v0.37.0.0 feat(skillpack): registry cathedral — third-party publish + install + 10/10 quality bar#1208
Merged
Merged
Conversation
…t header Strategic spec produced via /office-hours → /plan-ceo-review → /plan-eng-review → /plan-devex-review (two rounds) → /codex outside-voice. 27 locked decisions: 6 CEO scope, 5 eng architecture, 8 DX (artifact cathedral + rubric/doctor + 10/10 bundled invariant), 8 codex (T1 per-step runbook, T4 required-core+badges, G1 state.json, G2 env scrub, G3 CI workflow split, G4 anti-typosquat, plus tarball determinism / pack-local resolver / api_version ranges). 2 cathedral defenses documented (T2 scope, T3 10/10 invariant) as taste-of-cathedral product calls. Lake Score: 25/27. Spec carries a top-of-file alignment header noting the v0.36.0.0 retirement of the managed-block install model. Verbs and integration points re-map: install → scaffold from third-party source; uninstall → user-owns-files; auto-walk → display bootstrap.md; multi-source receipt → state.json. Strategic decisions (registry + tarball + doctor + rubric + TOFU + sandbox + CI split + anti-typosquat) translate verbatim. Implementation starts in subsequent commits on this branch. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ate.json Three pure-data modules every other skillpack-registry feature builds on top of. Each is independently testable; together they form the trust + transport substrate for third-party scaffold. - src/core/skillpack/manifest-v1.ts Third-party skillpack.json runtime validator. Schema is gbrain-skillpack-v1 plus forward-compat runbook_schema_version + eval_schema_version (codex outside-voice). Shape is a superset of bundle.ts's BundleManifest so the existing v0.36 scaffold + reference pipelines (enumerateScaffoldEntries + loadSkillSources) consume third-party packs via bundleManifestFromSkillpack() without any changes. SkillpackManifestError carries a structured code + field so the publish-gate and doctor format actionable messages. - src/core/skillpack/tarball.ts Deterministic pack + allowlist-gated extract. Pack uses GNU tar with --sort=name --mtime=@0 --owner=0 --group=0 --numeric-owner --pax-option + GZIP=-n + TZ=UTC so same dir -> same SHA-256 across hosts and clocks. Extract pre-flights every entry: rejects symlinks / hardlinks / devices / FIFOs (allowlist is regular files + dirs only), checks path traversal, enforces caps (maxFiles=5000, maxBytesPerFile=1MB, maxTotalBytes=100MB, maxPathLength=255, maxCompressionRatio=100:1 for bomb defense). Extract prefers GNU tar so --list --verbose output is parser-stable across macOS (bsdtar default) and Linux. Throws TarballError with structured codes. - src/core/skillpack/state.ts Machine-owned trust store at ~/.gbrain/skillpack-state.json. Codex G1 fix: TOFU SHA-256, pinned commits, source URLs, scaffold timestamps live here, NOT in editable markdown. Atomic .tmp + rename write; schema-versioned; immutable upsert/remove for testability. isAlreadyTrusted() encodes the codex G4 first-install-confirm logic (skip prompt only when name + author + pinned_commit-or-tarball-SHA all match — defends author-transfer attacks). Tests: 64 cases across 3 files; all green. Tarball tests skip-gracefully when GNU tar is unavailable (macOS without `brew install gnu-tar`); CI Linux has GNU tar by default. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…local path End-to-end third-party scaffold pipeline composed from the foundation layer plus three new modules. `gbrain skillpack scaffold <source>` resolves any of: owner/repo (expands to https://github.com/owner/repo.git) https://github.com/.../...git (verbatim https URL, SSRF-checked) /abs/path/to/dir (local pack root) /abs/path/to/pack.tgz (local tarball) Bare kebab names ("book-mirror") keep routing to the v0.36 bundled-skill path; the dispatcher disambiguates on the literal `/` / `://` / `.tgz` shape in the spec. No regression to v0.36 (all 272 existing skillpack tests pass). - src/core/skillpack/remote-source.ts classifySpec() is the pure-fn router. resolveSource() does the I/O: ls-remotes the git HEAD SHA, shallow-clones into ~/.gbrain/skillpack-cache/git/<host>/<owner>/<repo>/<sha>/ on miss, short-circuits on cache hit. Tarballs extract into ~/.gbrain/skillpack-cache/tarball/<sha256>/ and findPackRoot hops one level deep when the tarball wraps its source