docs(cli): add orbit-station-audit Claude Code skill#640
Merged
Conversation
An operational guide plus helper script for running `orbit-cli audit` against a live station end-to-end. It front-loads the four things that derail a first run: the stale/broken global CLI, the ESM-in-CJS build crash (`Unexpected token 'export'`), the per-origin Internet Identity derivation (orbitwallet.io, not the URL bar), and the `icp identity link web` Enter-keypress. scripts/run-audit.sh builds the CLI from source, repairs the generated IDL, and forwards all args to `orbit-cli audit`. Verified end-to-end against a mainnet station. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
✅ No security or compliance issues detected. Reviewed everything up to 2c8d2b5. Security Overview
Detected Code Changes
|
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a Claude project skill that guides users from a fresh Orbit checkout to a successful orbit-cli audit run against a live station, including the common identity-derivation pitfalls and a helper script to build + run the audit reliably.
Changes:
- Added a new skill guide describing the end-to-end operational steps and common “first run” gotchas for
orbit-cli audit. - Added a helper script that installs deps (if needed), builds
orbit-cli, repairs the generated IDL ESM/CJS mismatch indist, and executes the audit.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.claude/skills/orbit-station-audit/SKILL.md |
Operational documentation for running orbit-cli audit reliably (identity setup + troubleshooting). |
.claude/skills/orbit-station-audit/scripts/run-audit.sh |
Automates build + IDL repair + forwarding args to orbit-cli audit. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Copilot review feedback: the helper script shelled out to perl for the ESM->CJS rewrite, but perl isn't a declared prerequisite and isn't used elsewhere in the repo. Node is already a hard requirement, so do the rewrite in Node — more portable, no extra runtime. The snippet is idempotent (no-op once the file is already CommonJS). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
MRmarioruci
reviewed
Jun 25, 2026
MRmarioruci
approved these changes
Jun 25, 2026
#639 (merged) emits the station IDL factory as CommonJS, so the built CLI no longer crashes with `Unexpected token 'export'`. Verified after merging main: `pnpm --filter orbit-cli build` produces a CLI that runs `audit` directly with no repair. Removes the now-dead repair step from run-audit.sh, drops the ESM gotcha and its troubleshooting entry from SKILL.md (four gotchas → three), and simplifies the "don't trust the global CLI" note accordingly. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds a project skill at
.claude/skills/orbit-station-audit/that takes an agent from a fresh checkout to a successfulorbit-cli auditrun against a live station.Why
The existing
cli/src/audit/README.mddocuments flags, exit codes, and report format well — but a first run still trips on operational details that aren't in the README. This skill front-loads exactly those, and points to the README for reference rather than duplicating it.The four gotchas it captures (all hit live while writing it):
orbit-cliis unreliable — it either predates theauditsubcommand, or (after apnpm install, which rebuilds +pnpm link --globalre-exposes via theprepare-clipostinstall) carries the build bug below and crashes. Build and run the repo'scli/dist/cli.jsdirectly.SyntaxError: Unexpected token 'export'— thebuildscript copies the generatedstation.did.js(an ES module) into the CommonJS bundle, sorequire()can't parse it. The helper script repairs the dist copy after each build. The real fix belongs in the CLI build itself — happy to follow up with that separately.icp-cliidentity must be derived fromorbitwallet.io(thederivationOriginpinned inapps/wallet/src/configs/init.config.ts), passed as a bare host to--app.icp identity link webwaits for an Enter keypress before opening the browser — pipeprintf '\n'when running it non-interactively.Verification
Built from a deliberately re-broken (clean) state, the helper script repaired the IDL and ran the audit end-to-end against a mainnet station, producing a severity-sorted report (exit code 2). The content was checked by a three-lens review (cold-execution, conciseness, factual-accuracy) against the codebase; all load-bearing claims verified.
🤖 Generated with Claude Code