Skip to content

docs: add <framework> placeholder; update Python invocations to use it#3

Merged
potiuk merged 1 commit into
mainfrom
skills-framework-placeholder
Apr 28, 2026
Merged

docs: add <framework> placeholder; update Python invocations to use it#3
potiuk merged 1 commit into
mainfrom
skills-framework-placeholder

Conversation

@potiuk
Copy link
Copy Markdown
Member

@potiuk potiuk commented Apr 28, 2026

Summary

PR 2 ported the generate-cve-json Python implementation into the framework. Skills currently invoke it via uv run --project tools/vulnogram/generate-cve-json … — works in framework standalone (cwd=repo root), but not in adopting projects, where the framework lives at the .apache-steward/apache-steward/ submodule path.

This PR introduces a <framework> placeholder. Adopting projects substitute it to .apache-steward/apache-steward/; framework-standalone substitutes to .. Skills now reference <framework>/tools/vulnogram/generate-cve-json everywhere they invoke the tool, and the path resolves in either context after the agent's standard placeholder substitution.

Files updated

  • AGENTS.md — new row in the placeholder-convention table for <framework>.
  • .claude/skills/{sync-security-issue,allocate-cve,deduplicate-security-issue}/SKILL.md — 6 invocation sites updated.
  • tools/vulnogram/generate-cve-json/SKILL.md — 3 invocation sites updated.
  • tools/vulnogram/generate-cve-json/README.md — documented the dual-context invocation with the placeholder.

Files NOT changed

Markdown links to SKILL.md (e.g. [generate-cve-json](../../../tools/vulnogram/generate-cve-json/SKILL.md)) — those work via the .claude/skills/ symlink in adopters because the kernel follows the symlink to the file's actual location and resolves the relative path from there.

Test plan

  • ✅ Pre-commit passes (ruff/mypy/pytest + standard hooks).
  • ✅ All 100 tests in the generate-cve-json package pass.
  • Future: dogfood a sync run in airflow-s once this lands and the submodule is bumped.

Coordination

This is the framework-side counterpart to airflow-s/airflow-s#363 (delete-local-cve-json-after-port). After this PR lands, airflow-s PR 3 needs one more commit to bump the submodule pointer to this PR's merge SHA — only then do skills work end-to-end on airflow-s.

🤖 Generated with Claude Code

@potiuk
docs: add <framework> placeholder; update Python invocations to use it
2ac3872 
After PR 2 ported the generate-cve-json Python implementation into
the framework, skill files invoke it from the path
`tools/vulnogram/generate-cve-json` — which resolves correctly in
framework standalone (where `cwd` is the repo root) but not in
adopting projects (where the framework is at the
`.apache-steward/apache-steward/` submodule path and `tools/` is
nowhere near `cwd`).

This commit introduces a `<framework>` placeholder that resolves
to:
- `.apache-steward/apache-steward/` in adopting projects (the
  submodule path);
- `.` (the repo root) in framework standalone.

Skills now reference `uv run --project <framework>/tools/vulnogram/
generate-cve-json …`, which works in both contexts after the
agent's standard placeholder substitution.

Files updated:

- AGENTS.md — added a new row to the placeholder convention table
  for `<framework>`.
- .claude/skills/{sync-security-issue,allocate-cve,deduplicate-
  security-issue}/SKILL.md — 6 invocation sites updated.
- tools/vulnogram/generate-cve-json/SKILL.md — 3 invocation sites
  updated; preamble note already in place from PR 2 calling out the
  config-driven design.
- tools/vulnogram/generate-cve-json/README.md — documented the
  dual-context invocation pattern with the placeholder.

Markdown LINKS to SKILL.md (e.g. `[generate-cve-json](../../../tools/
vulnogram/generate-cve-json/SKILL.md)`) are deliberately not
rewritten — those work via the .claude/skills/ symlink in adopters
because the kernel follows the symlink to the actual file location
and resolves the relative path from there.

Test plan:

- Pre-commit (`prek run --all-files`) passes after the changes.
- All 100 tests in the generate-cve-json package pass against the
  test fixture config.

This is the framework-side counterpart to airflow-s PR 3
(delete-local-cve-json-after-port). After this lands and gets
merged, the airflow-s PR 3 needs a final commit to bump the
submodule pointer to this commit's SHA so adopting projects pick up
both PR 2 (the Python implementation) and this PR's skill text.

Generated-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@potiuk potiuk merged commit 86036ca into main Apr 28, 2026
@andreahlert andreahlert added the mode:platform Substrate / infra — not a mode (sandbox, CI, validators) label May 7, 2026
@andreahlert andreahlert mentioned this pull request May 7, 2026
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

mode:platform Substrate / infra — not a mode (sandbox, CI, validators)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@potiuk @andreahlert