Skip to content

feat(skills): vendor the outsource skill (explore/review/write) #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
OriNachum wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(skills): vendor the outsource skill (explore/review/write) #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
104 changes: 104 additions & 0 deletions .claude/skills/outsource/SKILL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
---
name: outsource
type: command
description: >
Hand a scoped repo task to convertible — a *different* engine/model than you
(e.g. a local vLLM Qwen) — and fold its answer back. The point isn't a stronger
model; it's a different mind, and diversity helps: `outsource review` gets an
independent second opinion on a diff, `outsource explore` gets a fresh read of
an area, `outsource write` delegates a small implementation. Use when the user
says "outsource this", "get a second opinion", "have convertible review/explore/
write", "ask the other model", or when you want a diverse perspective rather
than just doing it yourself. Read-only verbs (explore/review) run isolated in a
throwaway git worktree and cannot touch the working tree.
---

# outsource — use convertible as a different mind

`outsource` drives the **`convertible`** CLI so a Claude agent can hand a scoped
task to a *different* engine (default: a local vLLM `Qwen3.6-27B` on
`:8001`). Convertible's model is **not** assumed to be stronger than you — its
value is **diversity**. A second, independent mind catches things the author's
mind glides past, which is why **review** is the headline verb.

This skill is the operator: a portable wrapper that resolves the CLI and turns
each verb into a `convertible drive`, then prints the drive's result summary.

## How to run

The entry point is `scripts/outsource.sh`. Invoke it from the repo you want
convertible to work on:

```bash
bash .claude/skills/outsource/scripts/outsource.sh <verb> "<text>" [options]
```

It resolves the CLI portably — an installed `convertible` on `PATH` (the normal
case), falling back to `uv run convertible` when inside the convertible checkout,
else an install hint.

### Verbs

| Verb | What it does | Side effects |
|------|--------------|--------------|
| `explore "<question or area>"` | Read-only investigation of the repo; the model reads and reports findings. | **None** — runs in a throwaway worktree at HEAD. |
| `review "<what to focus on>" [--base main]` | A diverse second opinion on the **committed** diff (`<base>...HEAD`). | **None** — throwaway worktree; reviews committed changes only. |
| `write "<task>" [--pr]` | Implement a change. Commits to a drive branch by default; `--pr` pushes + opens a PR. | In-place: a `convertible/<id>` drive branch (or a PR). |

### Options

| Option | Meaning |
|--------|---------|
| `--repo PATH` | Target repo (default: `.`). |
| `--base BRANCH` | Base for the `review` diff (default: `main`). |
| `--engine NAME` | Engine wheel (default: `$CONVERTIBLE_ENGINE` or `vllm-openai`). |
| `--model NAME` | Model (default: `$CONVERTIBLE_MODEL` or `mmangkad/Qwen3.6-27B-NVFP4`). |
| `--base-url URL` | OpenAI base URL (default: `$CONVERTIBLE_BASE_URL` or `http://localhost:8001/v1`). |
| `--max-steps N` | Loop step budget (default: 20). |
| `--allow-dirty` | (`write`) allow running on a dirty tree. |
| `--pr` | (`write`) push + open a PR instead of a local drive branch. |

The result printed to stdout is the drive's `TaskResult.summary` (plus
`changed_files` / drive branch for `write`), parsed from `convertible drive
--json`. Per-step progress streams to stderr while it runs.

## When to reach for which verb

- **review** — the standing use. You wrote (or an agent wrote) a change and you
want a candid, independent pass over the *committed* diff before you trust it.
Treat the output as a second opinion to weigh, not a verdict.
- **explore** — you want a fresh, unbiased read of an unfamiliar area ("how does
X work here?") without anchoring on your own assumptions.
- **write** — a small, well-scoped implementation you're happy to delegate. The
result lands on a drive branch you can inspect, merge, or discard.

## Hard rules (do not violate)

- **explore and review are read-only.** They run in a throwaway `git worktree`
at HEAD, so a stray write can't reach your working tree or branch; the prompts
also tell the model not to modify anything. Don't route a change-making task
through them — use `write`.
- **`write` refuses a dirty tree** unless you pass `--allow-dirty`. This guards
the dirty-tree hazard: `convertible drive --no-pr` commits *uncommitted* edits
onto the drive branch and leaves you there. Commit or stash first.
- **Outsourced output is a second opinion, not authority.** The engine may be a
smaller/different model; weigh its findings, verify its claims, and own the
decision yourself.

## Honest limits

- Read-only is enforced by **worktree isolation + prompt constraint**, not a
sandbox — the loop always exposes `write_file`/`run_command`, so the model can
still run arbitrary *read-only* commands.
- `review` covers **committed** changes only (`<base>...HEAD`). To review
uncommitted work, commit it first.
- The default engine is whatever single model is running locally; a multi-model
fleet (different model per verb) is separate infrastructure.

