Skip to content

feat(plugin-creator): context/plugin creator (working name) v0.1.0#17

Merged
marc-tessl merged 5 commits into
mainfrom
opt-plugin-creator-draft
Jul 6, 2026
Merged

feat(plugin-creator): context/plugin creator (working name) v0.1.0#17
marc-tessl merged 5 commits into
mainfrom
opt-plugin-creator-draft

Conversation

@marc-tessl

@marc-tessl marc-tessl commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Draft plugin that helps a user turn a problem, or a messy existing skill, into well-shaped agent context (a skill, or a plugin with the right primitives). Problem-first; eval stays in skill-optimizer as a downstream step. Working name.

Do not merge yet. Merging to `main` auto-publishes via CI. The manifest is `private: true`, so it publishes private (workspace-installable, reversible). Marc to review eval results, then decide merge (private publish) and, separately, the irreversible public flip.

Quality (QA'd on this branch)

  • Skill reviews: create-context 92, gather-context 85, plan-composition 94, build-composition 94, decompose-into-skills 85, publish-plugin 100 (all pass, bar is 80).
  • Content eval (claude-sonnet-4-6), baseline → with-context: 59→100, 73→88, 55→99, 42→100, 98→98. Avg 65% → 97%, no regressions.
  • Functional QA (agent drove the plugin): found and fixed a critical bug (decompose/build told the agent to run `tessl skill new` per sub-skill, which nests a plugin that `pack` silently drops), plus a skill-vs-rule gap and a `tessl plugin new` flag gap.

Open flag

  • Activation eval showed zero self-activation across scenarios on both deepseek and sonnet. Likely an artifact of the eval injecting the plugin as context files rather than installed skills (the content eval proves the context is used to great effect once present), but not confirmed. Worth a real-install routing check before the public flip.

Notes

  • 5 eval scenarios in `evals/`. `DRAFT-NOTES.md` / `TRY-THIS.md` are `.tesslignore`d (not shipped).

🤖 Generated with Claude Code

Summary by CodeRabbit

  • New Features

    • Added a new plugin creator experience with clear guidance for gathering context, planning, building, and publishing.
    • Added user-facing documentation and try-it guidance for working through plugin creation flows.
    • Added scenario-based evaluation content and sample inputs to support consistent plugin shaping and publishing.
  • Documentation

    • Expanded skill guidance with setup, workflow, decomposition, and publishing notes.
    • Added reference material covering plugin structure, shaping decisions, and supporting artefacts.
  • Chores

    • Updated ignore settings and added plugin metadata to support the new content.

marc-tessl and others added 2 commits July 1, 2026 22:52
…view

Working-name draft, not published. Six skills implementing the composition-plan
flow (understand -> gather -> plan -> build); eval is handed off to skill-optimizer,
not woven in. Lints clean; all skills materialise on install.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…cenarios

- build-composition / decompose-into-skills: stop instructing `tessl skill new` per
  sub-skill (it nests a standalone plugin that `pack` silently drops); author
  skills/<name>/SKILL.md directly, and verify with `pack`, not just `lint`
- plan-composition / choosing-the-shape: add explicit skill-vs-rule checkpoint for
  always-on-convention requests
- build-composition: correct `tessl plugin new` flag guidance (--skill/--rules, --workspace)
- shaping-and-decomposition: distinguish peer-skills vs orchestrator shapes
- add 5 generated eval scenarios (evals/)

QA: sonnet-4-6 content eval 65% -> 97% avg (no regressions); skill reviews 85-100.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown

Review Change Stack

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9f668566-b04d-4276-a4e2-58c2c1aa3a29

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

This PR introduces a new plugin-creator Tessl plugin. It adds plugin metadata and dependency manifests, draft/README/try-this documentation, six composition-workflow skills (create-context, gather-context, plan-composition, build-composition, decompose-into-skills, publish-plugin) with supporting reference docs, and five evaluation scenarios with criteria, inputs, and task specifications.