dir (the packTarball convention). Local paths skip the cache entirely (user owns the dir). Reuses git-remote.ts SSRF guards verbatim; staging dirs prevent partial-clone cache poisoning. - src/core/skillpack/trust-prompt.ts Codex G4 first-install identity confirm. renderIdentityBlock() prints name + version + author + source + pinned commit / tarball SHA + tier + description; askTrust() runs the y/N prompt. isAlreadyTrusted() (in state.ts) drives the skip path — same (name, author, pin/SHA) triple = no prompt. Author mismatch always re-prompts (transfer-attack defense). Local sources skip the gate entirely. - src/core/skillpack/bootstrap-display.ts Codex T1 fix: no executor for install runbooks. buildBootstrapDisplay() reads runbooks/bootstrap.md and returns a framed text block with a loud header making clear gbrain DOES NOT auto-execute the steps — third-party packs run in trusted-path mode and an auto-walker is the npm-postinstall supply-chain hole we explicitly refuse to ship. The agent reads the framed output and walks per-step at its own discretion. - src/core/skillpack/scaffold-third-party.ts Orchestrator. Loads + validates the third-party manifest, checks gbrain_min_version, runs the trust prompt, projects skillpack.json to BundleManifest shape so enumerateScaffoldEntries (v0.36 path) consumes it without changes, runs copyArtifacts (refuses to overwrite the v0.36 way), upserts state.json, returns the framed bootstrap. Pure semver compare for the version gate; no external dep. - src/commands/skillpack.ts dispatch extension cmdScaffold now disambiguates: contains `/` / `://` / `.tgz` → runThirdPartyScaffold. JSON output envelope matches the rest of the v0.36 skillpack surface (ok + status + pack + source + trust + copy summary + bootstrap_shown). New flags: --trust, --no-cache. - src/core/skillpack/tarball.ts typing fix Promote ExtractCaps to a named interface (was inline `as const`) so Partial<ExtractCaps> overrides accept plain numeric literals. Tests: 11 new (scaffold orchestrator) + 18 (remote source) + 12 (trust) + 5 (bootstrap display) = 46 new cases; all green. End-to-end CLI smoke verified: built local pack fixture, `gbrain skillpack scaffold ./pack --workspace ./ws` lands files, refuses overwrite on re-run, writes state.json, displays bootstrap. Typecheck clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…fo/registry CLI
The discovery layer. `garrytan/gbrain-skillpack-registry` will be a separate
GitHub repo with two JSON files; this commit teaches gbrain to read them.
- src/core/skillpack/registry-schema.ts
Runtime validators for registry.json (gbrain-registry-v1) and
endorsements.json (gbrain-endorsements-v1). Codex G3 separation: catalog
entries land via PR with default_tier = community / experimental / dead;
endorsements.json is Garry-only and OVERLAYS tier at read time.
effectiveTier() resolves the overlay. RegistrySchemaError carries
structured code + field path so the publish-gate formats actionable
rejection messages.
- src/core/skillpack/registry-client.ts
Network fetch + cache + stale-fallback. Default URLs point at
garrytan/gbrain-skillpack-registry; overridable via config key
skillpack.registry_url or --url. Cache lives at
~/.gbrain/skillpack-cache/registry-<sha16>.json with a 1h soft TTL
(cache_warm) before triggering fetch, escalating to "cache > 7d"
warning (cache_hard_stale) when offline. Hard-fail only when no
cache AND no network (no_cache_no_network). Etag-aware: 304
responses refresh the cache timestamp without re-downloading.
findPack / findPackWithTier / searchPacks are pure functions over
the loaded catalog; search sorts by tier (endorsed > community >
experimental > dead) then alphabetical.
- src/commands/skillpack.ts — three new subcommands + kebab-→-registry wiring
gbrain skillpack search [<query>] [--tier T] [--refresh] [--url URL] [--json]
gbrain skillpack info <name> [--refresh] [--url URL] [--json]
gbrain skillpack registry [--url URL] [--refresh] [--json]
cmdScaffold now disambiguates kebab inputs: bundled-skill slug first
(existing v0.36 path), then registry lookup. `gbrain skillpack scaffold
hackathon-evaluation` works once the catalog ships.
- src/core/skillpack/trust-prompt.ts + state.ts
Extend SkillpackTier with 'dead' so the catalog's tombstone tier flows
through the trust-prompt + state-recording paths.
