fix(claude-skills-troubleshooting): use lastUpdated for cache freshness check#110
Open
FearlessLitre wants to merge 195 commits into
Open
fix(claude-skills-troubleshooting): use lastUpdated for cache freshness check#110FearlessLitre wants to merge 195 commits into
FearlessLitre wants to merge 195 commits into
Conversation
…UDE.md) Prevents sensitive data (user paths, phone numbers, personal IDs) from entering git history. Born from redacting 6 historical commits. - .gitleaks.toml: custom rules for absolute paths, phone numbers, usernames - .githooks/pre-commit: dual-layer scan (gitleaks + regex fallback) - CLAUDE.md: updated Privacy section documenting the defense system Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…nciple, add date handling rules
- SKILL.md length driven by information density, not line count
- Factual dates (release dates, "last verified") should be kept — they help readers judge freshness
- Conditional date logic ("before X use old API") should be avoided
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… recovery Previously, recover_content.py saved all files flat in the output directory, causing files with the same name (e.g., src/utils.py and tests/utils.py) to overwrite each other. Now the script preserves the original directory structure, creating subdirectories as needed within the output directory. - Bump version: 1.0.0 → 1.0.1 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace hardcoded user paths that triggered gitleaks PII detection: - /Users/username/ → ~/ - /Users/user/ → ~/ - -Users-username- → -Users-<username>- (normalized paths) Also fix the sed example to use <home> placeholder instead of regex pattern that would match actual usernames. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Update SKILL.md and workflow_examples.md to reflect the new behavior of recover_content.py which now preserves original directory structure: - SKILL.md: Add 'preserving the original directory structure' note - SKILL.md: Update verification examples to use find command and show subdirectory paths (e.g., ./recovered_content/src/components/) - workflow_examples.md: Update diff example to account for nested paths Version bump: 1.0.1 → 1.0.2 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
asr-transcribe-to-text: - Add local MLX transcription path (macOS Apple Silicon, 15-27x realtime) - Add bundled script transcribe_local_mlx.py with max_tokens=200000 - Add local_mlx_guide.md with benchmarks and truncation trap docs - Auto-detect platform and recommend local vs remote mode - Fix audio extraction format (MP3 → WAV 16kHz mono PCM) - Add Step 5: recommend transcript-fixer after transcription transcript-fixer: - Optimize SKILL.md from 289 → 153 lines (best practices compliance) - Move FALSE_POSITIVE_RISKS (40 lines) to references/false_positive_guide.md - Move Example Session to references/example_session.md - Improve description for better triggering (226 → 580 chars) - Add handoff to meeting-minutes-taker skill-creator: - Add "Pipeline Handoff" pattern to Skill Writing Guide - Add pipeline check reminder in Step 4 (Edit the Skill) Pipeline handoffs added to 8 skills forming 6 chains: - youtube-downloader → asr-transcribe-to-text → transcript-fixer → meeting-minutes-taker → pdf/ppt-creator - deep-research → fact-checker → pdf/ppt-creator - doc-to-markdown → docs-cleaner / fact-checker - claude-code-history-files-finder → continue-claude-work Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SKILL.md: rewritten following Anthropic best practices - Concise (233 lines, down from 347) - Critical VHS parser limitations section (base64 workaround) - Advanced patterns: self-bootstrap, output filtering, frame verification - Better description for skill triggering New files: - references/advanced_patterns.md: production patterns from dbskill project - assets/templates/self-bootstrap.tape: self-cleaning demo template auto_generate_demo.py: new flags - --bootstrap: hidden setup commands (self-cleaning state) - --filter: regex pattern to filter noisy output - --speed: post-processing speed multiplier (gifsicle) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… marketplaces Encodes proven methodology from real marketplace development: - 4-phase workflow: Analyze → Create → Validate → PR - 8 schema hard-rules (verified against Claude Code source) - 13 anti-patterns from production debugging - Complete marketplace.json schema reference - Marketplace maintenance rules (version bumping, description updates) Also fixes: remove invalid metadata.homepage from our own marketplace.json Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sync check (skills ↔ marketplace.json), metadata audit, per-plugin validation, and final claude plugin validate gate. All users installing this skill get these process guards. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When marketplace-dev is installed, any Write/Edit to a marketplace.json automatically runs `claude plugin validate` and reports pass/fail. Users get instant feedback without remembering to validate manually. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two hooks now active for marketplace-dev users: 1. Edit marketplace.json → auto-validate schema 2. Edit any SKILL.md → warn if version bump needed or skill unregistered Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Use twitter-cli for structured metadata (likes, retweets, bookmarks) - Use Jina API for content with images - Auto-download all images to attachments/ - Generate Markdown with YAML frontmatter and local image references - Security scan passed Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Update description to reflect new fetch_article.py capabilities - Add keywords: images, attachments, markdown Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