Changes

Plugin-creator plugin

Layer / File(s) Summary
Plugin manifest and dependency config
plugin-creator/.tessl-plugin/plugin.json, plugin-creator/.tesslignore, plugin-creator/tessl.json
Adds plugin metadata (name, version, description, skills path), ignore entries for draft docs, and a vendored dependency manifest referencing tessl/skill-optimizer.
Draft notes, README, and try-this guide
plugin-creator/DRAFT-NOTES.md, plugin-creator/README.md, plugin-creator/TRY-THIS.md
Documents the composition arc, the skill list and roles, and setup/testing instructions with two workflow scenarios and a feedback checklist.
Composition workflow skills and references
plugin-creator/skills/create-context/SKILL.md, plugin-creator/skills/gather-context/SKILL.md, plugin-creator/skills/gather-context/references/hunting-artifacts.md, plugin-creator/skills/plan-composition/SKILL.md, plugin-creator/skills/plan-composition/references/choosing-the-shape.md, plugin-creator/skills/build-composition/SKILL.md, plugin-creator/skills/build-composition/references/*, plugin-creator/skills/decompose-into-skills/SKILL.md, plugin-creator/skills/publish-plugin/SKILL.md
Adds the six skills implementing the understand→gather→plan→build→(optional publish) arc, plus reference docs on plugin anatomy, shaping/decomposition, artefact hunting, and shape selection.
Evaluation scenarios
plugin-creator/evals/scenario-0/*, plugin-creator/evals/scenario-1/*, plugin-creator/evals/scenario-2/*, plugin-creator/evals/scenario-3/*, plugin-creator/evals/scenario-4/*
Adds five weighted-checklist eval scenarios covering single-skill scaffolding, skill decomposition, primitive selection, publish checklist, and context-analysis inference, each with criteria, scenario metadata, task briefs, and supporting input files.

Estimated code review effort: 2 (Simple) | ~15 minutes

Sequence Diagram(s)

sequenceDiagram
  participant CreateContext
  participant GatherContext
  participant PlanComposition
  participant BuildComposition
  participant PublishPlugin
  CreateContext->>GatherContext: hand off to gather context
  GatherContext->>PlanComposition: confirm gathered artefacts
  PlanComposition->>BuildComposition: confirm composition plan
  BuildComposition->>PublishPlugin: hand off completed composition
Loading

Related PRs: None found.

Suggested labels: documentation, plugin-creator

Suggested reviewers: None found.


A plugin takes root, drafts unfurled,
Six skills in sequence, gently curled.
Gather, plan, and build with care,
Then publish—if the plan says "there."
Carrot-nosed rabbit hops through evals five,
Checking each checklist, keeping the arc alive. 🥕

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main change: a draft plugin-creator release at v0.1.0.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

coderabbitai[bot]
coderabbitai Bot previously requested changes Jul 5, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 6

🧹 Nitpick comments (2)
plugin-creator/skills/decompose-into-skills/SKILL.md (1)

14-20: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

State the verb-form naming rule explicitly.

The split criteria still leaves the sub-skill naming convention implicit. The downstream eval for this flow expects verb-form skill names, so call that out here rather than relying on the reader to infer it.

♻️ Proposed wording
- Draft a decomposition: one skill per responsibility, each with its own clear trigger. Show the user the proposed structure and the reasoning.
+ Draft a decomposition: one skill per responsibility, each with its own clear trigger and a verb-form skill name. Show the user the proposed structure and the reasoning.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugin-creator/skills/decompose-into-skills/SKILL.md` around lines 14 - 20,
State the split naming rule explicitly in the decomposition guidance for
SKILL.md: when proposing or creating sub-skills under skills/<name>/SKILL.md,
require verb-form names so the downstream eval can match them reliably. Update
the “Propose the split” and/or “Restructure” guidance around the symbols
“split”, “Restructure”, and “skills/<name>/SKILL.md” to make this convention
explicit instead of implied.
plugin-creator/evals/scenario-4/criteria.json (1)

36-39: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Broaden the fabricated-evidence check.

