add pr-summary Claude Code skill

[transphorm]

Summary

• Migrate the pr-summary Claude Code skill from the euclid repo, adapted for this monorepo's directory structure, categories, and validation commands
• Update .gitignore to track .claude/skills/ while keeping .claude/settings*.json files ignored

Changes

Config/infra

• New .claude/skills/pr-summary/SKILL.md — user-invocable skill that generates PR titles and structured summaries from branch changes, with Linear issue and Figma link scanning
• .gitignore — changed .claude ignore to .claude/* with !.claude/skills/ exception, added **/.claude/settings.json and **/.claude/settings.local.json ignores

Test Plan

• Invoke /pr-summary skill in Claude Code to verify it works
• Verify .claude/skills/pr-summary/SKILL.md is tracked by git
• Verify .claude/settings*.json files remain ignored

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Introduced automated pull request summary generation that creates GitHub PR titles and detailed descriptions with automatic Linear issue detection and linking, Figma documentation extraction, and test plan checklists

• Chores

  • Updated configuration directory ignore patterns to selectively manage file exclusions

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new user-invocable skill at .claude/skills/pr-summary/SKILL.md that generates concise GitHub PR titles and structured markdown PR bodies by collecting git context (commits, diffs, unstaged changes), scanning for Linear and Figma references, categorizing changes, and optionally creating or updating PRs via the gh CLI with explicit user confirmation. Also tightens .claude ignore rules in .gitignore.

Changes

Cohort / File(s)	Summary
PR Summary Skill ​.claude/skills/pr-summary/SKILL.md	New +224/-0-line user-invocable skill pr-summary (optional base-branch arg). Gathers git log/diff/unstaged info, validates base branch, extracts Linear issue refs and Figma URLs, categorizes changes by path patterns, generates a <70-char action-verb PR title and structured PR body (Summary, categorized Changes, conditional Linear & Figma sections, Test Plan + native checklist), and interacts with gh pr view/edit/create only after user confirmation.
Git Ignore Configuration .gitignore	Replaced a broad .claude ignore with ​.claude/* and added negation rules to allow ​.claude/skills/ and specific **/.claude/settings.json / **/.claude/settings.local.json to be included.

Sequence Diagram(s)

sequenceDiagram
    actor User
    participant Shell as "Shell / Git"
    participant MCP as "MCP (Linear)"
    participant Figma as "Figma URLs"
    participant GH as "GitHub (gh CLI)"

    User->>Shell: Invoke `pr-summary` (optional base-branch)
    Shell->>Shell: Validate base branch exists
    Shell->>Shell: Collect commit history, full diff, unstaged/untracked
    Shell->>MCP: Extract Linear issue IDs and request issue details
    MCP-->>Shell: Return issue details (labels, links, descriptions)
    Shell->>Figma: Scan diffs + Linear data for Figma URLs
    Figma-->>Shell: Return found URLs (if any)
    Shell->>Shell: Categorize changed files and generate title + body
    Shell->>GH: Check for existing PR for current branch
    alt PR exists
        GH-->>Shell: Current PR metadata
        Shell->>User: Prompt to replace/update autogenerated title/body
        User->>GH: Confirm update
        GH-->>Shell: Edit PR
    else No PR exists
        Shell->>User: Display generated title/body for confirmation
        User->>GH: Confirm create
        GH-->>Shell: Create PR against selected base branch
    end
    GH-->>User: Return PR created/updated info

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

✨ A tiny skill that reads the trees of git,
Threads Linear threads and gathers Figma bits,
It crafts a title, then waits for your fit,
No PR moves till your hand gives it the click—
A careful helper, tidy and legit.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely describes the main change: adding a new Claude Code skill for PR summary generation.
Description check	✅ Passed	The description covers all required template sections (Description, Tested/Rationale, How to QA as test plan) with clear explanations of changes and concrete test steps.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch justin/migrate-pr-summary-skill