weasyprint renders <pre> blocks with monospace fonts that lack CJK glyphs, causing Chinese/Japanese/Korean characters to display as garbled text. Fix: add _fix_cjk_code_blocks() preprocessor that detects CJK in <pre><code> and converts to <div class="cjk-code-block"> with inherited body font. Pure-ASCII code blocks are left untouched. Also adds code/pre/pre-code CSS rules to both themes (default + warm-terra) that were previously missing entirely. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…e blocks v1.3.0 incompletely fixed CJK code block rendering. Two gaps remained: 1. _CJK_RANGE only matched Chinese ideographs; Japanese Hiragana/Katakana and Korean Hangul were still garbled. Extended range to cover all CJK Unicode blocks. 2. Regex `<pre><code>` missed pandoc's syntax-highlighting wrapper `<pre class="sourceCode python"><code class="sourceCode python">`, so Python/JS/etc. code blocks with CJK comments were skipped. Relaxed to `<pre[^>]*><code[^>]*>` and strip <span> highlight wrappers inside converted CJK blocks. Adds scripts/tests/test_cjk_code_blocks.py regression test (6 scenarios) and fixes README.md quickstart/requirements which still referenced the obsolete `markdown` Python package (script uses pandoc via subprocess). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Release 1.41.0 adding ima-copilot, a wrapper-layer skill around the official Tencent IMA skill (ima.qq.com). Installs upstream ima-skill to Claude Code / Codex / OpenClaw via vercel-labs/skills in its default symlink mode, guides API key setup, detects and repairs known upstream issues under explicit user consent, and implements a personalized fan-out search strategy with priority knowledge base boosting and silent 100-result truncation detection. Wrapper contract — never vendor upstream files, every repair is a runtime instruction executed with user consent, so upstream upgrades never collide with local fixes. Ships only detection + repair instructions, not patched files, so the skill can stay decoupled from upstream's release cadence. Bundled: install_ima_skill.sh (staged download + npx skills add), diagnose.sh (read-only health check with realpath-based dedup across symlinked agents), search_fanout.py (parallel cross-KB search with priority/skip lists), and four reference documents covering installation, credentials, known issues, and search best practices. Dogfood-driven fixes landed alongside initial scaffolding: - install_ima_skill.sh now targets the root SKILL.md instead of the first match, avoiding accidental selection of a submodule path - known_issues.md repair commands use `command cp/mv` to bypass any user shell aliases that would otherwise hang on "overwrite?" prompts - diagnose.sh recognizes Strategy-A-applied state (MODULE.md rename) as OK instead of treating the missing SKILL.md as a warning - diagnose.sh groups agents by realpath so symlinked installs report each underlying issue exactly once Release chores: marketplace.json version 1.40.1 → 1.41.0, skill count 43 → 44, new plugin entry, CHANGELOG, README (EN + zh-CN), and repo CLAUDE.md updated per the release guide. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Release 1.42.0 introducing workflows/wrapper-skill/ — a retrospective distillation workflow that turns the current conversation into a reusable companion skill for a third-party CLI tool. The workflow's premise is that the best raw material for a wrapper skill is a session where a user and Claude have just finished installing, debugging, and fixing the tool together. That session contains literal install commands that worked, literal error messages that were hit, literal fix commands that resolved them, and the design tradeoffs that were made explicit in conversation. Step 2 of workflow.md is conversation mining — extracting 2a install flow, 2b credentials, 2c bugs + fixes, 2d design decisions, discarding 2e noise. The rest of the workflow feeds this mined output into scaffolded skeleton files following the architecture contract (never vendor upstream, runtime repair over ship-time patches, explicit consent for upstream-file changes, idempotent/reversible/alias-safe repair commands, teach agents not humans, independent evolution from upstream, private preferences stay private). Bundled: workflow.md (main orchestration), architecture_contract.md (7 hard principles), patterns.md (copy-pasteable templates for SKILL.md, install script, diagnose script, known_issues registry, config template — each annotated with the lesson baked in), verification_protocol.md (post- generation cross-reference against the source conversation rather than a full re-dogfood), scripts/init_wrapper_skill.py (bootstrap scaffold with unmissable FILL-FROM-STEP-X placeholders). skill-creator/SKILL.md root entry gains a routing section between Capture Intent and Prior Art Research that tells the agent to jump to the wrapper workflow when the signals apply, and to skip the generic skill-creation flow entirely. Canonical reference implementation: ima-copilot, the Tencent IMA wrapper distilled during a real session. Every pattern in this workflow traces to a concrete file in ima-copilot: command-prefix alias bypass, root SKILL.md detection preferring known layouts, realpath-based symlink dedup in diagnose, idempotent/reversible repair commands backing up to /tmp/<skill>-backups/<ts>/, XDG credentials with env-var fallback. Release chores: marketplace.json metadata.version 1.41.0 → 1.42.0, skill-creator plugins[].version 1.6.0 → 1.7.0, description mentions the new wrapper workflow, keywords add wrapper-skill and cli-wrapper, CHANGELOG entry describing each file added. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…1.7.1 Release 1.43.0. Four adversarial agent reviews (skeptic / contract enforcer / fresh-user simulator / formal reviewer) surfaced 16 real findings across the two skills just shipped. This commit lands the 9 fixes from the A track (shipped-code bugs) and the B track (high-value workflow design improvements). Six findings were deferred to a follow-up session — they require architectural rework (CLI-binary wrapper support, second reference implementation) that does not belong in a fix commit. ## ima-copilot v1.0.0 → v1.0.1 Contract violations caught against the skill's own architecture_contract.md: - Principle 6 (independent evolution) violation: SKILL.md, known_issues.md, and installation_flow.md hardcoded `1.1.2` as the observed upstream version. All three now use version-agnostic phrasing; the install script keeps the version as an overridable default which is explicitly allowed. - Principle 4 (alias-safe) violation: known_issues.md Strategy A used bare `sed -i.bak` and `rm -f` commands. Added `command` prefix to all three, matching the existing `command mv` / `command cp` convention. A user shell with `alias rm='rm -i'` or `alias sed='sed -i'` would previously have hung on a TTY prompt during repair. Dogfood-driven robustness fixes: - install_ima_skill.sh: added a Node.js ≥18 preflight check. The `npx skills add` distribution path needs a modern Node runtime; the failure on old Node is otherwise an opaque error. - diagnose.sh check_submodule: now explicitly recognizes and warns on the dual-state where both SKILL.md and MODULE.md exist simultaneously (can happen when a user switched repair strategies mid-session or restored a partial backup). Previously reported clean while the install was in a conflicted state — a silent correctness bug. - search_fanout.py rank_groups: added kb_name as a secondary sort key for deterministic byte-identical output under network-timing variance. Previously the tie-break depended on ThreadPoolExecutor.map completion order. Verified-false-positive from the formal review: - Agent 4 flagged the SKILL.md description as exceeding a 1024-char cap, but the actual length is 921 chars and quick_validate (which enforces the 1024 cap at skill-creator/scripts/quick_validate.py:184) already passes on this skill. The finding was based on a counting error. No change made. ## skill-creator v1.7.0 → v1.7.1 Wrapper-skill workflow hardening from the counter-review: - workflow.md Step 2: added "How to access the conversation" subsection covering three cases (same session → scroll history; follow-up session → claude-code-history-files-finder or read ~/.claude/projects/ JSONL directly; neither available → stop and tell the user, do not fabricate). Previous version told fresh agents to "scan the conversation from its beginning" with no tooling guidance — a hard blocker for follow-up sessions where the source conversation is not in context. - workflow.md Step 1: added "AskUserQuestion fallback" subsection making clear that the consent requirement is the explicit user choice, not the specific tool name. Harnesses without AskUserQuestion (Codex, older Claude Code versions, custom builds) can fall back to numbered inline options. Previous version treated AskUserQuestion as a hard requirement and would have left agents on other harnesses unable to execute the workflow. - patterns.md: new "Runtime-logic patterns shared across wrappers" section with three generalizable insights distilled from ima-copilot's search_fanout.py but not originally captured in the workflow. The patterns — capability partitioning (enumerate vs operate permission asymmetry), undocumented limit detection (silent truncation heuristics), scoped liveness checks — apply to a much wider class of third-party APIs than IMA (GitHub, Slack, Notion, Google Drive, Aliyun, Linear examples included). The counter-review identified these as the most transferable insights from the original session, which were previously treated as ima-copilot-specific detail rather than universal patterns. - verification_protocol.md: restructured from a single "verification is not dogfood" dogma into Track 1 (session cross-reference for literal transcriptions like install.sh and known_issues.md) and Track 2 (smoke test / unit test for runtime logic like scripts/*.py). The previous dogma was correct for Track 1 but wrongly exempted Track 2 runtime code from testing — search_fanout.py was in fact never exercised before shipping, and the old protocol endorsed that. Track 2 files now have an explicit mandatory smoke test with a minimum realistic-input invocation before commit. ## Deferred to follow-up session Six findings need architectural rework and are tracked as TODOs: - B1: wrapper-skill workflow assumes zip + npx skills add distribution, over-fits to skill-package wrappers, needs CLI-binary wrapper support and a second reference implementation (~300 lines + significant restructuring). - B6: config-template/ should be demoted from universal pattern to conditional component. - Agent 4 M2-M3: additional diagnose.sh and search_fanout.py edge cases not on the ship-blocker path. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Release 1.44.0. A fifth adversarial agent audit checked the wrapper-skill
workflow documents against the canonical ima-copilot implementation within
the in-scope distribution model (zip archives distributed via `npx skills
add` to Claude Code / Codex / OpenClaw). The audit surfaced 13 on-scope
lessons — concrete patterns, decisions, and guardrails — that were present
in the ima-copilot source code but had not been elevated to named
patterns in the workflow docs. A careful copy-paste of the patterns.md
templates would catch most of them; a less careful adapter would ship a
wrapper with a known defensive gap. This commit lands all 13.