Baking in /find-optimizations and tessl agent-logs makes the rubric brittle and misses equivalent false claims about other tools. Generalise the criterion to the behaviour you care about instead of the current command names.

♻️ Suggested wording
-      "description": "The output does NOT claim to have run `/find-optimizations` or `tessl agent-logs` with specific results; any mention of these tools is framed as what could be done next, not as already completed",
+      "description": "The output does NOT claim to have run any inspection or evaluation command, or to have specific results that are not present in the provided artefacts; any mention of such tools is framed as a possible next step, not as already completed",
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugin-creator/evals/scenario-4/criteria.json` around lines 36 - 39,
Generalize the “No fabricated evidence” criterion so it checks for any false
claim of having run tools or obtained results, rather than hard-coding
/find-optimizations and tessl agent-logs. Update the description in
criteria.json to focus on the behavior—claims about completed tool use or
specific results must only appear if actually performed—so equivalent fabricated
evidence with other commands is also covered.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@plugin-creator/evals/scenario-1/inputs/SKILL.md`:
- Around line 36-40: The backup workflow is using wildcard globs that can
accidentally target older dump files instead of the newly created one. In the
backup steps around the pg_dump, gzip, aws s3 cp, aws s3 ls, and rm commands,
capture the timestamped filename once in a variable and reuse that exact name
for compression, upload, verification, and deletion. Make sure the logic in
SKILL.md consistently references the same backup file throughout the sequence.

In `@plugin-creator/evals/scenario-4/inputs/SKILL.md`:
- Around line 13-23: The deploy instructions in SKILL.md are still vague and too
easy to run against the wrong target. Update the checklist around the deploy
command so it explicitly names the required preflight checks, the environment
variables that must be set before running deployment, and a post-deploy smoke
test to verify success. Also make the command block safer by clearly indicating
the intended environment through the deploy step tied to deploy --env
production, and keep the guidance anchored in the existing checklist and
Commands section so it is easy to find and copy correctly.

In `@plugin-creator/skills/build-composition/SKILL.md`:
- Around line 48-58: The pack smoke test in the validation step only checks for
SKILL.md, so it can miss missing rules or commands. Update the validation
guidance around the tessl plugin pack and tar inspection flow to assert every
artifact the plugin can emit, using the existing pack output and the plugin
plan’s expected files as the reference. Keep the lint-and-pack sequence, but
broaden the tar check so it verifies skills plus rules, commands, and any other
generated artifacts materialize.

In `@plugin-creator/skills/create-context/SKILL.md`:
- Line 30: Tighten the CLI guidance in the create-context skill to match the
actual decomposition flow: the current mention of “tessl skill new” alongside
“tessl plugin new” can imply a nested-plugin workflow that this path no longer
uses. Update the wording near the existing CLI guidance in SKILL.md so it
directs users to create sub-skills directly under skills/<name>/SKILL.md and
keep the advice focused on inspecting tessl --help for the real CLI commands.

In `@plugin-creator/skills/plan-composition/SKILL.md`:
- Line 3: The composition plan template in SKILL.md only lists skills, rules,
and MCP servers, but it should also support command-shaped work as a first-class
option. Update the plan decision guidance and any related wording in the
composition flow to include command alongside the existing primitives, using the
existing shape-selection logic in the plan template so command-based cases are
not misclassified as skills or rules.

In `@plugin-creator/tessl.json`:
- Around line 2-3: The package name in the plugin config is creating a second
identity, so update the name in tessl.json to match the plugin manifest and
install docs. Keep the existing plugin-creator configuration intact, but change
the identity used by the plugin metadata so it consistently refers to
tessl/plugin-creator.

---

Nitpick comments:
In `@plugin-creator/evals/scenario-4/criteria.json`:
- Around line 36-39: Generalize the “No fabricated evidence” criterion so it
checks for any false claim of having run tools or obtained results, rather than
hard-coding /find-optimizations and tessl agent-logs. Update the description in
criteria.json to focus on the behavior—claims about completed tool use or
specific results must only appear if actually performed—so equivalent fabricated
evidence with other commands is also covered.

In `@plugin-creator/skills/decompose-into-skills/SKILL.md`:
- Around line 14-20: State the split naming rule explicitly in the decomposition
guidance for SKILL.md: when proposing or creating sub-skills under
skills/<name>/SKILL.md, require verb-form names so the downstream eval can match
them reliably. Update the “Propose the split” and/or “Restructure” guidance
around the symbols “split”, “Restructure”, and “skills/<name>/SKILL.md” to make
this convention explicit instead of implied.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2e50e4ad-fe4e-4d76-82d3-3327f9190f92

📥 Commits

Reviewing files that changed from the base of the PR and between afe823a and 68b7c61.

📒 Files selected for processing (35)
  • plugin-creator/.tessl-plugin/plugin.json
  • plugin-creator/.tesslignore
  • plugin-creator/DRAFT-NOTES.md
  • plugin-creator/README.md
  • plugin-creator/TRY-THIS.md
  • plugin-creator/evals/scenario-0/criteria.json
  • plugin-creator/evals/scenario-0/scenario.json
  • plugin-creator/evals/scenario-0/task.md
  • plugin-creator/evals/scenario-1/criteria.json
  • plugin-creator/evals/scenario-1/inputs/SKILL.md
  • plugin-creator/evals/scenario-1/scenario.json
  • plugin-creator/evals/scenario-1/task.md
  • plugin-creator/evals/scenario-2/criteria.json
  • plugin-creator/evals/scenario-2/scenario.json
  • plugin-creator/evals/scenario-2/task.md
  • plugin-creator/evals/scenario-3/criteria.json
  • plugin-creator/evals/scenario-3/my-plugin/.tessl-plugin/plugin.json
  • plugin-creator/evals/scenario-3/scenario.json
  • plugin-creator/evals/scenario-3/task.md
  • plugin-creator/evals/scenario-4/criteria.json
  • plugin-creator/evals/scenario-4/inputs/SKILL.md
  • plugin-creator/evals/scenario-4/inputs/pr-feedback.json
  • plugin-creator/evals/scenario-4/scenario.json
  • plugin-creator/evals/scenario-4/task.md
  • plugin-creator/skills/build-composition/SKILL.md
  • plugin-creator/skills/build-composition/references/plugin-anatomy.md
  • plugin-creator/skills/build-composition/references/shaping-and-decomposition.md
  • plugin-creator/skills/create-context/SKILL.md
  • plugin-creator/skills/decompose-into-skills/SKILL.md
  • plugin-creator/skills/gather-context/SKILL.md
  • plugin-creator/skills/gather-context/references/hunting-artifacts.md
  • plugin-creator/skills/plan-composition/SKILL.md
  • plugin-creator/skills/plan-composition/references/choosing-the-shape.md
  • plugin-creator/skills/publish-plugin/SKILL.md
  • plugin-creator/tessl.json

Comment on lines +36 to +40
2. Run a full dump: `pg_dump $DATABASE_URL > backup_$(date +%Y%m%d_%H%M%S).sql`
3. Compress: `gzip backup_*.sql`
4. Upload to S3: `aws s3 cp backup_*.sql.gz s3://company-db-backups/postgres/<env>/`
5. Verify the upload: `aws s3 ls s3://company-db-backups/postgres/<env>/ | tail -5`
6. Delete the local copy after confirming upload: `rm backup_*.sql.gz`

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Use the exact backup filename instead of globs.

backup_*.sql / backup_*.sql.gz can match older dumps in the working directory, so compression, upload, verification, and deletion may hit the wrong files. Capture the timestamped name once and reuse it end to end.