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: edc99590bb

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.claude/skills/pr-summary/SKILL.md:
- Around line 149-151: Update the default validation checklist in SKILL.md so it
matches repo gating: replace the checklist item that currently reads "`yarn lint
&& yarn types`" with "`yarn nice`" (and ensure any mention of "Default
validation checklist" or "Test Plan" text reflects this change) so PRs instruct
running `yarn nice` in affected workspaces before creation.
- Around line 175-185: The "Auto-update without asking" section currently allows
immediate gh pr edit operations and conflicts with the later rule that requires
explicit confirmation before any edit/create; change the behavior in the
"Auto-update without asking" section so it no longer performs edits
automatically — instead present the generated title and body and require the
same explicit confirmation step described in the "requires explicit confirmation
before any edit/create" rule before running gh pr edit, updating the wording to
reference the confirmation flow so both sections are consistent.
- Around line 47-51: Add a mandatory redaction pass before the step that ingests
and summarizes the "Full diff" (the git diff -> PR text generation workflow) so
sensitive data (tokens, keys, credentials, private endpoints, and PII) are
scrubbed; implement a pre-processing function (e.g.,
redactSecrets/redactSensitiveData) invoked immediately after producing the diff
and before any PR body generation/edit logic, surface a flag or annotation for
any files/lines containing potential secrets so the PR description marks them as
"security-sensitive — manual review required" (also apply the same
redaction/flagging to the related steps referenced around lines 121-154).
- Around line 123-157: The PR body template in
.claude/skills/pr-summary/SKILL.md always emits optional blocks (headers "##
Linear Issues" and "## Figma") and can drop required native checklist context
when native files are touched; update the generator to: detect whether the diff
touches native paths, preserve and inject the required native checklist lines
into the "## Test Plan" section when native paths are present, and conditionally
omit the "## Linear Issues" and "## Figma" sections when no data exists; locate
the logic that assembles these headers (look for the literal strings "## Linear
Issues", "## Figma", and "## Test Plan" in the template/templating code) and
change it to conditionally render those sections and to merge the native
checklist into "## Test Plan" based on a native-path check.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f074689c-4ca4-4796-b741-cc3cd7bc6d28

📥 Commits

Reviewing files that changed from the base of the PR and between 17232e7 and edc9959.

📒 Files selected for processing (2)

• .claude/skills/pr-summary/SKILL.md
• .gitignore

[coderabbitai]

♻️ Duplicate comments (2)

.claude/skills/pr-summary/SKILL.md (2)

47-51: ⚠️ Potential issue | 🟠 Major

Missing secret/PII redaction guard before summarizing diff content.

The workflow ingests the full diff and generates PR text without any sanitization step. If the diff contains secrets, API keys, credentials, private endpoints, or PII, they could be exposed in the PR body. Add a mandatory redaction/scrubbing pass before Step 7 (PR body generation).

Based on learnings: Flag security-sensitive changes for special review in PR description; Confirm no sensitive data exposed in logs/comments after PR creation.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.claude/skills/pr-summary/SKILL.md around lines 47 - 51, The PR workflow
currently ingests the full diff (the "git diff <base-branch>...HEAD" step) and
generates the PR body without sanitization; add a mandatory redaction/scrubbing
pass immediately before "Step 7 (PR body generation)" that scans the diff for
secrets/PII (API keys, credentials, private endpoints, email/SSNs) and either
redacts or replaces them with placeholders, then produce a summary that flags
any files/changes classified as security-sensitive for special review; also
ensure the workflow emits a confirmation step that verifies no sensitive data
remains in logs/comments after PR creation and fails or requires explicit
overrides if any sensitive matches are found.

---

149-151: ⚠️ Potential issue | 🟡 Minor

Update validation checklist to match repo gating.