## Install template additions (patterns.md + workflow.md Step 5)
- Download integrity defense in depth: `curl --fail -o ... -w "%{http_code}"`
with explicit 200 branch, followed by `wc -c` size sanity check rejecting
archives below an absolute floor before extraction. The size check is the
one that catches the worst real upstream failure mode — a redirect to an
HTML error page returning a "success" status that would otherwise be
handed to `unzip` to produce confusing downstream errors. Previously the
template had a `<download and extract>` placeholder.
- Node.js ≥18 prerequisite check parsed separately from the `command -v`
loop. `command -v node` verifies presence only; `npx skills add` fails
opaquely on Node 16. Previously absent from the template even though
ima-copilot's actual install script has it.
- Zero-agents-detected fallback policy named and documented: after auto-
detection finds no installed target agents, the script prints an
explicit "looked for: …" list and defaults to claude-code. Three
alternatives (abort / silent-skip / default) were considered during
the ima-copilot session; the documented choice is default-to-claude-code
because abort is hostile and silent-skip is mystifying. Previously
implicit in the template code but not called out as a decision.
## Known issues template additions (patterns.md + workflow.md Step 6)
- `**Why upstream probably hasn't fixed it**` is now a required schema
field alongside Symptom / Root cause / Impact. This is the field that
keeps the repair section load-bearing across upstream upgrades — without
it, future readers will assume the wrapper is out of date and remove the
repair on next upgrade.
- Status field guidance updated to prefer version-agnostic phrasing
("Observed on recent upstream releases when loaded by X") over
version-pinned phrasing ("Open in upstream v1.1.2") to avoid drift,
matching the principle-6 fix applied to ima-copilot in the previous
commit.
- `Strategy skip` is now a first-class documented third option alongside
Strategy A and Strategy B. Users on tolerant platforms may legitimately
not want a repair; naming the skip branch prevents the "did I forget?"
failure mode by making inaction an explicit choice.
- Backup directory naming convention elevated from inline code to named
pattern: `/tmp/<wrapper-skill-name>-backups/$(date +%Y%m%d-%H%M%S)` with
optional `$$` suffix for sub-second rerun uniqueness. Format was chosen
to sort correctly and be human-readable.
- `sed -i.bak ... && command rm -f *.bak` portability dance documented
with the cross-BSD/GNU rationale. Bare `-i` fails on BSD sed; `-i ''`
fails on GNU sed; `.bak` works on both. Previously the template used
the pattern but didn't explain it.
- `[ -f ... ] &&` guard rationale: the guard makes the backup cp
idempotent across reruns where the source file has already been
renamed/consumed by a previous run. Previously shown in the template
code but not called out as why-it-exists.
- `command` prefix requirement extended explicitly to `rm` and `sed`
(not just `cp` and `mv`), matching the principle-4 fix applied to
ima-copilot in the previous commit.
## Diagnose template additions (patterns.md + workflow.md Step 7)
- New "Detection function return-code contract" subsection spelling out
the full required state enumeration: untouched-good, untouched-broken,
target-not-present (legitimately different from broken), one healthy
code per applied strategy, and the dual-state conflicted code. This is
the single hardest lesson from the ima-copilot session — a detection
function that doesn't recognize the dual state (e.g., both SKILL.md and
MODULE.md present after a partial repair) silently passes conflicted
installs as healthy. The fix is a one-line check at the top of every
scan function; leaving it out is a latent footgun.
- `find_install` variadic candidate-path rationale: agents whose home-
directory layout has not stabilized (OpenClaw in ima-copilot is the
canonical example) should be probed against an ordered list of
candidate paths rather than a single path, and designing the helper as
variadic from day one avoids a painful refactor when a second candidate
path becomes necessary.
## SKILL.md template additions (patterns.md)
- Explicit description-field checklist: literal error strings from the
session (pattern matching requires the literal form), tool name in
every language the session used (monolingual descriptions only trigger
on monolingual queries), self-disambiguation clause naming the upstream
package (prevents wrapper-vs-upstream trigger fighting), and the
symptoms that triggered the original session. Plus a pointer to the
enforced 1024-character cap in `quick_validate.py:184`.