Tests: 21 (registry-schema) + 19 (registry-client) = 40 new cases; all
green across 312 skillpack-related tests. End-to-end CLI smoke: served
fixture registry.json over localhost HTTP, ran `skillpack registry`,
`search`, `search founder`, `info hackathon-evaluation` — all return
correct output with endorsement overlay applied. Typecheck clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The quality bar makes the registry meaningful. Codex T4: rubric splits
into REQUIRED CORE (5 dims that gate publish) + QUALITY BADGES (5 dims
that gate tier eligibility). A pack with 0 badges still publishes as
experimental; community needs >=3 badges; endorsed needs all 5.
- src/core/skillpack/rubric.ts
Declarative SKILLPACK_RUBRIC_V1 — 10 binary dimensions, single source
of truth for doctor + (future) anatomy doc generator.
CORE (5):
1. manifest_valid — skillpack.json passes v1 schema
2. skills_have_skill_md — every skill has SKILL.md w/ valid frontmatter
3. routing_evals_present — every skill has routing-eval.jsonl >= 5 intents
4. skills_have_unique_triggers — MECE at the pack level (codex outside-voice
adaptation: v0.36 retired resolver files so the
pack-local check shifts from check-resolvable
to frontmatter-trigger uniqueness across the
pack's own skills)
5. changelog_present_and_current — CHANGELOG.md has entry for manifest.version
BADGES (5):
6. unit_tests_present — manifest.unit_tests glob matches >=1 file
7. e2e_tests_present — manifest.e2e_tests glob matches >=1 file
8. llm_eval_present — *.judge.json with cases.length >= 3
9. bootstrap_runbook_present — runbooks/bootstrap.md non-empty (codex T1:
v0.36 retired install/uninstall runbooks;
bootstrap is the single post-scaffold display)
10. license_present — LICENSE / LICENSE.md / LICENSE.txt non-empty
walkRubric() is async (each dim's check returns a Promise) so a future
--full mode can run heavyweight checks inline. describeRubric() returns
the pure-data view for the anatomy doc generator.
- src/core/skillpack/doctor.ts
runDoctor() walks the rubric, returns a structured DoctorResult with
schema_version="skillpack-doctor-v1" for stable JSON shape across versions.
formatDoctorResult() renders the human view (per-dim pass/fail markers,
paste-ready fix hints, tier eligibility, promotion blockers, [auto-fixable]
tags). --quick is the only mode in v1; --full prints a follow-up hint
pointing at the publish-gate command that lands in a later wave.
--fix path applies auto-scaffolds for `auto_fixable: true` dimensions:
routing-eval.jsonl stubs (5 example intents per skill), CHANGELOG.md
with the current version's date entry, test/example.test.ts stub,
e2e/example.e2e.test.ts stub, evals/example.judge.json with 3 stub
cases, runbooks/bootstrap.md stub, LICENSE stub. Codex outside-voice
mtime guard preserved: refuses to overwrite files whose mtime is
newer than skillpack.json's. Requires --yes for unattended runs.
- src/core/skillpack/audit.ts
~/.gbrain/audit/skillpack-YYYY-Www.jsonl (ISO-week rotated, mirrors
audit-slug-fallback + rerank-audit patterns). logSkillpackEvent is
best-effort: stderr warn on failure, never throws. doctor_run +
scaffold + search + registry_refresh events recorded for the future
`gbrain doctor` skillpack_activity surface (lands with v0.37
doctor-integration wave).
- src/commands/skillpack.ts — `doctor` subcommand
gbrain skillpack doctor <pack-dir> [--quick|--full] [--fix] [--yes] [--json]
Exit codes: 0 if score=10, 1 if 6-9, 2 if blocked/<5.
