Skip to content

lint: add skillsaw job that lints#231

Merged
mrizzi merged 3 commits into
mrizzi:mainfrom
rh-jfuller:add_skillsaw_job
Jul 6, 2026
Merged

lint: add skillsaw job that lints#231
mrizzi merged 3 commits into
mrizzi:mainfrom
rh-jfuller:add_skillsaw_job

Conversation

@rh-jfuller

@rh-jfuller rh-jfuller commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Adding skillsaw check for skills ... setting 16k token maximum - anything over will throw an error:

There are a bunch of content errors which I leave to @mrizzi to contemplate (perhaps in another PR)

$ uvx skillsaw --strict .
skillsaw 0.15.0
Linting: src/tpa/sdlc-plugins


Warnings:
  ⚠ WARNING (content-broken-internal-reference) [plugins/sdlc-workflow/skills/implement-task/SKILL.md:1088]: Broken internal link: [](webUrl) — target does not exist
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/define-feature/SKILL.md:36]: Weak language (vagueness): 'correctly' — Remove 'correctly' — describe what correct behavior looks like
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/implement-task/SKILL.md:80]: Weak language (vagueness): 'correctly' — Remove 'correctly' — describe what correct behavior looks like
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/implement-task/SKILL.md:1007]: Weak language (vagueness): 'gracefully' — Replace 'gracefully' with specific error handling behavior
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/plan-feature/SKILL.md:36]: Weak language (vagueness): 'correctly' — Remove 'correctly' — describe what correct behavior looks like
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/plan-feature/SKILL.md:618]: Weak language (non-actionable): 'note that' — Restructure — state the constraint directly
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/report-bug/SKILL.md:36]: Weak language (vagueness): 'correctly' — Remove 'correctly' — describe what correct behavior looks like
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/setup/SKILL.md:41]: Weak language (non-actionable): 'note that' — Restructure — state the constraint directly
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/setup/SKILL.md:292]: Weak language (non-actionable): 'note that' — Restructure — state the constraint directly
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/triage-bug/SKILL.md:72]: Weak language (vagueness): 'correctly' — Remove 'correctly' — describe what correct behavior looks like
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/triage-bug/SKILL.md:365]: Weak language (hedging): 'as needed' — Replace 'as needed' with specific triggers
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/triage-bug/SKILL.md:433]: Weak language (vagueness): 'correctly' — Remove 'correctly' — describe what correct behavior looks like
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/verify-pr/SKILL.md:78]: Weak language (vagueness): 'correctly' — Remove 'correctly' — describe what correct behavior looks like
  ⚠ WARNING (content-weak-language) [plugins/sdlc-workflow/skills/verify-pr/SKILL.md:798]: Weak language (vagueness): 'correctly' — Remove 'correctly' — describe what correct behavior looks like
  ⚠ WARNING (context-budget) [plugins/sdlc-workflow/skills/implement-task/SKILL.md]: Estimated 15,012 tokens exceeds skill warn limit of 8,000
  ⚠ WARNING (context-budget) [plugins/sdlc-workflow/skills/plan-feature/SKILL.md]: Estimated 13,903 tokens exceeds skill warn limit of 8,000
  ⚠ WARNING (context-budget) [plugins/sdlc-workflow/skills/triage-security/SKILL.md]: Estimated 9,854 tokens exceeds skill warn limit of 8,000
  ⚠ WARNING (context-budget) [plugins/sdlc-workflow/skills/verify-pr/SKILL.md]: Estimated 11,813 tokens exceeds skill warn limit of 8,000
  ⚠ WARNING (plugin-readme) [plugins/sdlc-workflow/README.md]: Missing README.md (recommended)

Rule docs (or run `skillsaw explain <rule-id>`):
  https://skillsaw.org/rules/content-broken-internal-reference/
  https://skillsaw.org/rules/content-weak-language/
  https://skillsaw.org/rules/context-budget/
  https://skillsaw.org/rules/plugin-readme/

Scanned:
  Repo type: agentskills, marketplace
  Plugins:   1
  Skills:    9
  Rules run: 43
  Took:      2.3s

Summary:
  Errors:   0
  Warnings: 19
  Grade:    A- (3.77 weighted violations per 10k tokens)
  112 info-level violation(s) count toward the grade — run with -v to see them

fixed obvious broken references and tweaked .skillsaw config to ignore some things.

