docs(token-audit): include figma fixes

[andrew-ronaldson]

Added a step to leverage figma-use skill to implement changes that the audit reports.

Summary by CodeRabbit

• Documentation
  • Reworked auditor docs to be outcome- and rule-oriented, adding explicit input requirements and a “Before escalating” gating step.
  • Standardized token descriptions, classification and naming guidance.
  • Overhauled findings/handoff format: required “Where” Figma deep links to innermost nodes, richer “What & why” grounded in token text and visuals, clickable multi-node lists, and a compact PASS summary with optional links.
  • Added actionable-apply rules, structured user-choice contracts, post-apply inventory, and updated escalation guidance.

[coderabbitai]

Warning

Rate limit exceeded

@andrew-ronaldson has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 43 minutes and 50 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 43 minutes and 50 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 8b253d42-87ca-4f5a-9110-41cd84155a4d

📥 Commits

Reviewing files that changed from the base of the PR and between 9860521 and fa6c35a.

📒 Files selected for processing (1)

• plugins/design-tokens/skills/pf-token-auditor/SKILL.md

📝 Walkthrough

Walkthrough

Rewrote the pf-token-auditor SKILL docs to replace step-based workflow with outcome- and rule-oriented guidance, require Figma deep links and explicit "Where" guidance, redefine finding/handoff formats (single-node links, multi-node "Affected nodes"), add PASS summary table, and specify interactive remediation contracts and figma-use execution constraints.

Changes

Cohort / File(s)

Summary

Figma Token Auditor Documentation plugins/design-tokens/skills/pf-token-auditor/SKILL.md

Documentation-only overhaul: replaced workflow with outcome/rule-focused sections; added "What a successful audit delivers" and explicit input/outcome requirements; consolidated token classification/naming guidance; renamed "Before escalating"; clarified Rule 5 theme usage; reworked handoff/report schema requiring "Where" Figma deep links (node-id hyphenation, branch key handling), richer "What & why" with quoted token descriptions, visual grounding for failures, and multi-node "Affected nodes" linkable lists; validated token summary changed to compact PASS table with optional deep links; introduced "Optional: apply fixes in Figma" with actionable statuses, structured user-choice contracts (stable ids, batch/item flows, provide_own path), delegation to figma-use for execution, grouping/targeting/return/validation requirements, and post-application inventory/reporting; updated escalation guidance and relocated reference sections.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• jpuzz0

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'docs(token-audit): include figma fixes' accurately reflects the main change—adding documentation about implementing Figma fixes via the figma-use skill.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@plugins/design-tokens/skills/pf-token-auditor/SKILL.md`:
- Around line 133-160: Update the confirmation UI templates in SKILL.md so both
the initial numbered list and the per-finding "Update individually" prompt
include the missing evidence fields: add Node ID (e.g., include node-id: 123:456
next to each node name in the initial list), show the Figma source
value/variable and the CSS token target (e.g., `background-color` →
`background/color/primary/default`) inline, and append the token-description
evidence citation for each finding (a short token description string) in both
the “Update all” and “[1/{N}]” blocks; ensure the same fields appear for all
action options (“Update all”, “Update individually”, “Skip”, “Update”, “Skip”,
“Update remaining”) so approvals are fully informed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 46eb9af4-7de6-4cb9-a51f-e1adabf5e55a

📥 Commits

Reviewing files that changed from the base of the PR and between 2d5a814 and b231901.

📒 Files selected for processing (1)