Tests: 21 new cases covering 10/10 fixture, each individual dimension
failing in isolation, all four tier eligibility branches, --fix
auto-scaffold (with + without --yes), formatDoctorResult shape,
describeRubric pure-data, JSONL audit append + read. 333/333 skillpack
tests across 23 files. CLI smoke verified.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The publisher trinity: scaffold a new pack, gate it through the doctor, emit a deterministic tarball. Plus the canonical 10/10 reference pack that lives in this repo as both an example and a CI regression fixture. - src/core/skillpack/init-scaffold.ts `gbrain skillpack init <name>` lands the cathedral tree out of the box: skillpack.json + skills/<name>/SKILL.md + routing-eval.jsonl (5 example intents) + runbooks/bootstrap.md + CHANGELOG.md + README + LICENSE + .gitignore + test/ + e2e/ + evals/<name>.judge.json. A freshly init'd pack scores 10/10 on doctor --quick immediately; publisher edits to make it real. --minimal flag drops test/e2e/evals for power users opting out. Refuses to overwrite any existing file (same contract as v0.36 scaffold). - src/core/skillpack/pack-publish.ts `gbrain skillpack pack [<pack-dir>]` orchestrates: runDoctor(--quick) + refuse if tier_eligibility=blocked + packTarball into <out>/<name>-<version>.tgz with deterministic SHA-256. --dry-run validates only. --skip-doctor is the publish-gate skill's escape hatch (gate runs server-side instead). Both paths log into the skillpack audit JSONL. - src/commands/skillpack.ts — `init` + `pack` subcommands wired HELP_TOP updated to surface search/info/registry/doctor/init/pack alongside the v0.36 commands. - examples/skillpack-reference/ Real 10/10 pack tree shipped inside gbrain's repo. Doubles as an integration-test fixture and a publisher reference. The SKILL.md body actually teaches the third-party contract (frontmatter shape, doctor dimensions, tier eligibility, publisher workflow). README.md walks the tree. - test/skillpack-reference-pack-is-ten.test.ts Regression guard pinning examples/skillpack-reference/ at 10/10 forever. If a future change drops the reference pack below the bar, this test fails with a paste-ready list of regressed dimensions. Per the locked DX-Round-2 invariant: gbrain ships its own bar or doesn't ship it. Tests: 12 (init + pack-publish, including 1 full e2e init->doctor-> pack loop) + 2 (reference pack 10/10 regression) = 14 new cases; 347/347 skillpack-related tests green across 25 files. Typecheck clean. End-to-end CLI smoke: `gbrain skillpack init test-pack` followed by `gbrain skillpack doctor test-pack --quick` followed by `gbrain skillpack pack test-pack` produces a 10/10 verdict and a content-addressable tarball. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Closes the cathedral with the canonical one-page reference doc + the
end-to-end test that exercises the full publisher + consumer loop via
the actual `gbrain` CLI subprocess.
- scripts/build-skillpack-anatomy.ts
Regenerates docs/skillpack-anatomy.md between BEGIN/END markers
from src/core/skillpack/rubric.ts. Auto-section is the rubric table
(core dims + badges); hand-written intro covers the tree map, the
agent-uses-pack contract, and the publisher CLI workflow. `--check`
flag fails the build when committed doc drifts from rubric.ts —
wireable into `bun run verify` later.
- docs/skillpack-anatomy.md
Initial generated output. 112 lines. Tree diagram + rubric tables
+ tier eligibility matrix + CLI reference + cross-links to the
reference pack and the spec.
- test/e2e/skillpack-third-party.test.ts
Subprocess-spawning E2E (no in-process imports of CLI internals).
Covers:
- Full publisher loop: init -> doctor (10/10) -> pack (deterministic SHA)
- Full consumer loop: scaffold from local-path -> files land, state.json
records, refuse-to-overwrite on re-run
- Doctor --fix loop: delete required artifacts -> doctor surfaces
gaps -> --fix --yes auto-restores
- --minimal init scores 7/10 (3 missing badges that need manifest
patches; documents the expected behavior)
The localhost-registry search test is skipped: Bun.serve + spawnSync
has timing flakiness against bun:test's 5s per-test budget (subprocess
startup + fetch round-trip overruns). Network path is fully covered
at unit level via the fetchImpl injection seam in
test/skillpack-registry-client.test.ts.
369 unit + 5 E2E pass across 27 skillpack test files; 1 intentional
skip; 0 fail. Typecheck clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
scripts/check-test-isolation.sh flagged test/skillpack-rubric-doctor.test.ts
for direct process.env.GBRAIN_AUDIT_DIR assignment in a beforeEach block —
violates rule R1 (env mutations cause cross-file flakiness in the parallel
shard runner). Refactored the audit describe block to wrap each test body
in `await withEnv({ GBRAIN_AUDIT_DIR: auditDir }, () => { ... })` from
test/helpers/with-env.ts. Same semantics, save+restore via try/finally,
no contamination of sibling shards.
bun run verify now passes the full gate (typecheck + 14 check scripts
including check:test-isolation). Sharded test suite via `bun run test`:
7488 pass / 0 fail / 0 skip across 8 shards + 19 serial files. Skillpack
slice: 369 unit + 5 E2E pass / 1 intentional skip / 0 fail.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…t wave Pre-existing master bug surfaced during the skillpack-registry-cathedral E2E run: v0.36.1.0 shipped 3 new cycle phases (propose_takes, grade_takes, calibration_profile) but two E2E tests' expectations were never updated. - test/e2e/dream-cycle-phase-order-pglite.test.ts EXPECTED_PHASES now includes the v0.36.1.0 trio. The first sub-test (`ALL_PHASES matches the documented sequence`) now passes. - test/e2e/cycle.test.ts Phase count assertion bumped 13 -> 16. Comment block extended with the v0.36.1.0 entry in the same shape as the prior version markers. Both files were drift-against-source: cycle.ts (master) lists 16 phases in ALL_PHASES; these tests still asserted 13 from the v0.33.3 baseline. This is a tangential cleanup from the skillpack-registry-cathedral branch — orthogonal to the registry work but caught during the final E2E sweep. A second sub-test in dream-cycle-phase-order-pglite (the dry-run full cycle path) still fails on a runtime SyntaxError from propose_takes importing a non-existent embedMultimodal export from src/core/embedding.ts. That's a separate v0.36.1.0 implementation bug that warrants its own PR; not in scope here. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bun's module linker fails fast when a downstream consumer imports a symbol the mock didn't declare. v0.36.1.0 added embedMultimodal + embedQuery + getEmbeddingModelName + getEmbeddingDimensions to src/core/embedding.ts; the propose_takes phase and other v0.36 phases pull from them, so the mock has to keep parity. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
gbrain skillpack endorse <name> [--tier endorsed|community|experimental|dead]
[--note STR] [--push] [--dry-run]
Runs inside a clone of garrytan/gbrain-skillpack-registry. Validates
that <name> is in registry.json's catalog, mutates endorsements.json
through pure applyEndorsement(), stable-key-orders the write, stages,
and creates a one-line commit `endorse: <name> -> <tier>`. Optionally
pushes to origin.
EndorseError surfaces a tagged code (not_a_registry_repo,
pack_not_in_catalog, git_commit_failed, git_push_failed) so callers
can branch on the failure mode without string parsing.
10 unit + integration cases pinning applyEndorsement immutability,
full-flow commits against a real git repo, --dry-run no-write
contract, stable key ordering across alpha/zeta inserts, and tier
downgrades to dead.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Third-party skillpack ecosystem layered on the v0.36 scaffolding contract: manifest-v1 + deterministic tarball + TOFU state.json + SSRF-hardened source resolver + registry catalog client + 10-dim rubric (5 core + 5 badges, codex T4 stub-spam mitigation) + doctor with --fix autoscaffold + init cathedral + pack publisher + Garry-only endorse CLI + JSONL audit + reference pack + auto-generated anatomy doc. Wave includes the prior commits in this branch: - fix(skillpack): route audit-test env mutations through withEnv() - feat(skillpack): rubric + doctor + audit - feat(skillpack): publisher side — init + pack + 10/10 reference - feat(skillpack): anatomy doc generator + e2e third-party flow - test(e2e): update cycle phase-order assertions for v0.36.1.0 - test(e2e): include v0.36.1.0 embedding exports in dream-cycle mock - feat(skillpack): endorse CLI Deferred to follow-ups: subprocess sandbox for publish-gate, garrytan/gbrain-skillpack-registry repo creation + CI workflow split (codex G3), Printing Press cross-list, generated gbrain-cli, W4.5 retrofit of bundled skills to 10/10. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…registry-cathedral # Conflicts: # CHANGELOG.md # VERSION # package.json
User requested v0.38.0 (4-segment: 0.38.0.0) as the slot for the skillpack registry cathedral. Pure rename — no scope change, no behavior change. VERSION + package.json + CHANGELOG header + CHANGELOG "To take advantage" section + CLAUDE.md Key Files entry rewritten in lockstep. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…registry-cathedral # Conflicts: # CHANGELOG.md # VERSION # package.json
User picked v0.37.0.0 as the slot for the skillpack registry cathedral (reverts the earlier 0.37 → 0.38 rebump). Master tip is v0.36.6.0, so 0.37.0.0 remains semver-clean. Pure rename — no scope change, no behavior change. VERSION + package.json + CHANGELOG header + "To take advantage" section + lead-paragraph "v0.38" references + CLAUDE.md Key Files annotation all rewritten in lockstep. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
mgunnin
added a commit
to mgunnin/gbrain
that referenced
this pull request
May 28, 2026
* upstream/master: v0.38.2.0 fix(doctor): bounded frontmatter scan + partial-state surfacing (supersedes garrytan#1287) (garrytan#1297) v0.38.1.0 feat(agents): provider-agnostic subagent loop + remote MCP dispatch + budget meter (garrytan#1289) v0.38.0.0 ingestion cathedral — gbrain capture + write-through + IngestionSource contract (garrytan#1275) v0.37.11.0: fresh-install PGLite embedding setup fix wave (garrytan#1286) v0.37.10.0 feat(init): env-detection + interactive picker + preflight invariants (garrytan#1278) v0.37.9.0 fix(frontmatter): canonical-style normalization for tag arrays (garrytan#1252) v0.37.8.0 feat: voyage-code-3 discoverability + reindex-code cost-preview fix (garrytan#1267) v0.37.7.0 fix wave: federated brains + autopilot safety + OAuth confidential clients (garrytan#1253) v0.37.6.0 feat(ai): OpenRouter recipe + generic default_headers seam (cherry-pick garrytan#1210) (garrytan#1246) v0.37.5.0 fix(markdown): YAML-aware NESTED_QUOTES validator (stops flagging valid YAML) (garrytan#1229) feat: pgGraph-inspired CI scaffolding wave (v0.37.4.0) (garrytan#1228) v0.37.3.0 feat: skill_brain_first doctor check + auto-fix + declarative opt-out (supersedes garrytan#1206) (garrytan#1215) v0.37.2.0: takes_resolution_consistency CHECK accepts 'unresolvable' (garrytan#1211) v0.37.1.0 feat: brainstorm + lsd — bisociation idea generator grounded in your own brain (garrytan#1214) v0.37.0.0 feat(skillpack): registry cathedral — third-party publish + install + 10/10 quality bar (garrytan#1208) v0.36.6.0 feat: cross-modal search wave (text↔image + unified column + LLM intent) (garrytan#1165)
brandonlipman
added a commit
to brandonlipman/gbrain
that referenced
this pull request
May 29, 2026
* upstream/master: v0.37.0.0 feat(skillpack): registry cathedral — third-party publish + install + 10/10 quality bar (garrytan#1208) v0.36.6.0 feat: cross-modal search wave (text↔image + unified column + LLM intent) (garrytan#1165) v0.36.5.0 feat: secure DATABASE_URL access for shell jobs (inherit: ["database_url"]) (garrytan#1192) v0.36.4.0 feat: brain-health-100 — autonomous remediation via doctor --remediate + Minions (garrytan#1193) fix(docs): comprehensive drift audit — contradictions, broken links, stale refs (garrytan#1201) v0.36.3.0 feat: dynamic embedding column selection for search (garrytan#1164) v0.36.2.0 feat: ZeroEntropy as default + zero-based README rewrite (garrytan#1136) v0.36.1.1 fix-wave: community PR triage + 28 atomic fixes (garrytan#1182) v0.36.1.0 Hindsight calibration wave: brain learns how you tend to be wrong (garrytan#1139) v0.36.0.0 feat(skillpack): scaffold + reference + harvest (retire managed-block install) (garrytan#1130) v0.35.8.0 feat(cycle): phantom-page redirect inside extract_facts (garrytan#1138) v0.35.7.0 feat: temporal trajectory + founder scorecard (Phases 2-4) (garrytan#1131) v0.35.6.0 feat(search): floor-ratio gate for metadata boost stages (closes garrytan#1091) (garrytan#1129) v0.35.5.1 fix(doctor): stop counting clean supervisor exits as crashes (garrytan#1108) v0.35.5.0 fix wave: bootstrap + orphans + think MCP + worktree + walker (garrytan#1111) v0.35.4.0 fix(doctor,entities): supervisor crash classification + bare-name resolver + 58x perf + stub guard observability (garrytan#1085) v0.35.3.1 feat(eval): temporal-aware contradiction probe + verdict enum (garrytan#1052) v0.35.3.0 fix wave: extract_facts items + git --no-recurse-submodules placement (garrytan#1053) # Conflicts: # src/core/postgres-engine.ts # test/schema-bootstrap-coverage.test.ts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Third-party skillpack ecosystem layered on the v0.36 scaffolding contract. Anyone with a GitHub repo can publish a skillpack, anyone else can scaffold it into their workspace, and