Summary by Sourcery

Add automated Skillsaw linting for skills content in CI with configured token limits.

Enhancements:

  • Configure Skillsaw context-budget rule to warn at 8k tokens and error at 16k tokens for skills.

Build:

  • Introduce a Skillsaw GitHub Actions workflow to run strict linting on pushes and pull requests to main.

CI:

  • Add a Skillsaw lint job to the GitHub Actions pipeline to enforce skill content linting with strict mode enabled.

Summary by Sourcery

Add automated Skillsaw linting for skills documentation and fix internal documentation links.

Enhancements:

  • Correct internal relative links in skills and CLAUDE documentation to shared templates and guidance files.

Build:

  • Introduce a Skillsaw GitHub Actions workflow to run strict linting on pushes and pull requests targeting main.

CI:

  • Add a Skillsaw lint job to the GitHub Actions pipeline with strict mode enabled to enforce skills content linting.

Documentation:

  • Improve CLAUDE and skills documentation by fixing broken internal references and adding explicit links to configuration and template files.

@sourcery-ai

sourcery-ai Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Reviewer's Guide

Adds a Skillsaw linting workflow to CI with strict mode and token limits, fixes broken internal references in skill docs, and adjusts documentation links and Skillsaw configuration to ignore or tune specific rules.

File-Level Changes

Change Details Files
Add Skillsaw linting to CI with strict mode and token-budget limits.
  • Introduce a GitHub Actions workflow that runs Skillsaw linting on pushes and pull requests to main.
  • Configure the Skillsaw action to run in strict mode to fail on configured errors.
  • Define a project-wide .skillsaw.yaml with version pinning and customized context-budget warn/error thresholds for skills, plus an exclusion for a content-critical-position rule on a specific skill file.
.github/workflows/skillsaw.yml
.skillsaw.yaml
Fix and improve internal documentation links in skill and CLAUDE docs to satisfy Skillsaw content rules.
  • Update relative links in skill markdown files to point to the correct shared documentation paths.
  • Convert plain-text path mentions in CLAUDE.md into proper markdown links to existing files.
  • Ensure references to shared templates and eval-coverage docs resolve correctly from nested skill directories.
plugins/sdlc-workflow/skills/verify-pr/SKILL.md
plugins/sdlc-workflow/skills/plan-feature/SKILL.md
plugins/sdlc-workflow/skills/triage-bug/SKILL.md
CLAUDE.md

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue, and left some high level feedback:

  • Consider pinning stbenjam/skillsaw to a specific commit SHA or at least a stable major tag (e.g. @v0.15.0 if available) instead of @v0 to avoid unexpected behavior from upstream changes.
  • The .skillsaw.yaml hard-codes version: "0.15.0" while the action is floated at @v0; it may be worth aligning these (or documenting the expected update process) so the workflow and config don’t silently drift apart.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- Consider pinning `stbenjam/skillsaw` to a specific commit SHA or at least a stable major tag (e.g. `@v0.15.0` if available) instead of `@v0` to avoid unexpected behavior from upstream changes.
- The `.skillsaw.yaml` hard-codes `version: "0.15.0"` while the action is floated at `@v0`; it may be worth aligning these (or documenting the expected update process) so the workflow and config don’t silently drift apart.

## Individual Comments

### Comment 1
<location path=".github/workflows/skillsaw.yml" line_range="18" />
<code_context>
+        uses: actions/checkout@v4
+
+      - name: Run skillsaw
+        uses: stbenjam/skillsaw@v0
+        with:
+          strict: true
</code_context>
<issue_to_address>
**🚨 suggestion (security):** Consider pinning the skillsaw action to a specific commit SHA instead of a floating tag.

Floating tags like `@v0` can change over time, introducing unexpected behavior or breaking changes. Pinning to a specific commit SHA (and optionally noting the corresponding release) improves supply-chain security and ensures the workflow remains stable until you intentionally update it.