- Routing table gains an explicit "when in doubt → diagnose" default
since diagnose is the only read-only entry point and is the natural
front-door for vague user questions.
## Credentials section additions (patterns.md)
- Liveness check verification must match on **response-body shape**, not
just HTTP status. Many APIs (IMA included) return 200 OK with an error
JSON body like `{"code": 401, "msg": "..."}` — a naive `curl --fail`
check will pass a credential that fails the first real operation. The
correct liveness check parses the response body and matches on a
success-indicator field (`"code"\s*:\s*0` for IMA-style,
`"access_token"` for OAuth, etc.).
## Deliberately skipped
The completeness audit was constrained to the scoped distribution model
(zip + npx skills add). Items that were flagged earlier as "CLI-binary
wrapper would do this differently" remain out of scope — this release
does not try to generalize beyond skill-package wrappers. The audit
confirmed the workflow is substantially complete within its scope after
this pass.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
One-stop installer and companion for the full 19-skill Gangtise (岗底斯投研) catalog — data retrieval, research workflows, utility skills — to Claude Code / OpenClaw / Codex with 4 preset modes (full/workshop/minimal/custom), shared XDG credentials, and a scoped liveness diagnostic. Distilled from a 5-round discovery session that reverse-engineered the Gangtise skill catalog. The Gangtise OBS bucket has LIST permission disabled, so the full 19-skill inventory is not discoverable from any public manifest — the enumeration took ~250 HEAD probes, 4 rounds of candidate expansion, and cross-referencing against every SKILL.md's upstream references to converge. 5 ecosystem traps are documented in references/known_issues.md with working runtime workarounds, none of which require vendoring upstream files: ISSUE-001 two parallel product lines with unequal capability, ISSUE-002 two skills distributed only inside the skills-client bundle, ISSUE-003 double-Bearer prefix producing 'token is invalid', ISSUE-004 skills-backend admin endpoints return 'the uri can't be accessed', ISSUE-005 new-upstream-skill drift. Verified end-to-end in a sandboxed HOME: full preset installs all 19 skills in 4 HTTP requests, configure_auth.sh passes live oauth/loginV2 verification, diagnose.sh reports 9/9 pass including scoped rag liveness. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Register claude-export-txt-better, douban-skill, and terraform-skill in marketplace.json — they were tracked on disk but never added to the catalog. Bump metadata.version 1.45.2 -> 1.46.0. marketplace-dev v1.2.0 refine (the marketplace.json hook-rename portion was piggybacked into the earlier gangtise-copilot commit; this commit adds the remaining content changes): - scripts/check_marketplace.sh — one-shot validator running JSON syntax -> claude plugin validate -> source+skills resolution -> reverse sync (disk SKILL.md -> manifest) in a single command. Zero external deps beyond bash + python3. - Add tables of contents to references/anti_patterns.md (133 lines) and references/cache_and_source_patterns.md (176 lines), per Anthropic's official best practice for reference files >100 lines. - Refine SKILL.md: extract inline Node.js resolution check and diff pipeline into check_marketplace.sh, document hooks/ auto-activation in a new "Bundled hooks" section, correct Phase 0 subagent history-mining paths to <session-id>/subagents/agent-*.jsonl. Docs sync (CLAUDE.md, README.md, README.zh-CN.md): 44 -> 47 skills, 47 -> 50 plugin entries, add skill sections / use cases / quick links for the 3 newly-registered skills, bump marketplace badge 1.45.1 -> 1.46.0. Security allowlist: douban-skill/.gitleaks.toml marks the two gitleaks "generic-api-key" hits as false positives — both are the public Douban Android APK credentials (shared by every app user, discovered via standard APK reverse engineering), not user secrets. Verified via security_scan before registration. Pre-commit validation: bash scripts/check_marketplace.sh passes all 4 checks (JSON syntax, claude plugin validate, source+skills resolution, reverse sync). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…unt-is-not-KPI reframe (v1.3.0) Methodology hardening from real-world usage (cases 15/16, 2026-06-14): - Anti-pattern 9 (fake pointers): grep-verify every "→ reference" pointer targets content that actually exists before writing it (Step 4 hard gate) - "Too big/too long" is an investigation trigger, not a license to cut — reframe to signal triage before touching line count - Recommend an independent sub-agent for the 5b content-integrity audit on bulk compression (breaks the executor's optimism bias); appendix D adds prompt - Expand description triggers (优化/精简/瘦身/重构 CLAUDE.md, mid-task handoff) Bump daymade-claude-code suite 1.2.1 -> 1.3.0 (content update). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…g-network-issues work claude-code-history-files-finder (daymade-claude-code suite 1.3.0 -> 1.4.0): - analyze_sessions.py: resolve project paths via expanduser + resolve plus a basename reverse-lookup, so a ~ path, a relative path, or a bare project name no longer silently returns "No sessions found" (the encoded directory name is the ABSOLUTE working-dir path, not the basename). Ambiguous matches are listed, never guessed. - SKILL.md: add a "reverse-look-up before concluding no history" gate; note that Claude Desktop cowork sessions also land in ~/.claude/projects/. - references/session_file_format.md: correct to the real 2.x line schema (top-level type + nested message.role); document non-message event lines. debugging-network-issues (1.2.0 -> 1.3.0): pre-existing in-flight changes that were already in the working tree (NOT produced in this session), bundled here at the user's request -- SKILL.md traps 11/12 + client-side proxy/TUN checklist, references/case-proxy-tun-cname-override.md, marketplace/README sync. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add one-click setup for running multiple LLM providers (Kimi/GLM/DeepSeek/StepFun/Anthropic) in separate Claude Code CLI windows simultaneously via CLAUDE_CONFIG_DIR isolation. Includes: - Portable claude-profiles.sh profile manager - Marketplace path pollution fixer - Provider settings templates - Student setup guide and troubleshooting reference Co-Authored-By: Claude <noreply@anthropic.com>
- Add claude-switch-models-setup to CLAUDE.md skill list (daymade#65) - Add claude-switch-models-setup README suite list and numbered section (daymade#67) - Update Chinese README suite list, numbered section (daymade#67), and badges - Sync version badges 1.65.0 → 1.66.0 and skill count 64 → 65 Co-Authored-By: Claude <noreply@anthropic.com>
- Add Step 3.4 push-time verification checklist to SKILL.md - Add references/push_time_gotchas.md - Extend PR #2634 case study with merge-ready maintenance arc - Add PR #1624 case study (frontend rebase, async init guards, test coupling) - Bump marketplace version to 1.2.0 and refresh description Co-Authored-By: Claude <noreply@anthropic.com>
Suppress false positives from documentation examples: - placeholder user paths (/Users/username/, /home/username/, C:\Users\username\) - example JWT literal used in repomix-safe-mixer docs - public Douban Frodo API key - repo owner's public contact email in README/marketplace.json Also change email-personal rule to use a non-capturing group so allowlist regexes match the full email address instead of just the domain. Co-Authored-By: Claude <noreply@anthropic.com>
Explain that eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 is the public, standard jwt.io example header and decodes to plain metadata. Co-Authored-By: Claude <noreply@anthropic.com>
New skill: evaluate any OpenAI/Anthropic-compatible LLM endpoint across four dimensions — speed (TTFT + thinking-aware decode tok/s), concurrency/stability (success rate, p50/p90, breaking point), Anthropic protocol compliance (thinking-block trigger rate, N>=10), and quality regression against your own use cases (independent blind judges, not model self-grading). Keys passed by env-var name only; use-case library kept outside the bundle. - Add llm-eval-harness v1.0.0 (4 probe scripts + 2 method references + use-case template) - Bump marketplace v1.66.0 -> v1.67.0, skills 65 -> 66, plugin entries 45 -> 46 - Sync README.md / README.zh-CN.md / CLAUDE.md / CHANGELOG.md Claude-Session: https://claude.ai/code/session_01RttcpAYrXuv6ZucP7DqbuD Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- setup-notifications-via-wecom: webhook setup + structured message templates for backup completion, alerts, and status updates. Includes best practices distilled from a real backup-sync notification debugging session and notification/alert research findings. - notify-wecom: one-shot skill for sending a single WeCom message via /notify-wecom <message>. - Both read webhook URL from ~/.config/setup-notifications-via-wecom/config.json and clear proxy env vars before calling Tencent endpoints. - Register both skills in marketplace.json, bump suite version to 1.68.0. Co-Authored-By: Claude <noreply@anthropic.com>
…tions-via-wecom Co-Authored-By: Claude <noreply@anthropic.com>
Agent team review complete; no blockers. Merged per user request. 🤖 Generated with [Claude Code](https://claude.com/code)
- Revert accidental daymade-audio version bump (1.2.2 → 1.2.1) - Set setup-notifications-via-wecom initial version to 1.0.0 - Handle missing errmsg in WeCom error response Co-Authored-By: Claude <noreply@anthropic.com>
Merged follow-up fixes for PR daymade#95 review nits. 🤖 Generated with [Claude Code](https://claude.com/code)