The default checklist specifies yarn lint && yarn types, but repo practice expects yarn nice in affected workspaces before PR creation. Update this to: - [ ] \yarn nice` passes in affected workspaces`

Based on learnings: Before creating a PR, ensure 'yarn nice' passes in affected workspaces.

✏️ Proposed fix

-- [ ] `yarn lint && yarn types` passes
+- [ ] `yarn nice` passes in affected workspaces
+- [ ] `yarn types` passes across the repo

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.claude/skills/pr-summary/SKILL.md around lines 149 - 151, Replace the
checklist item that reads `- [ ] \`yarn lint && yarn types\` passes` with `- [ ]
\`yarn nice\` passes in affected workspaces`, and update the surrounding
guidance text that currently instructs "Before creating a PR, ensure 'yarn nice'
passes in affected workspaces" so the doc reflects the repo gating; search for
the exact string `yarn lint && yarn types` and the phrase `yarn nice` to locate
and update the SKILL.md checklist and its explanatory note.

🧹 Nitpick comments (3)

.claude/skills/pr-summary/SKILL.md (3)

89-108: Consider detecting and flagging security-sensitive and breaking changes.

The categorization step groups changes by path/type but doesn't explicitly identify security-sensitive changes (auth, secrets, permissions, API contracts) or breaking changes (public API modifications, schema migrations). Augment Step 5 to detect these patterns and add prominent flags in the Summary section when found.

Based on learnings: Flag security-sensitive changes for special review in PR description; Clearly flag breaking changes in PR documentation before submission.

💡 Enhancement suggestion

Add detection logic for:

• Security-sensitive paths: files matching **/auth/**, **/security/**, **/*secret*, **/*credential*, API key/token patterns in diffs
• Breaking changes: modifications to public API surfaces, exported types/interfaces, CONTRACTS.md, package.json version bumps (major/minor), database schema files

When detected, prepend to Summary:

## Summary

⚠️ **This PR contains security-sensitive changes** — requires security review
⚠️ **This PR includes breaking changes** — coordinate with downstream consumers

[existing summary bullets]

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.claude/skills/pr-summary/SKILL.md around lines 89 - 108, Update Step 5
("Categorize the Changes") to also detect and flag security-sensitive and
breaking changes: add detection rules for paths/patterns like **/auth/**,
**/security/**, **/*secret*, **/*credential*, API key/token strings, changes to
exported APIs/types, CONTRACTS.md, package.json version bumps, and DB schema
files; when any match is found, set a flag and prepend the PR Summary (the
"Summary" section) with prominent lines such as "⚠️ This PR contains
security-sensitive changes — requires security review" and/or "⚠️ This PR
includes breaking changes — coordinate with downstream consumers"; ensure the
Step 5 output includes these flags alongside the existing category list and that
symbols referenced in the file (Step 5, Summary) are updated accordingly.

---

70-73: Document Linear MCP server dependency and error handling.

The workflow calls mcp__linear-server__get_issue but doesn't specify error handling if the MCP server is unavailable or the call fails. Consider adding guidance to gracefully skip the Linear Issues section if the MCP integration fails rather than blocking PR generation.

📋 Suggested addition

Add to line 73:

- If `mcp__linear-server__get_issue` fails or is unavailable, log the error and continue without Linear issue details (skip the Linear Issues section)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.claude/skills/pr-summary/SKILL.md around lines 70 - 73, The docs currently
instruct calling mcp__linear-server__get_issue but don't document error
handling; update the SKILL.md guidance to state that if
mcp__linear-server__get_issue fails or the MCP service is unavailable the
workflow should log the error and continue without Linear issue details (i.e.,
gracefully skip the "Linear Issues" section), and include a note to surface the
error message for debugging so callers know why the section was omitted.

---

203-207: Specify language for fenced code block.

The fenced code block starting at line 203 lacks a language identifier, triggering a markdownlint warning (MD040).

📝 Proposed fix

-```
+```text
 Title: [the title]

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against the current code and only fix it if needed.

