docs(peek): align plugin listing + skill with the shipped act capability and real action schema#138
Conversation
|
Warning Review limit reached
Next review available in: 39 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (4)
📝 WalkthroughWalkthroughThis PR updates documentation and description strings across the peek plugin/marketplace metadata and skill guides. Descriptions now mention per-origin consent and live-page actions. Skill docs are rewritten to describe a no-upload privacy stance and a new session-based consent flow using list_recent_sessions, get_page_view, request_authorization, and execute_action. ChangesDocumentation and description updates
Estimated code review effort: 1 (Trivial) | ~5 minutes Sequence Diagram(s)sequenceDiagram
participant Agent
participant MCP
participant User
Agent->>MCP: list_recent_sessions()
MCP-->>Agent: sessionId
Agent->>MCP: get_page_view(sessionId)
MCP-->>Agent: stable ref
Agent->>MCP: request_authorization({sessionId, action: {type: 'click', ref}})
MCP->>User: request consent
User-->>MCP: approve/decline
MCP-->>Agent: confirmToken (if approved)
Agent->>MCP: execute_action({sessionId, action, confirmToken})
Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/peek-cli/skills/peek-skill.md`:
- Around line 154-167: The session authorization example is ambiguous because it
uses confirmToken as if it already exists; update the walkthrough in
peek-skill.md to explicitly show that request_authorization returns the one-shot
confirmToken and then pass that returned value into execute_action. Keep the
flow clear using the existing symbols request_authorization, execute_action,
sessionId, and confirmToken so the example is copy-pastable and unambiguous.
- Line 16: The bootstrap install command in peek-skill.md is unpinned and
currently references npx `@peekdev/cli` init, which should be changed to a fixed
version or local install reference. Update the command text to use the specific
CLI version already intended for this workflow (or an equivalent local path) so
the init step is deterministic; use the existing init instruction in the
markdown as the place to make this change.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: 8e6ce677-a200-489a-bc4a-b2f254f73042
📒 Files selected for processing (4)
.claude-plugin/marketplace.jsonpackages/peek-cli/skills/peek-skill.mdplugins/peek/.claude-plugin/plugin.jsonplugins/peek/skills/peek/SKILL.md
|
@coderabbitai review |
✅ Action performedReview finished.
|
Address CodeRabbit review on #138: bind confirmToken to the request_authorization return in the consent-flow sketch so its provenance is explicit and the example is copy-pastable. Both skill copies kept byte-identical (verify:plugin green). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: harry-harish <22562634+harry-harish@users.noreply.github.com>
|
@coderabbitai full review |
✅ Action performedFull review finished. |
…real action schema Optional polish from the community-marketplace pre-approval review (0 blockers). Rebased onto #137 (verify_audit_log / 17 tools); these edits are independent of it. - plugin.json / marketplace.json: the listing one-liners omitted peek's consent-gated live-browser act capability (execute_action et al.). Add a short "with per-origin consent, act in the live page" clause so the shortest listing text matches the tool surface a screener enumerates. - SKILL.md consent-flow example used a flat, invalid shape (action: 'click', selector, no sessionId) that returns MCP -32602. Fix it to the real schema (request_authorization / execute_action take { sessionId, action: { type, ref } }), bind the returned confirmToken explicitly, and prefer a get_page_view ref per the skill's own guidance. - SKILL.md "runs entirely on the user's machine" now carries the READMEs' honest caveat (peek uploads nothing; what your MCP client does with returned session data is up to you). Both skill copies kept byte-identical (verify:plugin green). Verified: claude plugin validate (plugin + marketplace) passes, biome clean, and the corrected example shape passes live input validation. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Signed-off-by: harry-harish <22562634+harry-harish@users.noreply.github.com>
89a757d to
65c3fe3
Compare
|
@coderabbitai full review |
✅ Action performedFull review finished. |
What & why
Optional polish from the pre-approval review of the peek Claude Code plugin
(submitted to the Anthropic
claude-communitymarketplace). That review found0 approval blockers; these are 3 of the 7 low-severity items — the ones
worth fixing before the listing is pinned. Nothing here is required for
approval; because CI re-pins the marketplace SHA as
mainadvances, the fixesreach users without a re-submission.
Changes
plugin.json,marketplace.json) — the one-linerdescriptions read as read-only-only. They now name peek's consent-gated
live-browser act capability (
execute_actionet al.) so the shortestlisting text matches the tool surface a safety screener enumerates. Fully
disclosed already in the README + skill; this just aligns the summary.
SKILL.mdconsent-flow example — the old example used a flat, invalidshape (
action: 'click',selector, nosessionId) that returnsMCP error -32602. Corrected to the real schema —request_authorization/execute_actiontake{ sessionId, action: { type, ref } }(+confirmToken) — and it now usesa
get_page_viewref, per the skill's own ref-first guidance.SKILL.mdprivacy wording — "runs entirely on the user's machine" nowcarries the same honest caveat the READMEs do: peek uploads nothing, but
what your MCP client does with the returned session data is up to you.
The bundled
plugins/peek/skills/peek/SKILL.mdis kept byte-identical tothe canonical
packages/peek-cli/skills/peek-skill.md(theverify:plugindrift guard enforces this).
Verification
pnpm verify:plugin→ OK (marketplace + plugin manifest + mcp parity + skill sync)claude plugin validate ./plugins/peekandclaude plugin validate .→ ✔ passedpnpm lint(biome, 520 files) → clean-32602(missingsessionId,actionexpected object); the new args pass input validation and reachthe permission layer (
verdict: deny … level-0-off) — a downstream denial,not a schema error.
No TypeScript, tests, or recipes touched (doc/metadata only).
🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
Documentation