Add a skill for scanning and removing sensitive data from GitHub repo history. Includes: - scan_repo.py: gitleaks + custom pattern scan - rewrite_history.py: backup + git-filter-repo wrapper - verify_cleanup.py: post-rewrite verification from replacements file - safe_push.py: visibility check + safe force push - references/incident-lessons.md: hard-won rules from real cleanups - references/tooling_notes.md: git-filter-repo/BFG guidance - evals/evals.json: test prompts Also register the skill in .claude-plugin/marketplace.json. All examples use safe placeholders; real private domains go in an untracked .pii-patterns file. Co-Authored-By: Claude <noreply@anthropic.com>
Merge github-sensitive-data-cleanup skill. 🤖 Generated with [Claude Code](https://claude.com/code)
- safe_push.py: let gh repo view infer repo from cwd; remove fallback defaults on forkCount/stargazerCount; abort on incomplete metadata - rewrite_history.py: verify backup bundle with git bundle verify; check clean working tree before rewrite; verify git-filter-repo runs - verify_cleanup.py: skip empty left-hand patterns from replacements - evals.json: add refuses-no-verify-bypass eval - SKILL.md: document .pii-patterns in .gitignore and backup verification Co-Authored-By: Claude <noreply@anthropic.com>
Merge audit fixes. 🤖 Generated with [Claude Code](https://claude.com/code)
… git grep --perl-regexp - Replace git log --pickaxe-regex -S with git grep --perl-regexp across all commits so Layer 2/3 patterns with \b word boundaries match correctly. - Parse private-domain-context and private-ip-context from user's gitleaks.toml plus optional identities file for Layer 3. - Add Layer 4 AI semantic review prompt and eval. - Update verify_cleanup.py to treat literal: and regex: search sides correctly. Co-authored-by: Claude <noreply@anthropic.com>
…daymade#101) lark-cli 1.0.55 moved the docs body from .data.markdown (now null) to .data.document.content (HTML, needs pandoc), and the sheets list nests at .data.sheets.sheets[] read via `+cells-get`. The skill's old commands silently return null on 1.0.55. Switch to version-robust probes (try .data.markdown, fall back to HTML->pandoc; sheets path via //) so it works on 1.0.32 and 1.0.55 alike. Also document the owner personal-edition profile for cross-tenant reach and the transient-TLS-timeout retry. Claude-Session: https://claude.ai/code/session_01XjaNan97MNRJ7s3GqvRmsN Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…can/verify scripts - Search the full commit history by batching git grep across all commits instead of truncating to the newest 1000. - Propagate git grep errors from verify_cleanup instead of swallowing them. - Parse gitleaks.toml with tomllib when available to handle TOML escapes correctly; keep a minimal fallback parser for older Python. - Replace tempfile.mktemp with NamedTemporaryFile(delete=False). - Strip whitespace from literal:/regex: prefixes in replacements. - Fix docstring path for the identities file. Co-Authored-By: Claude <noreply@anthropic.com>
fix(github-sensitive-data-cleanup): address code-review findings
…ymade#103) * feat(daymade-claude-code): add read-claude-web-conversation skill Pull the full transcript of a Claude.ai web conversation by driving the user's logged-in Chrome and calling Claude.ai's internal conversation API from inside the page — bypasses the login wall (curl fails) and virtual scrolling (get_page_text returns only the last message). Bumps the suite to 1.6.0; complements claude-code-history-files-finder (local sessions) and claude-export-txt-better (exported files), completing the three conversation-source readers. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_0177kBsKH8fXi51UGaCy7qoh * fix(read-claude-web-conversation): walk active path + content-first extraction Adversarial review on PR daymade#103 surfaced two medium correctness bugs: - textOf short-circuited on m.text, silently dropping thinking/tool_use/tool_result blocks whenever top-level text was set (the common agent-turn shape). Now builds from content[] first and folds in m.text. - tree=True returns the whole message tree including abandoned edit/regeneration branches, but messages were consumed in flat array order. Now walks the active path from current_leaf_message_uuid via parent_message_uuid, falling back to raw order if those fields are absent. Fix logic verified with a mock (dead-branch exclusion, no block loss, no duplication, fallback). Schema/gotchas/troubleshooting updated to match. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_0177kBsKH8fXi51UGaCy7qoh --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…1.0.55 (v1.2.1) (daymade#104) - references: `--format csv` does NOT emit CSV for cells-get; it returns a JSON cell grid. Convert with jq instead, and add a `.data.has_more` pagination check (cells-get caps ~4000-6000 cells per response). - bump feishu-doc-scraper 1.2.0 -> 1.2.1 Claude-Session: https://claude.ai/code/session_016DDkUYyDUMtpZX9k1zAiYh Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…n-words safety (daymade-audio 1.3.0) (daymade#105) - uncertain_extractor: surface low-confidence ASR spans for review - tech_presets: pre-seeded corrections for AI / Claude Code / SWE transcripts - common_words safety