Skip to content

feat: refactor skills architecture + add edit/delete to skill cards#5

Merged
Zhang-Henry merged 1 commit intomainfrom
feat/skills-refactor-edit-delete
Feb 28, 2026
Merged

feat: refactor skills architecture + add edit/delete to skill cards#5
Zhang-Henry merged 1 commit intomainfrom
feat/skills-refactor-edit-delete

Conversation

@liuyixin-louis
Copy link
Copy Markdown
Collaborator

@liuyixin-louis liuyixin-louis commented Feb 27, 2026
edited by Zhang-Henry
Loading

Summary

  • Restructure three-tier skill architecture so VibeLab root (skills/) is the ground reference for all imports
  • Merge two import buttons into a single "Import Local Skills" button with scan/select modal
  • Remove "Project Skills" section — project skills are now symlinks to VibeLab root
  • Add Edit and Delete buttons to the skill detail modal (supports nested skills like distributed-training/accelerate)
  • Export ensureProjectSkillLinks and add JSON config file symlinks (skill-tag-mapping.json, stage-skill-map.json)
  • Add PUT /file endpoint for editing SKILL.md and DELETE /global-skill endpoint with dirPath-based resolution

Test plan

  • npx tsc --noEmit --skipLibCheck — clean
  • All 6 Playwright e2e tests pass (test/skills-refactor.spec.ts)
  • Manual verification: single Import button, Edit loads SKILL.md content, Save persists, Delete removes skill
  • Verify nested skills (e.g. distributed-training/accelerate) edit/delete correctly
  • Verify symlinks created in project .claude/skills/ after import

🤖 Generated with Claude Code

@liuyixin-louis @claude
feat: refactor skills to VibeLab root ground reference + add edit/del…
3c3a182 
…ete to skill cards

Restructure the three-tier skill architecture so VibeLab root (skills/) is the
ground reference for imports. Merge two import buttons into one, remove Project
Skills section, and add Edit/Delete buttons to the skill detail modal.

Key changes:
- Export ensureProjectSkillLinks, add JSON config symlinks to projects
- Refactor import-user-skills to target GLOBAL_SKILLS_DIR + re-sync symlinks
- Add PUT /file endpoint for editing skill SKILL.md files
- Add DELETE /global-skill endpoint supporting nested skill paths (dirPath)
- Store dirPath on SkillSummary for correct nested skill resolution
- Remove redundant "Import Your Local Skills" button and Project Skills section
- Add Playwright e2e tests for the refactored skills UI

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Zhang-Henry Zhang-Henry merged commit f1c6e1c into main Feb 28, 2026
1 check passed
Zhang-Henry added a commit that referenced this pull request Apr 8, 2026
@Zhang-Henry
fix: address PR review — security fixes and frontend gaps
b479d65 
Critical:
- #1 Shell escape API key values in community-tools.env export
- #2 Replace ComputeNode.exec() with ComputeNode.run() (correct method)

High:
- #3 Add path traversal validation in status endpoint
- #4 Sanitize SSH user/host to prevent shell injection
- #5 Use i18n key for "Auto Research" sidebar button
- #6 Add Auto Research button to mobile sidebar
- #10 Stop leaking error.message to clients in 500 responses
@Zhang-Henry Zhang-Henry mentioned this pull request Apr 8, 2026
Merged
7 tasks
bbsngg pushed a commit that referenced this pull request Apr 8, 2026
@Zhang-Henry @bbsngg
fix: address PR review — security fixes and frontend gaps
58aa68b 
Critical:
- #1 Shell escape API key values in community-tools.env export
- #2 Replace ComputeNode.exec() with ComputeNode.run() (correct method)

High:
- #3 Add path traversal validation in status endpoint
- #4 Sanitize SSH user/host to prevent shell injection
- #5 Use i18n key for "Auto Research" sidebar button
- #6 Add Auto Research button to mobile sidebar
- #10 Stop leaking error.message to clients in 500 responses
HenryPengZou added a commit to HenryPengZou/dr-claw that referenced this pull request Apr 8, 2026
@HenryPengZou @claude
fix: address PR review feedback — security, validation, and multi-use…
2129a6c 
…r fixes

Fixes for PR OpenLAIR#146 review by @Zhang-Henry:

Critical:
- OpenLAIR#1: memory_enabled is now per-user (column on users table) instead of
  global app_settings. Each user controls their own memory toggle.
- OpenLAIR#2: ~/.claude/MEMORY.md namespaced as MEMORY-{userId}.md to prevent
  multi-user overwrites on shared servers.

High:
- OpenLAIR#3: req.params.id validated as positive integer with parseInt + isNaN guard
- OpenLAIR#4: Memory content sanitized (strip markdown headings) before prompt injection;
  content length capped at 500 chars; max 50 memories per user
- OpenLAIR#5: Content length validation (400 error) on create and update routes
- OpenLAIR#6: Delete now requires window.confirm() before executing

Medium:
- OpenLAIR#8: Removed no-op try/catch wrappers from all memoryDb methods
- OpenLAIR#9: Added comment explaining why Gemini injects memory into user prompt
  (CLI has no system instruction API)
- OpenLAIR#10: Changed index from (is_enabled) to composite (user_id, is_enabled)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Zhang-Henry Zhang-Henry mentioned this pull request Apr 11, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@liuyixin-louis @Zhang-Henry