Release v0.2.0: self-improving skills#25
Merged
WellDunDun merged 21 commits intomasterfrom Mar 8, 2026
Merged
Conversation
* Add CI/CD workflows and npm package deployment (#2) * Add CLI versioning workflows and deployment infrastructure Add automated GitHub workflows for CLI version bumping and publishing to NPM. Include CHANGELOG documentation, updated README with package information, and executable script wrapper. These changes establish CI/CD automation for the selftune CLI package. Co-Authored-By: Ava <noreply@anthropic.com> * Address PR review: fix ENOENT fallback, harden CI, fix badges - Fix bin/selftune.cjs ENOENT handling: use `!= null` to catch both null and undefined status, preventing silent exit on missing runtime - Expand auto-bump paths to include bin/selftune.cjs and package.json - Remove continue-on-error from lint step in publish workflow - Harden publish gating with semver comparison (sort -V) to prevent publishing downgraded versions - Compact package.json files array for Biome formatting compliance - Fix README badges: correct repo URL and non-empty dependency link Co-Authored-By: Ava <noreply@anthropic.com> * chore: bump cli version to v0.1.1 [skip ci] --------- Co-authored-by: Ava <noreply@anthropic.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Add FOSS playbook: license, community docs, CI workflows, badges Implement the full FOSS tools, benefits & exposure playbook: - package.json: add description, license, author, homepage, repo, bugs, funding, keywords - LICENSE: MIT license (2026 WellDunDun) - .github/FUNDING.yml: GitHub Sponsors - .github/dependabot.yml: npm + github-actions weekly updates - .github/workflows/codeql.yml: CodeQL SAST for JS/TS - .github/workflows/scorecard.yml: OpenSSF Scorecard with SARIF upload - .github/workflows/publish.yml: npm publish on GitHub Release with provenance - .github/workflows/ci.yml: add --coverage flag to bun test - SECURITY.md: vulnerability reporting policy (48h ack, 90-day disclosure) - CONTRIBUTING.md: dev setup, architecture rules, PR expectations - CODE_OF_CONDUCT.md: Contributor Covenant v2.1 - README.md: 6 badges, Contributing/Security/Sponsor sections - docs/launch-playbook-tracker.md: manual action checklists for launch - AGENTS.md: add new docs to documentation map Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Update skill workflows and README install section Streamline skill workflow docs and restore Install/Development sections in README. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address PR review: private-only CoC reporting, simplify dependabot config - CODE_OF_CONDUCT.md: Remove public issue reporting option to avoid conflicting with privacy pledge; direct reporters to GitHub's built-in private reporting tools only - dependabot.yml: Remove redundant target-branch fields (Dependabot defaults to the repo's default branch, which is master) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: bump cli version to v0.1.2 [skip ci] * Use OIDC provenance for npm publish, remove NPM_TOKEN env var The id-token: write permission enables npm trusted publishing via OIDC — no secret token needed. Added --provenance flag. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add dev branch to CI and CodeQL workflow triggers CI and CodeQL only triggered on master. Now trigger on both master and dev for push and pull_request events. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix CI: biome formatting, flaky callLlm tests, CodeQL upload - package.json: collapse files array to single line (biome format) - tests/utils/llm-call.test.ts: use spyOn instead of direct Bun.spawn assignment for callLlm dispatch tests — more robust across Bun versions - codeql.yml: add continue-on-error since code scanning is not yet enabled in the repository settings Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix callLlm tests: verify dispatch via error behavior, not mocking Bun 1.3.10 does not allow intercepting Bun.spawn via direct assignment or spyOn in certain call paths. Replace global-mocking dispatch tests with behavioral assertions that prove routing by checking each path's guard clause error — robust across all Bun versions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove direct API calling path, simplify to agent-only mode Users will use their existing agent subscriptions (Claude Code, Codex, OpenCode) rather than direct Anthropic API calls. This removes callViaApi, API_URL/MODEL constants, --use-api/--mode flags, and ANTHROPIC_API_KEY detection. Simplifies callLlm signature from (sys, user, mode, agent?) to (sys, user, agent) and cascades through grading, evolution, and init. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix CI: biome formatting and callLlm test compatibility with Bun 1.3.10 Collapse multi-line mockImplementation callback to single line for biome. Rewrite callLlm tests to use try/catch instead of .rejects.toThrow() which resolves instead of rejecting on Bun 1.3.10. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Remove callLlm dispatcher tests that require agent CLI in CI The callLlm function is a 4-line guard + delegation. Tests tried to spawn agent CLIs (claude/codex/opencode) via Bun.spawn which aren't available in CI. The important logic (detectAgent, callViaAgent, stripMarkdownFences) remains fully tested. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix trailing blank line in llm-call test file Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Ava <noreply@anthropic.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* Add CLI status commands: dashboard, last, status Introduces three new monitoring commands to the selftune CLI: - dashboard: Interactive HTML dashboard for system monitoring - last: Display recent activity and events - status: Show current system state and health Includes comprehensive tests and updates to documentation and workflow specs. Co-Authored-By: Ava <noreply@anthropic.com> * Fix README: deduplicate badges and rename second Install section Consolidate badges into a single row above the title, removing three duplicates. Rename second Install section to Setup to avoid confusion. Co-Authored-By: Ava <noreply@anthropic.com> * Fix biome lint: formatting and non-null assertions Collapse multi-line expressions to satisfy biome formatter, fix import ordering, and replace non-null assertions with optional chaining. Co-Authored-By: Ava <noreply@anthropic.com> * Add CodeRabbit configuration for automated PR reviews Configure assertive review profile with path-specific instructions for CLI source, tests, skill docs, and dashboard. Enable Biome, security scanning (gitleaks, trufflehog, trivy), and disable irrelevant linters. Auto-review PRs targeting dev/master/main. Co-Authored-By: Ava <noreply@anthropic.com> * fix: address PR review findings — XSS, normalization, schema, dedup - Escape </script> in embedded dashboard JSON to prevent XSS (P1) - Deduplicate pending proposals by proposal_id in dashboard - Normalize query text with toLowerCase/trim in status.ts - Use word-boundary regex for skill name matching in audit lookup - Replace duplicate readJSONL with shared readJsonl from utils - Fix .coderabbit.yaml pre_merge_checks keys (title/description) - Extract hardcoded regression threshold to named constant - Add .getTime() to date subtraction in dashboard HTML - Fix step numbering gap in Initialize.md (4 → 5) - Replace Math.random() session IDs with deterministic counter in tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: collapse filter callback to single line for biome formatting Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address CodeRabbit PR review round 3: robustness, correctness, and cleanup - Fix DOM XSS: add escapeHtml() and escape all log-derived innerHTML fields - Add keyboard accessibility: role/tabindex/keydown on drop zone and skill rows - Dedup pending proposals by proposal_id in client-side computeClientSide - Remove Google Fonts CDN (no external deps beyond Chart.js) - Fix 3-digit hex color (#c44 -> #cc4444) and make colorize() handle both formats - Add ReDoS trust comment for word-boundary regex on internal log data - Add try/catch error handling to status cliMain - Add --force to Initialize.md command synopsis - Reset fixtureCounter in tests/status beforeEach for test isolation - Rename oxlint -> oxc and remove invalid ast-grep enabled key in .coderabbit.yaml Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix biome noParameterAssign lint error in colorize() Use a local `color` variable instead of reassigning the `hex` parameter to satisfy biome's style/noParameterAssign rule. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add missing process.exit(0) to status cliMain success path Every other cliMain() in the project explicitly exits with 0 on success. The status command was the only one missing it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Ava <noreply@anthropic.com>
Resolved conflicts in publish.yml (keep --provenance flag), package.json (keep v0.1.2 with full metadata), and README.md (keep expanded setup section with skill install instructions). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add dashboard/ to npm files whitelist (P1: broken npm installs) - Use variable toggle for CodeQL continue-on-error - Add concurrency group to publish workflow to prevent races - Add clarifying comment in bin/selftune.cjs catch block - Add process.exit(0) to dashboard.ts and last.ts success paths - Use structured JSON error in evolve.ts missing-agent path - Remove unnecessary await for sync cliMain() in index.ts - Add v0.6.0 section to CHANGELOG.md - Fix duplicate rule numbering in golden-principles.md (9-12) - Replace NPM_TOKEN with OIDC note in launch-playbook-tracker.md - Remove hard-coded version from launch-playbook runbook - Remove stale --llm-mode flag from Initialize.md docs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Brings in dependabot bumps, audit/release-gap fixes, and CodeRabbit review improvements from master. Conflicts resolved preferring master's audited patterns (async Bun.spawn, case-insensitive matching, Number.isFinite checks, newer GH Action versions). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The README had an 8-badge block at lines 1-8 and a redundant 5-badge block under the h1. Removed the duplicate to keep a single authoritative badge section at the top. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ution export (v0.7) (#13) * Add replay and contribute commands: retroactive transcript backfill and community contribution export. New features: - selftune replay: batch ingest existing Claude Code transcripts from ~/.claude/projects/, bootstrapping eval corpus from historical sessions - selftune contribute: opt-in export of anonymized observability bundles with two-tier sanitization (conservative/aggressive) for cross-developer signal pooling - 47 tests for contribute module (sanitize, bundle, contribute), 19 tests for replay ingestor - Architecture lint rules prevent contribute/ from importing forbidden modules - Updated all user-facing docs: AGENTS.md, README.md, PRD.md (v0.7), escalation-policy.md, Ingest.md, new Replay.md and Contribute.md workflows All 499 tests pass. Zero architecture violations. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> * Address PR review: 13 fixes from CodeRabbit and reviewer feedback - Fix shell injection in submitToGitHub: replace execSync with spawnSync - Add --since date validation in contribute CLI (matches replay pattern) - Wire projectName through sanitizeBundle for path-aware sanitization - Guard inner readdirSync in claude-replay.ts with try/catch - Add TODO for evolution record skill filtering (schema change needed) - Make submitToGitHub return boolean, exit(1) on failure - Build JWT at runtime in sanitize test to avoid secret scanner triggers - Replace non-null assertions with type guard in claude-replay test - Add opencode_json to README source field documentation - Use fully qualified selftune commands in Ingest.md workflow Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix biome 1.9.4 formatting and import sorting across 8 files Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix biome 2.4.4 lint: remove unused imports, fix import sort order Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address PR review: import.meta.dir, sanitize skillName, static utimesSync - Replace __dirname with import.meta.dir in bundle.ts getVersion() - Pass skillName to sanitizeBundle() in contribute.ts - Replace inline require("node:fs") with static utimesSync import in test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Scope buildGradingSummary to selected skill via skill_name filter Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
* Add PAI Infrastructure patterns: hooks, memory, agents, guardrails, dashboard server - Auto-activation hooks: UserPromptSubmit hook detects when selftune should run, outputs suggestions, tracks session state to prevent repeated nags - Skill change guard: PreToolUse hook detects SKILL.md writes, suggests watch - Evolution memory: 3-file persistence at ~/.selftune/memory/ (context.md, plan.md, decisions.md) survives context resets - Specialized agents: diagnosis-analyst, pattern-analyst, evolution-reviewer, integration-guide in .claude/agents/ - Enforcement guardrails: evolution-guard PreToolUse hook blocks SKILL.md edits on monitored skills unless watch has been run recently - Integration guide with project-type patterns and settings templates - Enhanced init with workspace structure detection - Dashboard server: selftune dashboard --serve with SSE, action buttons, evolution timeline - Updated all docs, workflows, architecture, escalation policy Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix biome 2.4.4 lint: format, imports, unused vars Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix biome 2.4.4 lint: format, import sort, unused imports Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Add replay and contribute: retroactive backfill and community contribution export (v0.7) (#13) * Add replay and contribute commands: retroactive transcript backfill and community contribution export. New features: - selftune replay: batch ingest existing Claude Code transcripts from ~/.claude/projects/, bootstrapping eval corpus from historical sessions - selftune contribute: opt-in export of anonymized observability bundles with two-tier sanitization (conservative/aggressive) for cross-developer signal pooling - 47 tests for contribute module (sanitize, bundle, contribute), 19 tests for replay ingestor - Architecture lint rules prevent contribute/ from importing forbidden modules - Updated all user-facing docs: AGENTS.md, README.md, PRD.md (v0.7), escalation-policy.md, Ingest.md, new Replay.md and Contribute.md workflows All 499 tests pass. Zero architecture violations. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> * Address PR review: 13 fixes from CodeRabbit and reviewer feedback - Fix shell injection in submitToGitHub: replace execSync with spawnSync - Add --since date validation in contribute CLI (matches replay pattern) - Wire projectName through sanitizeBundle for path-aware sanitization - Guard inner readdirSync in claude-replay.ts with try/catch - Add TODO for evolution record skill filtering (schema change needed) - Make submitToGitHub return boolean, exit(1) on failure - Build JWT at runtime in sanitize test to avoid secret scanner triggers - Replace non-null assertions with type guard in claude-replay test - Add opencode_json to README source field documentation - Use fully qualified selftune commands in Ingest.md workflow Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix biome 1.9.4 formatting and import sorting across 8 files Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix biome 2.4.4 lint: remove unused imports, fix import sort order Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address PR review: import.meta.dir, sanitize skillName, static utimesSync - Replace __dirname with import.meta.dir in bundle.ts getVersion() - Pass skillName to sanitizeBundle() in contribute.ts - Replace inline require("node:fs") with static utimesSync import in test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Scope buildGradingSummary to selected skill via skill_name filter Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com> * Address PR review comments: fix bugs, add validation, improve docs - Fix evolution-guard: add skill_name to EvolutionAuditEntry type so checkActiveMonitoring filter works correctly - Fix dashboard-server: add --skill-path to rollback args, resolve index.ts via import.meta.dir, add input validation on action endpoints, remove duplicate audit log read - Fix auto-activate: handle both flat and nested hook schema formats - Fix activation-rules: derive skill log path from query_log_path - Add port validation (1-65535) in dashboard CLI - Make updateContextAfterEvolve injectable via EvolveDeps - Fix unconditional deployed=true in evolve result - Replace raw console.error with structured logging in init.ts - Use appendFileSync for atomic append in memory/writer.ts - Add structured debug logging in watch.ts catch block - Fix SSE error handling and openDrillDown guard in dashboard HTML - Fix workflow docs: patterns.md -> plan.md, hook count correction - Add language specifiers to fenced code blocks in agent markdown - Add SSE reader null guard and monorepo detection test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix PR review comments: milestone label, escalation wording, dashboard URL - Rename "Next" milestone to "v0.8" to avoid Done/Next contradiction - Clarify escalation policy: distinguish code/logic changes (High Risk) from config value adjustments (Low Risk) for activation thresholds - Add default port (3141) to dashboard serve example in SKILL.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…oadmap (#17) * docs: sandbox design split, exec plan, and roadmap restructure Track A of multi-agent sandbox expansion complete: - Split sandbox-test-harness.md into sandbox-architecture.md (shared two-layer design) and sandbox-claude-code.md (Claude Code-specific implementation) - Created multi-agent-sandbox.md exec plan with 5 implementation tracks (doc restructure, fixtures, Layer 1 coverage, Docker expansion, per-agent docs) - Created ROADMAP.md with Done/In Progress/Planned sections, agent support matrix, and Skill Quality Infrastructure features (badges, auto-evolve, marketplace integration, conflict detection) - Updated design docs index with new file names - Added docs/strategy/ to .gitignore (strategy docs kept locally as private) Includes devcontainer setup, workflow improvements, README consolidation, and infrastructure updates for multi-agent support. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> * fix: stop excluding fixtures from CodeRabbit review Sandbox fixtures are intentional test data that should be reviewed, not vendored/generated files to ignore. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: address CodeRabbit review findings on PR #17 Devcontainer security: - Remove unnecessary NET_RAW capability from runArgs - Fix iptables INPUT chain: -o lo → -i lo for loopback - Add default DROP policies for INPUT/FORWARD/OUTPUT chains - Add pipefail to curl|bash Bun installs - Append SNIPPET to .bashrc for sandbox-agent shell Code fixes: - Fix stream deadlock: consume stdout/stderr concurrently via Promise.all - Add try-catch around JSON.parse for malformed grading results - Guard transcript glob copy with nullglob/array check - Extract countLines helper, handle empty files correctly - Wrap main test execution in try/finally for cleanup Documentation: - Fix path reference: tests/sandbox/claude-code/ → tests/sandbox/docker/ - Add language tags to bare fenced code blocks - Move HTML comment below H1 in multi-agent-sandbox.md - Update TD-007 date to 2026-03-02 - Remove hardcoded line numbers from golden-principles.md - Mark gitignored strategy doc links as "local only" - Deduplicate start/boot scripts in package.json Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
* Add cron jobs, OpenClaw ingestor, sandbox testing, and infrastructure This commit adds comprehensive support for recurring cron job management, OpenClaw API integration for consuming and persisting query data, and a complete sandbox testing infrastructure with Docker support for isolated environment testing. Includes detailed test fixtures, provisioning scripts, and strategy documentation for ICP/GTM and OpenClaw integration. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com> * fix: address CodeRabbit review findings across CLI, tests, docs, and infra - Add isCronJobConfig type guard for runtime validation in cron setup - Check subprocess exit codes in cron setup/removal - Fix error double-counting in OpenClaw session ingestion - Add session validation before writing ingested sessions - Fix subprocess pipe deadlock with Promise.all in Docker test runner - Add non-root user to Dockerfile.openclaw - Use nullglob instead of error swallowing in seed-openclaw.sh - Dynamic fixture discovery in sandbox runner instead of hardcoded lists - Remove unused imports flagged by Biome (mkdirSync, existsSync, stderr) - Fix template literal lint errors in test files - Add all/clean targets to Makefile, remove redundant boot script - Fix markdown lint issues (MD031, MD040, MD058) in docs - Remove outdated milestones section from README (CHANGELOG is source of truth) - Sanitize host-specific paths in sandbox result samples for portability Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: add curl timeout and truncate long skill names in status table - Add --connect-timeout 2 --max-time 5 to curl healthcheck in seed-openclaw.sh - Truncate skill names to 16 chars in status table to prevent column overflow Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: fail seed-openclaw.sh when zero sessions are seeded The script previously printed the seeded session count but continued silently even when that count was zero. Now it captures the count, checks for zero, and exits non-zero with a descriptive error message including the evaluated path/glob. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
* feat: Audit skills vs PRs, add workflow docs, polish README with visuals - Add 4 new workflow docs: Cron, AutoActivation, Dashboard, EvolutionMemory - Update SKILL.md with new workflow routing, specialized agents, examples - Expand Ingest.md with full OpenClaw ingestor documentation - Expand integration-guide.md with OpenClaw setup, cron loop, troubleshooting - Rewrite README for impact: concise selling copy, before/after value prop - Add SVG logo, generated before/after and feedback loop diagrams Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: Address PR review comments from CodeRabbit and Codex - Add H1 heading to README.md (MD041) - Fix ordered list numbering in integration-guide.md (MD029) - Add blank lines around fenced code block in integration-guide.md (MD031) - Add language tag to fenced block in EvolutionMemory.md (MD040) - Soften rollback guarantee wording in Cron.md, add --skill-path flag - Remove Windows cmd /c start from Dashboard.md (Unix-only project) - Fix AutoActivation.md: rules are in TypeScript, not a JSON config file Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