## Provenance

This is a **first-party convertible** skill — `agentculture/convertible` is its
origin. guildmaster **re-broadcasts** it to the mesh (the same inbound pattern as
the devague-origin workflow skills), tracking it in `docs/skill-sources.md`. The
`cite, don't import` policy holds: downstream repos copy it, they don't symlink
or depend on it.
24 changes: 24 additions & 0 deletions .claude/skills/outsource/prompts/explore.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Outsource Explore Prompt

You are a second, independent mind brought in for a fresh read of this repository.
You are NOT the original author — your value is a different perspective, not authority.

Investigate the following and report what you find:

$ARGUMENTS

Rules:

- This is READ-ONLY. Use read_file, list_dir, and read-only run_command only
(e.g. `git log`, `git grep`, `ls`, `rg`). Do NOT create, modify, or delete any
file, and do NOT run any command that changes state.
- Be concrete: cite file paths and line numbers; quote the key code you rely on.
- Surface what's surprising, risky, or unclear — not just a tidy summary.
- You have a limited step budget. Read efficiently and call finish with your
report well before you run out — a focused finding beats endless reading.

When you are done, call finish with a structured findings report:

1. What it is / how it works (with file:line references).
2. Notable details, edge cases, or surprises.
3. Open questions or risks worth a closer look.
31 changes: 31 additions & 0 deletions .claude/skills/outsource/prompts/review.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Outsource Review Prompt

You are an independent reviewer — a different mind from whoever wrote this change.
Your job is a candid second opinion, not a rubber stamp.

Focus the review on:

$ARGUMENTS

The change under review is the committed diff on this branch versus its base
(`$BASE`). Start by running, read-only:

git diff $BASE...HEAD --stat
git diff $BASE...HEAD

Comment on lines +10 to +15
Copy link
Copy Markdown

@qodo-code-review qodo-code-review Bot May 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

2. Base value command injection 🐞 Bug ⛨ Security

--base is substituted into the review prompt’s suggested git diff $BASE...HEAD commands without
quoting or validation, so a crafted base containing shell metacharacters can turn a “read-only” step
into arbitrary command execution by the outsourced model.
Agent Prompt 
## Issue description
The `review` prompt instructs the outsourced agent to run `git diff $BASE...HEAD`, and `outsource.sh` allows arbitrary `--base` values. If `--base` contains shell metacharacters (e.g., `main; <cmd>`), the prompt becomes an injection vector when the outsourced agent executes the command.

## Issue Context
This is not executed by `outsource.sh` directly, but it is explicitly executed by the outsourced agent via its command-running tool, so prompt text must be treated as a command construction surface.

## Fix
Do both:
1) **Validate** `--base` in `outsource.sh` to a safe git-revision charset (reject whitespace and shell metacharacters).
2) **Quote** the revision range in the prompt template to avoid accidental word-splitting/injection.

Examples:
- In `outsource.sh`, after parsing flags:
  - `[[ "$BASE" =~ ^[A-Za-z0-9._/-]+$ ]] || { echo "error: unsafe --base value" >&2; exit 2; }`
- In `review.md`, change to something like:
  - `git diff "${BASE}...HEAD" --stat`
  - `git diff "${BASE}...HEAD"`
  (or `git diff --stat "$BASE"...HEAD` if you prefer two args)

## Fix Focus Areas
- .claude/skills/outsource/scripts/outsource.sh[115-165]
- .claude/skills/outsource/prompts/review.md[10-15]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

then read the touched files for the context you need.

Rules:

- READ-ONLY. Do NOT modify, create, or delete any file. Only read and run
read-only commands.
- Be terse and prioritized — lead with what actually matters. Don't pad.
- Call out real problems; if it's genuinely fine, say so and say why.
- You have a limited step budget. Read the diff efficiently and call finish with
your review well before you run out of steps.

When you are done, call finish with a structured review:

1. Correctness risks / likely bugs (with file:line).
2. Design, clarity, or maintainability concerns.
3. Concrete, actionable suggestions (ranked; most important first).
16 changes: 16 additions & 0 deletions .claude/skills/outsource/prompts/write.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Outsource Write Prompt

Implement the following task in this repository:

$ARGUMENTS

Rules:

- Make the SMALLEST change that correctly satisfies the task.
- Follow the repository's existing patterns, style, and conventions — read the
neighbouring files first so your change reads like the surrounding code.
- You may read, create, modify files, and run commands as needed.
- Don't widen the scope: do exactly what was asked, nothing more.

When you are done, call finish with a short summary of exactly what you changed
and why.
Loading
Loading