♻️ Proposed fix
- pg_dump $DATABASE_URL > backup_$(date +%Y%m%d_%H%M%S).sql
- gzip backup_*.sql
- aws s3 cp backup_*.sql.gz s3://company-db-backups/postgres/<env>/
- aws s3 ls s3://company-db-backups/postgres/<env>/ | tail -5
- rm backup_*.sql.gz
+ backup_file="backup_$(date +%Y%m%d_%H%M%S).sql"
+ pg_dump "$DATABASE_URL" > "$backup_file"
+ gzip "$backup_file"
+ aws s3 cp "${backup_file}.gz" s3://company-db-backups/postgres/<env>/
+ aws s3 ls "s3://company-db-backups/postgres/<env>/${backup_file}.gz"
+ rm "${backup_file}.gz"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
2. Run a full dump: `pg_dump $DATABASE_URL > backup_$(date +%Y%m%d_%H%M%S).sql`
3. Compress: `gzip backup_*.sql`
4. Upload to S3: `aws s3 cp backup_*.sql.gz s3://company-db-backups/postgres/<env>/`
5. Verify the upload: `aws s3 ls s3://company-db-backups/postgres/<env>/ | tail -5`
6. Delete the local copy after confirming upload: `rm backup_*.sql.gz`
backup_file="backup_$(date +%Y%m%d_%H%M%S).sql"
pg_dump "$DATABASE_URL" > "$backup_file"
gzip "$backup_file"
aws s3 cp "${backup_file}.gz" s3://company-db-backups/postgres/<env>/
aws s3 ls "s3://company-db-backups/postgres/<env>/${backup_file}.gz"
rm "${backup_file}.gz"
🧰 Tools
🪛 SkillSpector (2.3.7)

[warning] 38: [E5] Cloud Storage Exfiltration: Data is uploaded to cloud storage (S3 / GCS / Azure Blob). This may be a legitimate backup or exfiltration to an external bucket. Manual review is recommended.

Remediation: Verify the destination bucket is trusted and owned by you. Never upload credentials, secrets, or workspace contents to external or unverified cloud storage.

(Data Exfiltration (E5))


[warning] 44: [E5] Cloud Storage Exfiltration: Data is uploaded to cloud storage (S3 / GCS / Azure Blob). This may be a legitimate backup or exfiltration to an external bucket. Manual review is recommended.

Remediation: Verify the destination bucket is trusted and owned by you. Never upload credentials, secrets, or workspace contents to external or unverified cloud storage.

(Data Exfiltration (E5))

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugin-creator/evals/scenario-1/inputs/SKILL.md` around lines 36 - 40, The
backup workflow is using wildcard globs that can accidentally target older dump
files instead of the newly created one. In the backup steps around the pg_dump,
gzip, aws s3 cp, aws s3 ls, and rm commands, capture the timestamped filename
once in a variable and reuse that exact name for compression, upload,
verification, and deletion. Make sure the logic in SKILL.md consistently
references the same backup file throughout the sequence.

Comment on lines +13 to +23
- Sometimes you need to set environment variables first
- The deploy might take a while
- If it fails, look at the logs

## Commands

```bash
deploy --env production
```

Watch for errors in the output.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Make the deploy steps explicit and safer to copy.

The checklist still leaves the preflight checks, required environment variables, and post-deploy smoke test undefined, so the recurring feedback in pr-feedback.json remains unresolved. deploy --env production is also too easy to copy into the wrong environment.