… feedback, Pareto (#18) * feat: Add 4 eval improvements — pre-gates, graduated scoring, failure feedback, Pareto evolution Implement four high-value eval improvements in parallel: 1. Deterministic Pre-Gates (grading/pre-gates.ts): 4 fast checks that resolve grading expectations without LLM calls (<20ms). Skips LLM entirely when all expectations resolve via pre-gates. 2. Graduated Scoring: 0-1 float scores on all expectations replacing binary pass/fail. GradingSummary includes mean_score and score_std_dev. 3. Rich Failure Feedback: Structured FailureFeedback flows from grader through extract-patterns to propose-description, giving the evolution LLM specific context about what failed and why. 4. Pareto Evolution (evolution/pareto.ts): Multi-candidate proposals with Pareto frontier selection across invocation type dimensions. Complementary candidates can be merged. CLI: --pareto (default true), --candidates N. All new type fields are optional — zero breaking changes. 239 new tests added. Docs updated: evolution-pipeline.md, ARCHITECTURE.md, PRD.md, README.md, golden-principles.md, escalation-policy.md, tech-debt-tracker.md. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: resolve biome lint and format errors for CI Remove unused imports, fix import sort order, apply formatting rules, and prefix unused variables in sandbox tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: Address PR review — pattern, markdown lint, redundant assertion - Make skill_md_read gate pattern order-agnostic (read...skill.md | skill.md...read) - Fix MD029 ordered list numbering in golden-principles.md (local 1..n) - Add blank line after ### Skill Evolution heading in PRD.md (MD022) - Remove redundant failure_feedback assertion in grade-session.test.ts - Add test coverage for both pattern orderings in pre-gates.test.ts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: Guard regex lastIndex in pre-gates, add score clamping tests Reset lastIndex before gate.pattern.test() for global/sticky regexes to prevent stale state across iterations. Add edge case tests for buildGraduatedSummary: clamping out-of-range scores, NaN/Infinity fallback to passed-based defaults. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: Tighten mean_score assertion to exact 3-decimal contract Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: Include invocation_type in failure_feedback test fixture Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: Use full optional chaining on failure_feedback array access Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
) * feat: Expand selftune from description-only to full skill evolution (#20) Add 6 new capabilities: full body/routing evolution (teacher-student 3-gate pipeline), baseline comparison (no-skill lift measurement), token efficiency (5D Pareto), skill unit tests (runner + generator), composability analysis (co-occurrence conflict detection), and SkillsBench corpus importer. 17 new source files, 12 new test files, 5 new workflow docs, updated ARCHITECTURE.md, README.md, evolution-pipeline design doc, and SKILL.md routing table. 898/899 tests passing, architecture linter clean. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: resolve biome lint and formatting errors failing CI Apply biome auto-fixes for import organization, code formatting, unused imports, template literal preferences, and schema version bump. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: address CodeRabbit review comments — types, tests, and safety - Structured JSON error logging in baseline.ts CLI catch block - Fix composability conflict scoring to consider co-skill solo error rate, preventing false-positive conflict detection - Add parseSimpleToml docstring documenting TOML subset limitations - Add runtime array validation for eval set JSON.parse in evolve-body.ts - Fix incorrect token-efficiency score comment in pareto.ts - Add ValidationGate closed union type replacing loose string in types.ts - Remove unused _makeMockCallLlm helper from baseline.test.ts - Add false-positive guard test for composability co-skill baseline - Add failure-path tests for generateRoutingProposal (malformed JSON, LLM error) - Add failure-path tests for refineBodyProposal (malformed JSON, LLM error) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: Add skill health badges, logo, dashboard badge routes, and hosted service - Add `selftune badge` CLI command with --skill, --format (svg/markdown/url), --output options - Badge data computation: color-coded by pass rate (green >80%, yellow 60-80%, red <60%, gray no-data) - SVG renderer: shields.io flat-style with Verdana 11px char-width table, zero external deps - Dashboard: badge route (GET /badge/:skill) and report route (GET /report/:skill) - Dashboard header: inline selftune logo mark - README: centered logo above badge rows - Architecture lint: badge module registered with proper dependency boundaries - Hosted service scaffold: Fly.io deployment, badge/report/submit/health routes - 35 badge tests (unit + integration), all passing - Workflow documentation for badge command usage Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: Remove hosted service and clean up references Remove service/ directory, deployment workflow, and related test files. Update lint-architecture.ts and tsconfig.json to remove service references. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: Add logo to badge SVG, extract constants, add sandbox tests - Extract BADGE_THRESHOLDS, BADGE_COLORS, TREND_ARROWS as exported constants matching cloud app pattern - Embed selftune logo as base64 data URI in badge SVG label section - Update badge service URLs to badge.selftune.dev and selftune-api.fly.dev - Add 4 local badge CLI tests and 2 live badge.selftune.dev smoke tests to sandbox orchestrator - Add logo presence tests to badge-svg test suite - Clean up stale exec-plans and update ROADMAP Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: Keep exec-plans public, gitignore only business strategy Exec-plans are part of the reins harness that contributors and agents need for architectural context. Only business strategy docs (GTM, ICP) are internal and symlinked from the canonical location via Conductor setup script. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: Address PR review — lint errors, optional chaining, format validation - Remove unused BadgeData/BadgeFormat imports (CI lint failure) - Replace non-null assertions with optional chaining in tests - Reorder format validation before defaulting in badge CLI - Validate format query param in dashboard server - Add aria-hidden to decorative SVG in dashboard - Remove hardcoded TypeScript version from README badge - Remove unused hasNoData variable in sandbox tests - Fix formatting in sandbox error handling Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: Resolve all CI lint failures — formatting, imports, assertions - Auto-format with biome 2.4.5 (was running 0.3.3 locally) - Sort imports in dashboard-server.ts, badge-svg.test.ts, badge.test.ts - Replace non-null assertions with helper/optional chaining in pre-gates and pareto tests - Prefix unused destructured vars in run-with-llm.ts - Format contribute.ts long lines and dashboard-server.ts ternaries Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: Address CodeRabbit PR review — XSS escape, format consistency, dedup README, shared fixtures, flaky live tests - Escape statusResult.lastSession in report HTML to prevent injection - Return format-aware response for not-found badges (markdown/url) - Consolidate duplicate logo and badges in README into single header - Extract shared makeSkillStatus/makeStatusResult to tests/badge/fixtures.ts - Treat network errors in live smoke tests as skipped (not failed) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: Align README with selftune.dev branding, bump to v0.2.0 Rewrote README to match site copy — new hero text, use cases section, updated How It Works descriptions, competitive table with Unique row, and trimmed command list. Also bumped version to 0.2.0 across package.json, PRD, and CHANGELOG. Gitignored MEMORY/ directory. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs: Remove hardcoded test counts from README Replace specific test numbers with stable language to prevent documentation drift. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…ntract (#23) * feat: Dashboard audit — 4-state status, eval feed, search/filter, data contract expansion (#23) Implements CLI-side recommendations from the dashboard audit: - 4-state status normalization (HEALTHY/WARNING/CRITICAL/UNKNOWN) - Evaluation feed endpoint and drill-down UI (per-query results) - Invocation breakdown doughnut chart in drill-down - Skill health grid search/filter - Time period selector (7d/30d/90d/All) for trend charts - ContributionBundle expanded with unmatched_queries + pending_proposals (schema v1.2) - Real invocation type classification in monitoring snapshots Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: Address CodeRabbit review findings and Biome lint/format errors Verified 21 CodeRabbit findings against actual code, fixed 11 real issues: - Use TRIGGER_CHECK_BATCH_SIZE/VALIDATION_RUNS constants instead of hardcoded values in evolve.ts - Remove unused processedEntries variable and fix unsafe InvocationTypeScores cast in validate-proposal.ts - Fix filterByPeriod to anchor to dataset timestamps instead of viewer clock in dashboard - Reapply search filter after grid