Skip to content

docs(cli): add orbit-station-audit Claude Code skill#640

Merged
aterga merged 4 commits into
mainfrom
arshavir/gallant-herschel-b0de6d
Jun 25, 2026
Merged

docs(cli): add orbit-station-audit Claude Code skill#640
aterga merged 4 commits into
mainfrom
arshavir/gallant-herschel-b0de6d

Conversation

@aterga

@aterga aterga commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

What

Adds a project skill at .claude/skills/orbit-station-audit/ that takes an agent from a fresh checkout to a successful orbit-cli audit run against a live station.

.claude/skills/orbit-station-audit/
├── SKILL.md              # operational guide
└── scripts/run-audit.sh  # build-from-source → repair generated IDL → run audit

Why

The existing cli/src/audit/README.md documents flags, exit codes, and report format well — but a first run still trips on operational details that aren't in the README. This skill front-loads exactly those, and points to the README for reference rather than duplicating it.

The four gotchas it captures (all hit live while writing it):

  1. The global orbit-cli is unreliable — it either predates the audit subcommand, or (after a pnpm install, which rebuilds + pnpm link --global re-exposes via the prepare-cli postinstall) carries the build bug below and crashes. Build and run the repo's cli/dist/cli.js directly.
  2. The built CLI crashes with SyntaxError: Unexpected token 'export' — the build script copies the generated station.did.js (an ES module) into the CommonJS bundle, so require() can't parse it. The helper script repairs the dist copy after each build. The real fix belongs in the CLI build itself — happy to follow up with that separately.
  3. Internet Identity principals are per-origin — the audit must be called by a principal the station knows as a member, so the icp-cli identity must be derived from orbitwallet.io (the derivationOrigin pinned in apps/wallet/src/configs/init.config.ts), passed as a bare host to --app.
  4. icp identity link web waits for an Enter keypress before opening the browser — pipe printf '\n' when running it non-interactively.

Verification

Built from a deliberately re-broken (clean) state, the helper script repaired the IDL and ran the audit end-to-end against a mainnet station, producing a severity-sorted report (exit code 2). The content was checked by a three-lens review (cold-execution, conciseness, factual-accuracy) against the codebase; all load-bearing claims verified.

🤖 Generated with Claude Code

An operational guide plus helper script for running `orbit-cli audit`
against a live station end-to-end. It front-loads the four things that
derail a first run: the stale/broken global CLI, the ESM-in-CJS build
crash (`Unexpected token 'export'`), the per-origin Internet Identity
derivation (orbitwallet.io, not the URL bar), and the `icp identity
link web` Enter-keypress.

scripts/run-audit.sh builds the CLI from source, repairs the generated
IDL, and forwards all args to `orbit-cli audit`. Verified end-to-end
against a mainnet station.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@aterga aterga requested a review from a team as a code owner June 24, 2026 21:27
@aterga aterga enabled auto-merge (squash) June 24, 2026 21:27
@aterga aterga requested a review from Copilot June 24, 2026 21:27
@zeropath-ai

zeropath-ai Bot commented Jun 24, 2026

Copy link
Copy Markdown

No security or compliance issues detected. Reviewed everything up to 2c8d2b5.

Security Overview
Detected Code Changes
Change Type Relevant files
Enhancement ► .claude/skills/orbit-station-audit/SKILL.md
    Add SKILL.md for orbit-station-audit
► .claude/skills/orbit-station-audit/scripts/run-audit.sh
    Add run-audit.sh script to build and run orbit-cli audit

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a Claude project skill that guides users from a fresh Orbit checkout to a successful orbit-cli audit run against a live station, including the common identity-derivation pitfalls and a helper script to build + run the audit reliably.

Changes:

  • Added a new skill guide describing the end-to-end operational steps and common “first run” gotchas for orbit-cli audit.
  • Added a helper script that installs deps (if needed), builds orbit-cli, repairs the generated IDL ESM/CJS mismatch in dist, and executes the audit.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
.claude/skills/orbit-station-audit/SKILL.md Operational documentation for running orbit-cli audit reliably (identity setup + troubleshooting).
.claude/skills/orbit-station-audit/scripts/run-audit.sh Automates build + IDL repair + forwarding args to orbit-cli audit.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .claude/skills/orbit-station-audit/scripts/run-audit.sh Outdated
Copilot review feedback: the helper script shelled out to perl for the
ESM->CJS rewrite, but perl isn't a declared prerequisite and isn't used
elsewhere in the repo. Node is already a hard requirement, so do the
rewrite in Node — more portable, no extra runtime. The snippet is
idempotent (no-op once the file is already CommonJS).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@aterga aterga requested a review from MRmarioruci June 24, 2026 21:44
Comment thread .claude/skills/orbit-station-audit/scripts/run-audit.sh Outdated
MRmarioruci and others added 2 commits June 24, 2026 23:27
#639 (merged) emits the station IDL factory as CommonJS, so the built
CLI no longer crashes with `Unexpected token 'export'`. Verified after
merging main: `pnpm --filter orbit-cli build` produces a CLI that runs
`audit` directly with no repair.

Removes the now-dead repair step from run-audit.sh, drops the ESM gotcha
and its troubleshooting entry from SKILL.md (four gotchas → three), and
simplifies the "don't trust the global CLI" note accordingly.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@aterga aterga merged commit 389a7d1 into main Jun 25, 2026
28 of 29 checks passed
@aterga aterga deleted the arshavir/gallant-herschel-b0de6d branch June 25, 2026 07:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants