Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/autoskills/installer.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ export interface RegistryEntry {
sha256: Record<string, string>;
bundleHash: string;
review: {
status: "approved" | "flagged";
status: "approved" | "flagged" | "skipped";

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

"skipped" queda clasificado implícitamente como "ok" en el fallback de seguridad.

Al añadir "skipped" en Line 35, el fallback de securityCheckForEntry (Lines 232-240) sigue siendo binario ("flagged" vs resto), por lo que una skill no revisada puede terminar con estado "ok" cuando falta securityCheck. Esto degrada la señal de seguridad.

Propuesta de ajuste (mapeo exhaustivo)
 function securityCheckForEntry(skillName: string, entry: RegistryEntry): InstallSecurityCheck {
   if (entry.securityCheck) {
     return {
       name: skillName,
       status: entry.securityCheck.status,
       summary: entry.securityCheck.summary,
       findings: entry.securityCheck.findings,
     };
   }

+  const reviewStatus = entry.review?.status;
+  const status: InstallSecurityCheck["status"] =
+    reviewStatus === "flagged" || reviewStatus === "skipped" ? "warning" : "ok";
+
   return {
     name: skillName,
-    status: entry.review?.status === "flagged" ? "warning" : "ok",
+    status,
     summary:
       entry.review?.summary ||
-      (entry.review?.status === "flagged"
+      (reviewStatus === "flagged" || reviewStatus === "skipped"
         ? "The sync review found issues that should be checked."
         : "The sync review did not find security issues."),
     findings: entry.review?.flags || [],
   };
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
status: "approved" | "flagged" | "skipped";
function securityCheckForEntry(skillName: string, entry: RegistryEntry): InstallSecurityCheck {
if (entry.securityCheck) {
return {
name: skillName,
status: entry.securityCheck.status,
summary: entry.securityCheck.summary,
findings: entry.securityCheck.findings,
};
}
const reviewStatus = entry.review?.status;
const status: InstallSecurityCheck["status"] =
reviewStatus === "flagged" || reviewStatus === "skipped" ? "warning" : "ok";
return {
name: skillName,
status,
summary:
entry.review?.summary ||
(reviewStatus === "flagged" || reviewStatus === "skipped"
? "The sync review found issues that should be checked."
: "The sync review did not find security issues."),
findings: entry.review?.flags || [],
};
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/autoskills/installer.ts` at line 35, The new `"skipped"` status
value added to the status type definition is not being handled explicitly in the
`securityCheckForEntry` security check fallback logic, which currently uses
binary checking (only checking for `"flagged"` and treating all other cases as
`"ok"`). Update the `securityCheckForEntry` function to implement exhaustive
mapping that explicitly handles all three status values: `"approved"`,
`"flagged"`, and `"skipped"`, ensuring that skipped checks do not implicitly
receive an `"ok"` security status and instead are mapped to an appropriate
security signal that reflects the lack of security review.

flags: string[];
summary: string;
model: string;
Expand Down
5 changes: 5 additions & 0 deletions packages/autoskills/lib.ts
Original file line number Diff line number Diff line change
Expand Up @@ -682,8 +682,13 @@ export function collectSkills({
}
}

const hasSvelteShadcn = combos.some((c) => c.id === "svelte-shadcn");

for (const tech of detected) {
for (const skill of tech.skills) {
if (hasSvelteShadcn && skill === "shadcn/ui/shadcn") {
continue;
}
addSkill(skill, tech.name);
}
}
Expand Down
4 changes: 3 additions & 1 deletion packages/autoskills/scripts/sync-skills.mjs
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,9 @@ import { SKILLS_MAP, COMBO_SKILLS_MAP, FRONTEND_BONUS_SKILLS } from "../skills-m
import { parseSkillPath } from "../lib.ts";
import { bold, cyan, dim, green, log, red, yellow } from "../colors.ts";

process.loadEnvFile();
if (typeof process.loadEnvFile === "function") {
process.loadEnvFile();
}

// ── Config ───────────────────────────────────────────────────

Expand Down
19 changes: 18 additions & 1 deletion packages/autoskills/skills-map.ts
Original file line number Diff line number Diff line change
Expand Up @@ -917,12 +917,23 @@ export const SKILLS_MAP: Technology[] = [
},
{
id: "postgres-ruby",
name: "PostgreSQL",
name: "PostgreSQL (Ruby)",
detect: {
gems: ["pg"],
},
skills: [],
},
{
id: "postgresql",
name: "PostgreSQL",
detect: {
packages: ["pg", "postgres", "pg-promise"],
},
Comment thread
coderabbitai[bot] marked this conversation as resolved.
skills: [
"neondatabase/postgres-skills/postgres-best-practices",
"github/awesome-copilot/sql-optimization",
],
},
{
id: "python",
name: "Python",
Expand Down Expand Up @@ -1238,6 +1249,12 @@ export const COMBO_SKILLS_MAP: ComboSkill[] = [
requires: ["react", "shadcn"],
skills: ["shadcn/ui/shadcn", "vercel-labs/agent-skills/react-best-practices"],
},
{
id: "svelte-shadcn",
name: "Svelte + shadcn-svelte",
requires: ["svelte", "shadcn"],
skills: ["huntabyte/shadcn-svelte/shadcn-svelte"],
},
{
id: "tailwind-shadcn",
name: "Tailwind CSS + shadcn/ui",
Expand Down
102 changes: 101 additions & 1 deletion packages/autoskills/skills-registry/index.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"version": 1,
"generatedAt": "2026-05-03T15:50:34.696Z",
"generatedAt": "2026-06-15T21:08:44.647Z",
"reviewer": {
"model": "gpt-5.4",
"promptVersion": "1.0.0"
Expand Down Expand Up @@ -13018,6 +13018,106 @@
"summary": "Official ElysiaJS skill with standard documentation",
"checkedAt": "2026-05-13T21:40:00.000Z"
}
},
"shadcn-svelte": {
"source": "huntabyte/shadcn-svelte",
"skillPath": "huntabyte/shadcn-svelte/shadcn-svelte",
"commitSha": "57acd8baa862f3fa13cb7b7912fdd802f6366ab8",
"files": [
"SKILL.md",
"agents/openai.yml",
"assets/shadcn-svelte-small.png",
"assets/shadcn-svelte.png",
"cli.md",
"customization.md",
"evals/evals.json",
"rules/composition.md",
"rules/forms.md",
"rules/icons.md",
"rules/styling.md"
],
"sha256": {
"SKILL.md": "0d4b071c02c895d53fd45e24e1bcb5e74bc70888a720b1465bafbc37799a7c76",
"agents/openai.yml": "8a19c76244f9f8171058dbe03d80b7a375b03021aabe98fbdfa9f6d1ad140c51",
"assets/shadcn-svelte-small.png": "ab571a7acd192a769531b5ea5e2105f40128b52e90fbdeb31e712d5fd18f6350",
"assets/shadcn-svelte.png": "256a06954d29e566b01695f0fa3574c0a6d69991098e756d8cc0704ee376ce3f",
"cli.md": "59563b6d10901607a5c5b702f9a470b2acb4d1c6be945e32da998a93d7ae3b65",
"customization.md": "6f3e3ddaacb28fd6a84ed643d721e1c712495aabdf6d67ada564a2a6b7a52fcd",
"evals/evals.json": "e656977db8221f55d10b46297a85aaf363b9911d7a0a70ab7408d84e1ddef02b",
"rules/composition.md": "73fde3d9ce43b5e62152cdc0a0719ef735889855f5cf7a39019bb603223a76b2",
"rules/forms.md": "68222eeb9a9671ef0e3261e48c78211c524da2d7adac3fe18362a725aa6013e0",
"rules/icons.md": "264f1316cafaeedf91cf830502381323db9310c23e8dc4e10faaf1b687bda20b",
"rules/styling.md": "35d9c99aa5fd3053d3846c9706151cb0b05915a659d03c0ceafc61c631772f0a"
},
"bundleHash": "6249e41a2601b9523614f4bf653fcc34f5f8a848cc960cf54d9c4ddc949332f2",
"review": {
"status": "skipped",
"flags": [],
"summary": "No review was performed because the sync process was executed with the --no-review flag.",
