "Pass 2 Behavior" for MD024 - Line 172 of specs: Rename "Diagnostics" to "Pass 2 Diagnostics" for MD024 - Lines 199-203 of specs: Shorten extension field table for MD013 - Line 251 of specs: Rename "Diagnostics" to "Pass 4 Diagnostics" for MD024 - Lines 253-260 of specs: Shorten Pass 4 diagnostics table for MD013 - Line 327 of specs: Add 'text' language specifier for MD040 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Exclude specs, plans, and private-journal from markdown linting. Prettier reformatted docs to 250-char print width. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hooks must always pass — fix pre-existing issues, never bypass. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ed plans Add three new Architecture Decision Records: - 0002: Four-tier severity model with sizeyness escalation - 0003: Compile-time path embedding via include_str! - 0004: Dual output personality (human warmth vs JSON sparseness) Add two new design specs: - Scan and discovery system design - Security pass design (Pass 5) Remove fully-implemented plans per new convention (plans are deleted once worked, code and git history are source of truth). Update AGENTS.md with spec-driven development methodology, agent dispatch model, progressive disclosure, justfile-as-truth, emergent decisions protocol, shell portability, and version pinning policy. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add from repo-template: - .editorconfig (UTF-8, LF, Rust 4-space indent) - CODEOWNERS - CONTRIBUTING.md (spec-driven workflow) - GitHub issue templates (bug, feature, refactor, test gap) - GitHub PR template with test plan checklist Update existing: - .claude/CLAUDE.md: model preferences, tool permissions, plugins - lefthook.yml: split lightweight pre-commit (fmt + mdlint) from full pre-push (ensure-ci) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
cargo-deny subsumes cargo-audit's advisory checking and adds license policy, duplicate detection, banned crate enforcement, and source provenance checks. - Configure deny.toml with allowed licenses (MIT, Apache-2.0, BSD-2/3-Clause, ISC, MPL-2.0, Unicode-3.0/DFS-2016, Zlib) - Replace rustsec/audit-check action with cargo deny check in CI - Replace cargo audit with cargo deny check in justfile security recipe - Drop unused checks permission from CI security job Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add .markdownlint-cli2.yaml to version control (was present on disk but untracked). Prettier-reformatted table whitespace in pipeline design spec. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PR jobs now use actions/cache/restore (read-only). Cache is only saved by the build job on push events, preventing PRs from poisoning the shared cache that feeds the release pipeline. Also fixes MD041 override in .markdownlint.json so PR template passes the markdown lint pre-commit hook. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Single source of truth for globs, ignores, and rules. Removes redundant .markdownlint.json and .markdownlintignore. Simplifies justfile and CI workflow to invoke markdownlint-cli2 without inline overrides. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces GitHub-managed default setup with explicit workflow file. Runs on push to main, PRs, and weekly schedule. Covers both Rust (beta) and GitHub Actions languages. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.agents/directory, stale planning artifacts, dead code; fix all markdown lint errors; add lefthook pre-push hookTest plan
just ensure-cipasses locallycargo clippy -- -D warningsclean🤖 Generated with Claude Code