table + test_common_words_safety: guard against over-correcting common words - ai_processor / dictionary_processor / validation / migrations enhancements - bump daymade-audio suite 1.2.1 -> 1.3.0 Claude-Session: https://claude.ai/code/session_016DDkUYyDUMtpZX9k1zAiYh Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… (v1.69.0) (daymade#106) - new skill codex-image-gallery: self-contained local web gallery for browsing Codex image outputs (~/.codex/generated_images); bundled Node server + HTML UI - marketplace: register codex-image-gallery (49->50 plugins), metadata 1.68->1.69 (feishu 1.2.1 / daymade-audio 1.3.0 from prior PRs preserved) - doc baseline: README / README.zh-CN / CLAUDE skill lists synced to 71 — backfills previously-merged read-claude-web-conversation, setup-notifications-via-wecom, notify-wecom, github-sensitive-data-cleanup that had drifted out of the human-facing docs - CHANGELOG 1.69.0 entry Integrates a concurrent session's codex-image-gallery + doc-backfill work, reviewed here: security_scan clean, doc-skill-list consistency check green. Claude-Session: https://claude.ai/code/session_016DDkUYyDUMtpZX9k1zAiYh Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…0.0) (daymade#107) - new skill frontend-visual-qa: catches rendered UI defects lint/build miss (awkward line breaks, wrapped controls, horizontal overflow, double scrollbars, page-type drift, AI slop, Chrome DevTools viewport mistakes); bundles a history-derived checklist + Chrome-first pass + Playwright-core audit script - marketplace: register frontend-visual-qa (50->51 plugins), metadata 1.69->1.70 - docs: README / README.zh-CN / CLAUDE skill lists synced 71->72, badges 1.70.0 security_scan clean; doc-skill-list consistency check green. Claude-Session: https://claude.ai/code/session_016DDkUYyDUMtpZX9k1zAiYh Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
daymade#108) - new skill openclaw: unified CLI to audit/diff/copy/add-model/list/switch models across OpenClaw (龙虾/lobster) instance configs; DeepSeek model patches, default-model/alias management, config validation - SANITIZED before publishing to this public repo: real private instance nicknames replaced with generic placeholders (甲虾/乙虾) - marketplace: register openclaw (51->52 plugins), metadata 1.70->1.71 - docs: README / README.zh-CN / CLAUDE skill lists synced 72->73, badges 1.71.0 security_scan clean; doc-skill-list consistency check green. Claude-Session: https://claude.ai/code/session_016DDkUYyDUMtpZX9k1zAiYh Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… output to dist/ (daymade-skill 1.3.0) (daymade#109) - EXCLUDE_DIRS += .pytest_cache, .venv; EXCLUDE_FILES += .security-scan-passed; ROOT_EXCLUDE_DIRS += dist — keep build/test artifacts out of .skill bundles - default artifact output now <skill>/dist/ (next to source, easy to find/clean) instead of cwd; clearer source-of-truth vs distribution-artifact messaging - add test_package_skill.py (16 tests, all passing) - bump daymade-skill suite 1.2.0 -> 1.3.0 Claude-Session: https://claude.ai/code/session_016DDkUYyDUMtpZX9k1zAiYh Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
check_cache_freshness() read the cache directory's filesystem mtime to decide whether a marketplace cache was stale. That mtime is unreliable: `claude plugin marketplace update` refreshes files inside the nested cache repo without touching the top-level directory's mtime, so caches that were just updated were reported as stale indefinitely (e.g. "126 days old"). Read the authoritative `lastUpdated` ISO-8601 timestamp from known_marketplaces.json instead, which is what the update command actually writes. Fall back to the directory mtime only when no timestamp is present.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
diagnose_plugins.py'scheck_cache_freshness()decides whether a marketplace cache is stale by reading the filesystem mtime of the cache directory (~/.claude/plugins/cache/<name>).That mtime is unreliable.
claude plugin marketplace updaterefreshes files inside the nested cache repo (agit pullinto a subdirectory), which does not update the top-level directory's mtime on Windows (and often not on Linux/macOS either). As a result, caches that were just updated are reported as stale forever.Reproduction
…even immediately after running
claude plugin marketplace update <name>for each, and even thoughknown_marketplaces.jsonshows everylastUpdatedtimestamp as today:lastUpdated(actual)Fix
Read the authoritative
lastUpdatedISO-8601 timestamp fromknown_marketplaces.json— the valueclaude plugin marketplace updateactually writes — instead of the directory mtime. Falls back to the old directory-mtime behavior only when nolastUpdatedfield is present, so nothing regresses for older configs._parse_last_updated()helper (handles the trailingZ/ timezone normalization).check_cache_freshness()signature unchanged; no other functions touched.python -m py_compilepasses and the false-positive stale warnings disappear against a real config.