In @.claude/skills/pr-summary/SKILL.md around lines 203 - 207, Add a language
identifier to the fenced code block that currently begins with and contains "Title: [the title]" so the block is recognized by markdownlint (MD040); update the opening fence to include a language (for example change to text) in the .claude/skills/pr-summary/SKILL.md code block so the snippet is fenced as text Title: [the title] ``` to silence the lint warning.

</details>

</blockquote></details>

</blockquote></details>

<details>
<summary>🤖 Prompt for all review comments with AI agents</summary>

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.claude/skills/pr-summary/SKILL.md:

• Around line 47-51: The PR workflow currently ingests the full diff (the "git
  diff ...HEAD" step) and generates the PR body without sanitization;
  add a mandatory redaction/scrubbing pass immediately before "Step 7 (PR body
  generation)" that scans the diff for secrets/PII (API keys, credentials, private
  endpoints, email/SSNs) and either redacts or replaces them with placeholders,
  then produce a summary that flags any files/changes classified as
  security-sensitive for special review; also ensure the workflow emits a
  confirmation step that verifies no sensitive data remains in logs/comments after
  PR creation and fails or requires explicit overrides if any sensitive matches
  are found.
• Around line 149-151: Replace the checklist item that reads - [ ] \yarn lint
  && yarn types` passeswith- [ ] `yarn nice` passes in affected
  workspaces, and update the surrounding guidance text that currently instructs "Before creating a PR, ensure 'yarn nice' passes in affected workspaces" so the doc reflects the repo gating; search for the exact string yarn lint && yarn
  typesand the phraseyarn nice` to locate and update the SKILL.md checklist
  and its explanatory note.

---

Nitpick comments:
In @.claude/skills/pr-summary/SKILL.md:

• Around line 89-108: Update Step 5 ("Categorize the Changes") to also detect
  and flag security-sensitive and breaking changes: add detection rules for
  paths/patterns like /auth/, /security/, **/secret, **/credential,
  API key/token strings, changes to exported APIs/types, CONTRACTS.md,
  package.json version bumps, and DB schema files; when any match is found, set a
  flag and prepend the PR Summary (the "Summary" section) with prominent lines
  such as "⚠️ This PR contains security-sensitive changes — requires security
  review" and/or "⚠️ This PR includes breaking changes — coordinate with
  downstream consumers"; ensure the Step 5 output includes these flags alongside
  the existing category list and that symbols referenced in the file (Step 5,
  Summary) are updated accordingly.
• Around line 70-73: The docs currently instruct calling
  mcp__linear-server__get_issue but don't document error handling; update the
  SKILL.md guidance to state that if mcp__linear-server__get_issue fails or the
  MCP service is unavailable the workflow should log the error and continue
  without Linear issue details (i.e., gracefully skip the "Linear Issues"
  section), and include a note to surface the error message for debugging so
  callers know why the section was omitted.
• Around line 203-207: Add a language identifier to the fenced code block that
  currently begins with and contains "Title: [the title]" so the block is recognized by markdownlint (MD040); update the opening fence to include a language (for example change to text) in the .claude/skills/pr-summary/SKILL.md code block so the snippet is fenced as text Title: [the title] ``` to silence the lint warning.

</details>

---

<details>
<summary>ℹ️ Review info</summary>

<details>
<summary>⚙️ Run configuration</summary>

**Configuration used**: Path: .coderabbit.yaml

**Review profile**: CHILL

**Plan**: Pro

**Run ID**: `71c3bde2-c052-4be5-b8b6-00ed4f3dd299`

</details>

<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between edc99590bbf17779cb6a22306c1dbc6736cdebac and 5f84b0832f574ea6440bbedb57ca10fd58d75fff.

</details>

<details>
<summary>📒 Files selected for processing (1)</summary>

* `.claude/skills/pr-summary/SKILL.md`

</details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->