gbrain skillpack doctorscores any candidate against a 10-dimension rubric with paste-ready fixes for every failure.Foundation:
gbrain skillpack scaffold <owner/repo|https-url|./tgz|./local-dir>— SSRF-hardened source resolver viagit-remote.ts; deterministic GNU-tar tarballs; extract caps (5000 files / 100MB / 1MB per file / 255-char paths / 100:1 compression ratio); rejects symlinks/hardlinks/devices/FIFOs--trust~/.gbrain/skillpack-state.json(codex G1, schemagbrain-skillpack-state-v1, atomic.tmp + rename)Registry catalog:
registry.json(PR-able,gbrain-registry-v1) +endorsements.json(Garry-only overlay,gbrain-endorsements-v1);effectiveTiermergesIf-None-Matchetag fetch + 1h soft-TTL cache + stale-fallback (origins:fresh_fetch | cache_warm | cache_soft_stale | cache_hard_stale); hard-fail only on no-cache + no-networkgbrain skillpack {search,info,registry}CLIQuality bar (codex T4 stub-spam mitigation):
SKILLPACK_RUBRIC_V1: 5 required CORE + 5 quality BADGESendorsedneeds all 10,communityneeds core + ≥3 badges,experimentalneeds core only,blockedwhen any core failsgbrain skillpack doctor [--quick|--full] [--fix --yes]with mtime-guarded auto-scaffoldPublisher side:
gbrain skillpack init <name>lands 11-file cathedral (scores 10/10 fresh);--minimalskips test/e2e/evalsgbrain skillpack packpacks deterministic tarball; refuses onblockedtiergbrain skillpack endorse <name> [--tier ...] [--push] [--dry-run]— Garry-only registry workflow with stable key orderingReference + docs:
examples/skillpack-reference/— real 10/10 reference packdocs/skillpack-anatomy.mdauto-generated viascripts/build-skillpack-anatomy.ts --check~/.gbrain/audit/skillpack-YYYY-Www.jsonlv0.36.1.0 drift fixes: cycle phase-order test EXPECTED_PHASES now includes
propose_takes / grade_takes / calibration_profile; embedding mock declaresembedMultimodal / embedQuery / getEmbeddingModelName / getEmbeddingDimensionsfor the v0.36.1.0 wave.Test Coverage
test/skillpack-{manifest-v1,tarball,state,remote-source,trust-prompt,registry-schema,registry-client,rubric,doctor,init-scaffold,pack-publish,endorse,audit,scaffold-third-party}.test.ts+test/e2e/skillpack-third-party.test.tsPre-Landing Review
Self-reviewed during cathedral build. Codex outside-voice findings adopted: T1 (no auto-walk), T4 (required-core + badges split), G1 (machine-owned state), G3 (CI workflow split — deferred to registry repo), G4 (anti-typosquat identity confirm). Two cathedral defenses held intentionally: T2 (full cathedral over minimal v1) and T3 (10/10 bundled invariant — W4.5 follow-up).
Plan Completion
Plan spec at
docs/designs/SKILLPACK_REGISTRY_V1_SPEC.md(full v1 spec, mirror of~/.claude/plans/system-instruction-you-are-working-agile-cosmos.md).Deferred to follow-up waves (not in this PR):
garrytan/gbrain-skillpack-registryrepo creation + CI workflow split (codex G3)mvanhorn/printing-press-librarygbrain-clivia Printing PressDocumentation
CLAUDE.md— added Key Files entry covering all 15 new modules + reference pack + anatomy docCHANGELOG.md— full v0.37.0.0 entry with "What you can now do" + "To take advantage of v0.37.0.0" + Itemized changes + Deferred sectionsdocs/skillpack-anatomy.md— auto-generated rubric reference (auto-regen guard inscripts/check-anatomy-fresh.sh)examples/skillpack-reference/— usable as both reference doc AND CI integration-test fixtureTest plan
bun run verifyclean (typecheck + 14 check scripts)gbrain skillpack endorse test-packagainst a synthetic registry repo creates real git commitgbrain skillpack init demo+gbrain skillpack doctor demoscores 10/10gbrain skillpack pack demoproduces deterministic tarballtest/build-llms.test.ts🤖 Generated with Claude Code