• plugins/design-tokens/skills/pf-token-auditor/SKILL.md

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@plugins/design-tokens/skills/pf-token-auditor/SKILL.md`:
- Around line 1-4: The SKILL.md frontmatter for the pf-token-auditor skill lacks
the required safety flag; update the YAML frontmatter at the top of SKILL.md
(the block containing name: pf-token-auditor and description) to include
disable-model-invocation: true so the mutating skill that performs write
operations to Figma is marked as side-effect unsafe; ensure the new key is added
at the root of the frontmatter block alongside name and description and use the
exact literal disable-model-invocation: true.
- Around line 186-250: The README section titled "CRITICAL — Cursor:
`AskQuestion` is mandatory (not markdown bullets)" hard-codes Cursor's
AskQuestion schema; make it tool-agnostic by replacing the Cursor-specific JSON
and required field names with a neutral requirement: if the host exposes a
"clickable options" tool (any tool that accepts a prompt+options and returns a
selected option id), invoke that tool to present the three choices (update_all,
update_individually, skip) and fall back to a deterministic numbered-reply UI
("Reply 1, 2, or 3:") when no such tool exists; remove or generalize the exact
AskQuestion invocation examples and instead show a schema-agnostic example shape
(prompt, options[], option.id) and note the per-item variant similarly, ensuring
you still reference the option ids (update_all, update_individually, skip,
apply, provide_own, skip, apply_remaining) so callers can map them to their
tool.
- Around line 358-392: The "Execution via figma-use" section currently contains
host-specific implementation steps (e.g., figma.getNodeByIdAsync,
figma.variables.getLocalVariablesAsync,
figma.variables.setBoundVariableForPaint, direct mutation snippets and the
example return { mutatedNodeIds: [...] }) instead of high-level outcome
constraints; replace those procedural API examples with outcome-level
requirements that reference the same intent: require that each use_figma call
target specific node-ids from the audit, group fixes by operation type (variable
binding, composite replacement, value sync), return a list of mutated node IDs,
and include post-run validation (e.g., call get_metadata or get_screenshot) to
confirm mutations — remove concrete figma.* API calls and mutation code and
rewrite as goals/constraints (target node IDs, apply approved fix, verify
mutation, report mutatedNodeIds).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 07f4695b-e371-4ce6-b633-53e27741f942

📥 Commits

Reviewing files that changed from the base of the PR and between b231901 and b8d8a87.

📒 Files selected for processing (1)

• plugins/design-tokens/skills/pf-token-auditor/SKILL.md

[coderabbitai]

♻️ Duplicate comments (1)

plugins/design-tokens/skills/pf-token-auditor/SKILL.md (1)

1-4: ⚠️ Potential issue | 🟠 Major

Add side-effect safety flag to frontmatter.

This skill includes an edit path (“Optional: apply fixes in Figma”), so frontmatter should explicitly declare side effects with disable-model-invocation: true.

Proposed patch

 ---
 name: pf-token-auditor
 description: Validate and bridge Figma design styles to PatternFly 6 design tokens. Use when auditing Figma designs against PatternFly tokens, validating token naming, translating Figma styles to composite tokens, or when the user mentions "token validation", "token audit", "design tokens", "Figma audit", "Figma variables", "token bridge", or "PF tokens".
+disable-model-invocation: true
 ---

As per coding guidelines: “Add disable-model-invocation: true in SKILL.md frontmatter if the skill has side effects (creates issues, posts comments, deploys).”

Also applies to: 125-171

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@plugins/design-tokens/skills/pf-token-auditor/SKILL.md` around lines 1 - 4,
The SKILL.md frontmatter for the pf-token-auditor skill is missing the required
side-effect safety flag; because this skill exposes an edit path ("Optional:
apply fixes in Figma") you must add disable-model-invocation: true to the YAML
frontmatter near the existing name: pf-token-auditor and description fields so
the manifest explicitly declares side effects and prevents model-driven
invocations.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@plugins/design-tokens/skills/pf-token-auditor/SKILL.md`:
- Around line 1-4: The SKILL.md frontmatter for the pf-token-auditor skill is
missing the required side-effect safety flag; because this skill exposes an edit
path ("Optional: apply fixes in Figma") you must add disable-model-invocation:
true to the YAML frontmatter near the existing name: pf-token-auditor and
description fields so the manifest explicitly declares side effects and prevents
model-driven invocations.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: b833e809-0015-4ca1-88fb-bc5ff6a7c868

📥 Commits

Reviewing files that changed from the base of the PR and between b8d8a87 and 9860521.

📒 Files selected for processing (1)

• plugins/design-tokens/skills/pf-token-auditor/SKILL.md

[jpuzz0]

LGTM!