♻️ Suggested fix
- - Sometimes you need to set environment variables first
- - The deploy might take a while
- - If it fails, look at the logs
+ - Set the required environment variables before deploying
+ - The deploy may take a while
+ - After deploy, verify the /health endpoint
@@
- deploy --env production
+ deploy --env <environment>
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- Sometimes you need to set environment variables first
- The deploy might take a while
- If it fails, look at the logs
## Commands
```bash
deploy --env production
```
Watch for errors in the output.
- Set the required environment variables before deploying
- The deploy may take a while
- After deploy, verify the /health endpoint
## Commands
🧰 Tools
🪛 LanguageTool

[grammar] ~14-~14: The word ‘deploy’ is a verb. Did you mean the noun “deployment” (= release, placement)?
Context: ...o set environment variables first - The deploy might take a while - If it fails, look ...

(PREPOSITION_VERB)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugin-creator/evals/scenario-4/inputs/SKILL.md` around lines 13 - 23, The
deploy instructions in SKILL.md are still vague and too easy to run against the
wrong target. Update the checklist around the deploy command so it explicitly
names the required preflight checks, the environment variables that must be set
before running deployment, and a post-deploy smoke test to verify success. Also
make the command block safer by clearly indicating the intended environment
through the deploy step tied to deploy --env production, and keep the guidance
anchored in the existing checklist and Commands section so it is easy to find
and copy correctly.

Comment on lines +48 to +58
## 5. Validate with lint AND pack

Lint checks structure; pack confirms what actually ships. Because lint can pass on a mis-nested skill, always do both:

```bash
tessl plugin lint <plugin-dir>
tessl plugin pack <plugin-dir> --output /tmp/check.tgz
tar tzf /tmp/check.tgz | grep SKILL.md # every intended skill must appear
```

Optionally install into a throwaway project (a `file:` dependency) and confirm the skills, rules, and any MCP servers materialise.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Broaden the pack smoke test.

tar tzf ... | grep SKILL.md only proves skills survived packing. A plugin can still drop rules or commands and pass this validation, so the test does not protect the full plugin contract. Extend the check to cover every artefact the plan can emit.

Suggested tweak
 tar tzf /tmp/check.tgz | grep SKILL.md   # every intended skill must appear
+tar tzf /tmp/check.tgz | grep -E '(^|/)rules/[^/]+\.md$'
+tar tzf /tmp/check.tgz | grep -E '(^|/)commands/[^/]+\.md$'
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
## 5. Validate with lint AND pack
Lint checks structure; pack confirms what actually ships. Because lint can pass on a mis-nested skill, always do both:
```bash
tessl plugin lint <plugin-dir>
tessl plugin pack <plugin-dir> --output /tmp/check.tgz
tar tzf /tmp/check.tgz | grep SKILL.md # every intended skill must appear
```
Optionally install into a throwaway project (a `file:` dependency) and confirm the skills, rules, and any MCP servers materialise.
## 5. Validate with lint AND pack
Lint checks structure; pack confirms what actually ships. Because lint can pass on a mis-nested skill, always do both:
🧰 Tools
🪛 LanguageTool

[style] ~58-~58: Would you like to use the Oxford spelling “materialize”? The spelling ‘materialise’ is also correct.
Context: ... the skills, rules, and any MCP servers materialise. ## 6. Hand off The composition now e...

(OXFORD_SPELLING_Z_NOT_S)

🪛 SkillSpector (2.3.7)

[error] 45: [AS2] MCP Config Access: Skill accesses MCP server configuration files (mcp.json). MCP configs contain server URLs, authentication tokens, and tool definitions — reading them allows the skill to discover and potentially abuse other tool integrations.

Remediation: Remove all code or instructions that read MCP configuration files (mcp.json). MCP server details should be managed by the agent runtime, not read by individual skills.

(Agent Snooping (AS2))

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugin-creator/skills/build-composition/SKILL.md` around lines 48 - 58, The
pack smoke test in the validation step only checks for SKILL.md, so it can miss
missing rules or commands. Update the validation guidance around the tessl
plugin pack and tar inspection flow to assert every artifact the plugin can
emit, using the existing pack output and the plugin plan’s expected files as the
reference. Keep the lint-and-pack sequence, but broaden the tar check so it
verifies skills plus rules, commands, and any other generated artifacts
materialize.