rebuild in dashboard - Add aria-label to dashboard search input - Fix corrupted seo-audit fixture frontmatter - Add missing --validation-model to EvolveBody.md docs - Fix inconsistent confidence default (0.7→0.6) in Evolve.md - Add language specifiers to fenced code blocks in Evals.md - Remove unused SkillStatus import in badge.test.ts - Replace any types with EvalEntry[] in trigger-sanity.ts Auto-fixed Biome formatting and import ordering across 19 files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Shift from "skill observability" as primary frame to "self-improving skills for AI agents" — outcome-first, mechanism-second. Based on strategic analysis that observability is the engine but personalization is the value. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Reframe messaging to self-improving skills, consolidate v0.2.0 Align all consumer-facing surfaces (README, llms.txt, package.json, SKILL.md, AGENTS.md, launch playbook, integration guide) with the "self-improving skills" narrative from the personalization strategy analysis. Consolidate v0.3.0 features into v0.2.0 since dev branch ships everything together. Add Personalization SDK vision to roadmap. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix v0.2.0 release date to match March 17 launch target Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
The dashboard SSE test failed intermittently because it broke out of the read loop after seeing "event: data\n" but before the full data line arrived. Now waits for a complete SSE event (double newline) before parsing. CHANGELOG date updated to today's actual release date. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Important Review skippedToo many files! This PR contains 212 files, which is 62 over the limit of 150. ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (7)
📒 Files selected for processing (212)
You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Keep dev's v0.2.0 nav links and drop master's old description block, which is superseded by the rewritten intro section below it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0842173b7e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| }>(auditLogPath); | ||
|
|
||
| // Filter entries for this skill by skill_name field | ||
| const skillEntries = entries.filter((e) => e.skill_name === skillName); |
There was a problem hiding this comment.
skill_name in monitoring guard
checkActiveMonitoring only keeps audit records where e.skill_name === skillName, but evolve.ts still writes audit entries without the skill_name field (it only sets proposal_id, action, and details). In sessions evolved through that path, the guard will never detect active monitoring and will allow direct SKILL.md edits that should be blocked until selftune watch runs, which defeats the protection this hook is meant to enforce.
Useful? React with 👍 / 👎.
Collaborator
Author
There was a problem hiding this comment.
Fixed in 6678820. evolve.ts createAuditEntry now passes skillName through, so checkActiveMonitoring correctly matches by skill_name. evolve-body.ts already had this.
| try { | ||
| const payload: PreToolUsePayload = JSON.parse(await Bun.stdin.text()); | ||
| const sessionId = payload.session_id ?? "unknown"; | ||
| const statePath = sessionStatePath(sessionId); |
There was a problem hiding this comment.
This hook stores its dedupe state in sessionStatePath(sessionId), the same file used by auto-activate, but the two hooks persist different JSON schemas (warned_skills vs suggestions_shown). When both hooks run in one session, each can treat the other’s file as invalid and reset it, causing repeated reminders and loss of per-session suppression behavior.
Useful? React with 👍 / 👎.
Collaborator
Author
There was a problem hiding this comment.
Fixed in 6678820. skill-change-guard now uses its own state file (guard-state-.json) instead of sharing session-state-.json with auto-activate. Prevents mutual corruption from incompatible schemas.
1. evolve.ts createAuditEntry now includes skill_name field so the evolution-guard hook can correctly detect active monitoring. Previously audit entries only had proposal_id/action/details, causing checkActiveMonitoring to never match. (PR #25 comment #2) 2. skill-change-guard now uses its own state file (guard-state-*.json) instead of sharing session-state-*.json with auto-activate. The two hooks persist different schemas which caused mutual corruption when both ran in the same session. (PR #25 comment #3) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Repo hygiene completed
v0.2.0 highlights
Test plan
bun test— 1034/1034 passingbun run lint— cleanbun run lint:arch— no violations🤖 Generated with Claude Code