Suggested implementation:

```
      - name: Run skillsaw
        uses: stbenjam/skillsaw@<PINNED_COMMIT_SHA>
        with:
          strict: true

```

1. Replace `<PINNED_COMMIT_SHA>` with the actual 40-character commit SHA of the `stbenjam/skillsaw` release you want to use (for example, the commit behind the current `v0` tag).
2. Optionally, you can add a YAML comment above the `uses:` line documenting which tag/release this SHA corresponds to (e.g., `# skillsaw v0.3.1`), to make future updates easier.
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread .github/workflows/skillsaw.yml Outdated
@rh-jfuller rh-jfuller marked this pull request as draft July 3, 2026 10:31
@rh-jfuller rh-jfuller marked this pull request as ready for review July 3, 2026 10:49

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • Consider scoping the new Skillsaw workflow with a paths filter (e.g., skills content and .skillsaw.yaml) so that linting doesn’t run on unrelated changes and slow down CI unnecessarily.
  • The .skillsaw.yaml file pins version: "0.15.0"; it may be worth adding a brief comment in that file or in CLAUDE.md about updating this in lockstep with the GitHub Action version to avoid drift between local and CI lint configurations.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- Consider scoping the new `Skillsaw` workflow with a `paths` filter (e.g., skills content and `.skillsaw.yaml`) so that linting doesn’t run on unrelated changes and slow down CI unnecessarily.
- The `.skillsaw.yaml` file pins `version: "0.15.0"`; it may be worth adding a brief comment in that file or in CLAUDE.md about updating this in lockstep with the GitHub Action version to avoid drift between local and CI lint configurations.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eval Results

Eval Results: plan-feature

Eval Passed Failed Pass Rate
eval-1 19/19 0 100%
eval-2 16/16 0 100%
eval-3 15/15 0 100%
eval-4 11/11 0 100%
eval-5 15/15 0 100%
eval-6 14/14 0 100%

Pass rate: 100% · Tokens: 75,965 · Duration: 317s

Baseline (7b46435b): 98% · 81,180 tokens · 334s

Eval Results: triage-bug

Eval Passed Failed Pass Rate
eval-1 9/9 0 100%
eval-2 4/4 0 100%
eval-3 5/5 0 100%

Pass rate: 100% · Tokens: 31,805 · Duration: 61s

Baseline (7b46435b): 100% · 20,911 tokens · 53s

Eval Results: verify-pr

Eval Passed Failed Pass Rate
eval-1 12/12 0 100%
eval-2 11/11 0 100%
eval-3 12/14 2 86%
eval-4 10/10 0 100%
eval-5 10/10 0 100%
eval-6 10/10 0 100%

Failed Assertions

eval-3: 2 failing assertions
  • Assertion: "Each sub-task description includes a Target PR section with the PR URL https://github.com/trustify/trustify-backend/pull/744 (constraint 1.12)"
    Evidence: "subtask-1.md has '## Target PR' (line 31) with URL 'https://github.com/trustify/trustify-backend/pull/744' (line 32) -- PASS. However, subtask-2.md (root-cause task, 25 lines total) does NOT contain a '## Target PR' section anywhere in the file. The assertion requires 'each' sub-task description to include this section, and subtask-2.md fails this requirement."

  • Assertion: "Each sub-task description includes a Review Context section with the original review comment text (constraint 1.12)"
    Evidence: "subtask-1.md has '## Review Context' (lines 34-38) with comment ID 30001, author 'reviewer-a', file path, and full comment text -- PASS. However, subtask-2.md (root-cause task, 25 lines total) does NOT contain a '## Review Context' section anywhere in the file. The assertion requires 'each' sub-task description to include this section, and subtask-2.md fails this requirement."

Pass rate: 98% · Tokens: 61,292 · Duration: 246s

Baseline (7b46435b): 91% · 79,591 tokens · 392s


Generated by sdlc-workflow/run-evals v0.12.2

@mrizzi mrizzi requested review from mrizzi and ruromero July 6, 2026 06:31

@mrizzi mrizzi left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rh-jfuller thanks: skill lint was missing but great to have and I can already see the improvements in this PR 👏

@ruromero ruromero left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mrizzi mrizzi merged commit 8255bb0 into mrizzi:main Jul 6, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants