feat: downloadable service skill bundles#25
Merged
Merged
Conversation
New `mcp2cli skills` command with 5 subcommands: - list: shows all services with skill status (generated/stale/missing) - get: outputs SKILL.md to stdout for piping - install: copies skill bundle to target directory (e.g., Hermes skills) - diff: previews what would change on regeneration - generate: generates/regenerates skill files (wraps generate-skills) Also adds metadata to generated SKILL.md frontmatter: - tool_count: number of tools documented - generated_at: ISO timestamp - schema_hash: truncated SHA-256 of tool names for drift detection Closes #17 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
|
Claude encountered an error —— View job I'll analyze this and get back to you. |
…epth 17 findings from 5 reviewers, all fixed: HIGH (3): - H1: Added validateIdentifier to get/install — blocks path traversal - H2: Tilde expansion now happens BEFORE mkdir - H3: generatedAt only updates when schema_hash changes (deterministic) MEDIUM (6): - M4/M5: Stale detection uses schema_hash from frontmatter, not regex - M6: --json flag parsed from args, not process.argv - M7: Install warns when overwriting existing skill bundle - M8: Schema hash now includes full inputSchema (catches param changes) - M9: diff/generate validate service name before delegating LOW (8): - L10-L11: Added tests for diff/generate/stale/ok/--json - L12: Deduplicated dynamic import with shared lazy getter - L13: Extracted resolveSkillDir shared function - L14: Pipe chars escaped in markdown tables - L15: Removed inaccurate file count from install output - L16: cp uses dereference:true (copies contents, not symlinks) - L17: auto-regen now computes and passes metadata New: src/generation/skill-hash.ts with shared computeSchemaHash and computeFullSchemaHash functions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
|
Claude encountered an error —— View job I'll analyze this and get back to you. |
Owner
Author
Review Swarm Results5 parallel reviewers. 17 unique findings after deduplication. ALL fixed in commit `7b16330`. HIGH Fixes (3)
MEDIUM Fixes (6)
LOW Fixes (8)
New Infrastructure`src/generation/skill-hash.ts` — shared hash functions:
Verification
|
…h rejection 12 findings from R2 verification, all fixed: HIGH (2): - H1: Standardized on computeSchemaHash everywhere — removed computeFullSchemaHash. All paths (generate, auto-regen, skills list) now use the same name+description hash. Eliminates always-stale bug. - H2: --target path validated — rejects .. segments and HOME root MEDIUM (3): - M3: Bare ~ to HOME covered by H2 - M4: Added --force flag for install overwrite — refuses without it - M5: Added validateIdentifier to handleSkillsDiff/handleSkillsGenerate LOW (7): - L6: Removed redundant double validateIdentifier in get/install - L7: Consolidated duplicate file reads in auto-regen - L8: Tests align with corrected hash function - L9: Added 6 unit tests for computeSchemaHash (skill-hash.test.ts) - L10: --json test now validates content fields - L11: PAI_SKILLS_DIR validated for .. traversal - L12: Added rejectPathSeparators to validateIdentifier pipeline Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
|
Claude encountered an error —— View job I'll analyze this and get back to you. |
Owner
Author
Review Swarm — Round 2 Verification5 parallel reviewers verified R1 fixes and found 12 new issues. All fixed in commit `15f39d8`. R2 HIGH Fixes (2)
R2 MEDIUM Fixes (3)
R2 LOW Fixes (7)
Test Growth
Verification
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
New `mcp2cli skills` command for managing service skill bundles — the user-friendly interface for the existing `generate-skills` engine. Agents can now list available skills, pipe them to files, install them to Hermes skill directories, and check for drift.
Also adds metadata (tool count, generation timestamp, schema hash) to generated SKILL.md frontmatter so agents can detect when skills are stale.
Closes #17
New Command: `mcp2cli skills`
```bash
List all services with skill status
mcp2cli skills list
open-brain ok 14 tools
n8n stale 12 tools (cache has 15)
vaultwarden missing
Output SKILL.md to stdout (pipeable)
mcp2cli skills get open-brain
mcp2cli skills get open-brain > /path/to/SKILL.md
Install skill bundle to a directory
mcp2cli skills install open-brain --target ~/.hermes/skills/mcp/open-brain
Preview what would change on regeneration
mcp2cli skills diff n8n
Generate/regenerate skill files
mcp2cli skills generate n8n --conflict=merge
```
Subcommand Details
New: SKILL.md Metadata
Generated SKILL.md files now include metadata in the YAML frontmatter:
```yaml
name: open-brain
description: MCP tools for open-brain
tool_count: 14
generated_at: 2026-06-08T18:30:00.000Z
schema_hash: a1b2c3d4e5f67890
triggers:
```
Files Changed
Test Plan
🤖 Generated with Claude Code