"model": "gpt-5.4",
"promptVersion": "1.0.0",
"reviewedAt": "2026-06-15T20:58:27.147Z"
},
"securityCheck": {
"status": "ok",
"findings": [],
"summary": "review skipped (--no-review)",
"checkedAt": "2026-06-15T20:58:27.147Z"
}
},
"postgres-best-practices": {
"source": "neondatabase/postgres-skills",
"skillPath": "neondatabase/postgres-skills/postgres-best-practices",
"commitSha": "0d9a967085c3bc137ab39ff9e3191c2eb3129d8c",
"files": [
"SKILL.md",
"references/schema-design.md"
],
"sha256": {
"SKILL.md": "0c09b15e9245f531728942518b93dec552c9d1637b848ae7a811bd0d26e74da4",
"references/schema-design.md": "9637105e3817677a30159e70a55cc5991a5a125834309739e9677aa874212cc8"
},
"bundleHash": "2897990a74483e7015350b14e72bc2d44a86052d2960390b71057f67f5f3a58c",
"review": {
"status": "skipped",
"flags": [],
"summary": "No review was performed because the sync process was executed with the --no-review flag.",
"model": "gpt-5.4",
"promptVersion": "1.0.0",
"reviewedAt": "2026-06-15T21:07:32.664Z"
},
"securityCheck": {
"status": "ok",
"findings": [],
"summary": "review skipped (--no-review)",
"checkedAt": "2026-06-15T21:07:32.664Z"
}
},
"sql-optimization": {
"source": "github/awesome-copilot",
"skillPath": "github/awesome-copilot/sql-optimization",
"commitSha": "b4b9beb69d9e8b21c0dfcfd9c86a835997b6a83b",
"files": [
"SKILL.md"
],
"sha256": {
"SKILL.md": "d87639dea8e0208e2161b78b22f6427b0fdf59e95e693b40d48b1226a0c35ccf"
},
"bundleHash": "60cd76411c1aa29f5cb2f609c180a466c7c43e3552d086edd5d7f26b70beb68c",
"review": {
"status": "skipped",
"flags": [],
"summary": "No review was performed because the sync process was executed with the --no-review flag.",
"model": "gpt-5.4",
"promptVersion": "1.0.0",
"reviewedAt": "2026-06-15T21:08:44.639Z"
},
"securityCheck": {
"status": "ok",
"findings": [],
"summary": "review skipped (--no-review)",
"checkedAt": "2026-06-15T21:08:44.639Z"
}
}
Comment thread
coderabbitai[bot] marked this conversation as resolved.
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
name: postgres-best-practices
description: Best practices and guidelines for working with Postgres. Covers schema design, indexing strategies, query optimization, migrations, and common pitfalls. Use when writing SQL, designing database schemas, optimizing queries, or setting up a Postgres database.
---

# Postgres Best Practices

Guidelines and best practices for working with Postgres, covering schema design, indexing, query optimization, and common pitfalls.

## References

| Area | Resource | When to Use |
| -------------- | --------------------------------- | ------------------------------------------------ |
| Schema Design | `references/schema-design.md` | Designing tables, choosing data types, normalizing |
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Schema Design

Best practices for designing Postgres schemas.

## Choosing Data Types

- Prefer `text` over `varchar(n)` unless a length constraint is meaningful to the domain.
- Use `timestamptz` instead of `timestamp` to always store timezone-aware timestamps.
- Use `uuid` for primary keys when IDs may be exposed externally or generated client-side.
Loading