align skills repo with CodeRabbit CLI install flow

[nehal-a2z]

Summary

• Rewrite the README so the CodeRabbit CLI is the primary install path: Quickstart uses curl -fsSL https://cli.coderabbit.ai/install.sh | sh, and the Installation section documents the three entry points (install.sh auto-prompt, coderabbit integrations setup, coderabbit integrations disable) along with a trigger × preference × TTY decision table.
• Document ~/.coderabbit/skills.json state, the "where skills land" layout, and the opt-out semantics. Demote npx skills add and the /plugin install coderabbit flow to an "Alternative installers" subsection.
• Add metadata.version: "0.1.0" to both skills/code-review/SKILL.md and skills/autofix/SKILL.md so the CLI state tracking in skills.json records a real version per skill. Placed under metadata: (not top-level) to conform to the agentskills.io spec — the closed-set validator in skills-ref rejects unknown top-level keys, and the CLI's parseSkillVersion regex trims each frontmatter line before matching, so the indented placement still parses.
• Move the non-spec triggers: field in autofix/SKILL.md under metadata: for the same reason.

Aligns this repo with the contract expected by the CLI's new integrations flow in coderabbitai/mono#13542. No skill behavior changes; docs + frontmatter only.

Test plan

• grep -E '^\s*version:' skills/*/SKILL.md shows version: "0.1.0" (indented under metadata:) for both code-review and autofix.
• curl -fsSL https://cli.coderabbit.ai/install.sh | sh on a clean machine prompts once, and accepting the prompt installs skills into every detected agent's global skills path.
• coderabbit integrations setup against main of this repo installs all listed skills and populates ~/.coderabbit/skills.json with a version per skill.
• A second coderabbit integrations setup run short-circuits as a no-op (archive sha256 unchanged).
• coderabbit integrations disable flips the preference to opted-out without removing previously installed skill files.

Summary by CodeRabbit

• Documentation

  • Reworked Quickstart to center on CLI install/auth flow and CLI docs; removed inline direct-install steps. Added a dedicated CLI installation/auth subsection, condensed “Other install paths” with installer flags, linked to agent-specific integration guides, and simplified the Supported Agents table. Changelog updated to reflect these docs changes.

• Chores

  • Standardized skill metadata: added explicit version and migrated one skill’s frontmatter to a nested metadata schema.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: ca6de638-9738-4902-9640-608ac3364ce0

📥 Commits

Reviewing files that changed from the base of the PR and between 1bd4800 and abd3cf6.

📒 Files selected for processing (2)

• CHANGELOG.md
• README.md

✅ Files skipped from review due to trivial changes (1)

• CHANGELOG.md

📜 Recent review details

🧰 Additional context used

🪛 LanguageTool

README.md

[uncategorized] ~117-~117: The official name of this software platform is spelled with a capital “H”.
Context: ... | | GitHub Copilot | .github/skills/ | ~/.copilot/skills/ ...

(GITHUB)

🔇 Additional comments (5)

README.md (5)

117-117: Static analysis false positive.

The LanguageTool hint about "GitHub Copilot" capitalization is a false positive. The name is correctly capitalized with both "G" and "H" uppercase, matching the official product name.

---

11-18: LGTM! Clear quickstart flow.

The streamlined flow (install CLI → authenticate → use) effectively establishes the CLI as the primary installation path, aligning with the PR objectives.

---

22-46: LGTM! Well-organized installation hierarchy.

The restructured Installation section clearly establishes the CLI as primary while preserving alternative paths. The skills installer flags table provides useful quick reference without overwhelming the reader.

---

47-78: LGTM! Consistent integration documentation.

The Claude Code, Cursor, and Codex sections follow a consistent pattern (brief instruction → full integration guide link), making it easy for users to find the right path for their agent.

---

101-139: LGTM! Clear and comprehensive agents table.

The simplified table format (Agent | Project Path | Global Path) is easy to scan and provides the essential information users need to locate their skills installation.

---

📝 Walkthrough

Walkthrough

Reworked README to center installation/authentication on the CodeRabbit CLI, removed inline npx skills add install steps, added Codex App subsection, simplified Supported Agents guidance, and redirected Cursor instructions to its integration guide. Updated two skill frontmatters: code-review added metadata.version; autofix nested version and triggers under metadata.

Changes

Cohort / File(s)	Summary
Documentation — README & changelog README.md, CHANGELOG.md	Primary install/authentication flow now points to CodeRabbit CLI (Homebrew or install script); Quickstart no longer includes npx skills add examples; added Codex App subsection; Cursor guidance links to integration docs; simplified Supported Agents table; changelog notes README changes.
Skill metadata — code-review skills/code-review/SKILL.md	Added metadata.version: "0.1.0" to frontmatter; no behavior changes.
Skill metadata — autofix skills/autofix/SKILL.md	Frontmatter restructured: moved top-level version and triggers into metadata (metadata.version: "0.1.0", metadata.triggers: [...]); trigger patterns unchanged.

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I hopped through lines of README bright,
Tucked CLI paths where installers light.
Small metadata nests now snug and neat,
Codex has a corner, Cursor finds its seat,
A rabbit’s nibble — tidy, quick, and sweet.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'align skills repo with CodeRabbit CLI install flow' directly and clearly describes the main changes: reorienting README and SKILL.md files to align with the CodeRabbit CLI installation flow.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch skill_install_cli_p2

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch skill_install_cli_p2

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@README.md`:
- Around line 12-15: Add a short security warning around the "curl -fsSL
https://cli.coderabbit.ai/install.sh | sh" install line advising against piping
remote scripts directly to sh; then provide safer alternatives: a
package-manager installation command (if available), instructions to download
the script first and verify its contents (e.g., "curl -fsSL -o install.sh ...;
inspect install.sh; sh install.sh"), and guidance to verify a published checksum
or GPG signature before execution; update the same guidance near the duplicate
occurrence at line 31.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: 8c90cc71-247f-4644-9f34-4063f0e74d8b

📥 Commits

Reviewing files that changed from the base of the PR and between 353cbab and b1d96ff.

📒 Files selected for processing (2)

• README.md
• skills/code-review/SKILL.md

📜 Review details

🔇 Additional comments (2)

skills/code-review/SKILL.md (1)

4-4: Version frontmatter addition looks correct.

Adding version: 0.1.0 in Line 4 is consistent with the integrations metadata contract and keeps this skill aligned with CLI sync behavior.

README.md (1)

26-74: Installation flow docs are clear and actionable.

The trigger ordering, behavior table, and ~/.coderabbit/skills.json semantics are well documented and reduce ambiguity for users and support teams.

[coderabbitai]

♻️ Duplicate comments (1)

README.md (1)

13-15: ⚠️ Potential issue | 🟠 Major

Add a safe-install note next to curl | sh.

This still promotes direct script execution without integrity/inspection guidance. Please add a short security note (package manager preferred; or download-inspect-then-run, plus checksum/signature verification when available).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` around lines 13 - 15, Update the README to add a short security
note alongside the curl command that prefers using Homebrew or the documented
package manager, and if users must use the curl | sh line ("curl -fsSL
https://cli.coderabbit.ai/install.sh | sh") instruct them to instead download
the script to a file first, inspect its contents, and verify its
checksum/signature (pointing to the project's checksum/signature URL or
verification instructions if available) before executing; keep the note concise
and adjacent to the install command.

🧹 Nitpick comments (1)

README.md (1)

13-15: Quickstart/Installation copy is inconsistent about Homebrew.

The text says “Use Homebrew or the install script,” but only the script path is shown inline. Either add the Homebrew command here or reword to “install via script (see CLI docs for alternatives).”

Also applies to: 25-27

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` around lines 13 - 15, The README's quickstart header saying "Use
Homebrew or the install script" is inconsistent because only the script is
shown; either add the Homebrew install command (e.g., the brew install
invocation) next to the curl line or change the wording to explicitly indicate
the script is shown and Homebrew is documented elsewhere (e.g., "Install via
script (see CLI docs for Homebrew and other options)"). Update the same phrasing
at the repeated block around lines 25-27 so both places are consistent and
mention the Homebrew command or a pointer to the CLI docs.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@README.md`:
- Around line 13-15: Update the README to add a short security note alongside
the curl command that prefers using Homebrew or the documented package manager,
and if users must use the curl | sh line ("curl -fsSL
https://cli.coderabbit.ai/install.sh | sh") instruct them to instead download
the script to a file first, inspect its contents, and verify its
checksum/signature (pointing to the project's checksum/signature URL or
verification instructions if available) before executing; keep the note concise
and adjacent to the install command.

---

Nitpick comments:
In `@README.md`:
- Around line 13-15: The README's quickstart header saying "Use Homebrew or the
install script" is inconsistent because only the script is shown; either add the
Homebrew install command (e.g., the brew install invocation) next to the curl
line or change the wording to explicitly indicate the script is shown and
Homebrew is documented elsewhere (e.g., "Install via script (see CLI docs for
Homebrew and other options)"). Update the same phrasing at the repeated block
around lines 25-27 so both places are consistent and mention the Homebrew
command or a pointer to the CLI docs.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: b94743bc-e077-4de1-afb4-299a42902146

📥 Commits

Reviewing files that changed from the base of the PR and between 06400d6 and 1bd4800.

📒 Files selected for processing (1)

• README.md

📜 Review details

🧰 Additional context used

🪛 LanguageTool

README.md

[uncategorized] ~95-~95: The official name of this software platform is spelled with a capital “H”.
Context: ... | | GitHub Copilot | .github/skills/ | ~/.copilot/skills/ ...

(GITHUB)

🔇 Additional comments (1)

README.md (1)

50-56: Nice docs restructuring for agent-specific integration paths.

The Cursor/Codex guidance links and simplified supported-agents table improve navigation and reduce install ambiguity.

Also applies to: 79-117