- **Honour what the user brings.** Restructure rather than rewrite. Change a user's skill content only if a review flags a real problem and they agree.
- **Narrate the why.** Make the value of decomposition or packaging visible.
- **Default to the smallest thing that solves the problem.** If a single skill does it, stop there. A plugin must earn its place.
- **Know the real CLI.** Scaffold with `tessl skill new` / `tessl plugin new`; inspect `tessl --help` rather than inventing commands.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Tighten the CLI guidance to the final shape.

"tessl skill new" here reads as a blanket recommendation, but the decomposition flow below writes sub-skills directly under skills/<name>/SKILL.md. As written, this can send people back towards the nested-plugin pattern the stack already fixed.

♻️ Proposed wording
- - **Know the real CLI.** Scaffold with `tessl skill new` / `tessl plugin new`; inspect `tessl --help` rather than inventing commands.
+ - **Know the real CLI.** Use `tessl skill new` for standalone skills and `tessl plugin new` for plugin-level scaffolding; inside a plugin, let `build-composition` write sub-skills directly, and inspect `tessl --help` rather than inventing commands.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- **Know the real CLI.** Scaffold with `tessl skill new` / `tessl plugin new`; inspect `tessl --help` rather than inventing commands.
- **Know the real CLI.** Use `tessl skill new` for standalone skills and `tessl plugin new` for plugin-level scaffolding; inside a plugin, let `build-composition` write sub-skills directly, and inspect `tessl --help` rather than inventing commands.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugin-creator/skills/create-context/SKILL.md` at line 30, Tighten the CLI
guidance in the create-context skill to match the actual decomposition flow: the
current mention of “tessl skill new” alongside “tessl plugin new” can imply a
nested-plugin workflow that this path no longer uses. Update the wording near
the existing CLI guidance in SKILL.md so it directs users to create sub-skills
directly under skills/<name>/SKILL.md and keep the advice focused on inspecting
tessl --help for the real CLI commands.

@@ -0,0 +1,39 @@
---
name: plan-composition
description: Use once the problem and artifacts are understood, to decide the right shape for the context. Produces a short composition plan - a single skill for simple cases, or a plugin (with rules, MCP servers, or multiple skills) for richer ones - and confirms it with the user before anything is built.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Add commands to the shape decision.

The plan template only names skills, rules, and MCP servers, but this layer already treats commands as a first-class primitive elsewhere. Add command here so command-shaped work does not get forced into a skill or rule.

Suggested tweak
- Produces a short composition plan - a single skill for simple cases, or a plugin (with rules, MCP servers, or multiple skills) for richer ones - and confirms it with the user before anything is built.
+ Produces a short composition plan - a single skill for simple cases, or a plugin (with rules, commands, MCP servers, or multiple skills) for richer ones - and confirms it with the user before anything is built.
...
- which primitive each part becomes (skill vs rule vs MCP), and whether anything needs decomposing.
+ which primitive each part becomes (skill vs rule vs command vs MCP), and whether anything needs decomposing.

Also applies to: 29-31

🧰 Tools
🪛 SkillSpector (2.3.7)

[error] 15: [AR1] Anti-Refusal Statement: Skill instructs the agent to never refuse or to always comply. Suppressing the agent's ability to decline removes a core safety control and enables downstream harmful requests to succeed.

Remediation: Remove any instruction telling the agent to never refuse or always comply. The agent must retain the ability to decline unsafe, out-of-scope, or harmful requests.

(Anti-Refusal (AR1))

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugin-creator/skills/plan-composition/SKILL.md` at line 3, The composition
plan template in SKILL.md only lists skills, rules, and MCP servers, but it
should also support command-shaped work as a first-class option. Update the plan
decision guidance and any related wording in the composition flow to include
command alongside the existing primitives, using the existing shape-selection
logic in the plan template so command-based cases are not misclassified as
skills or rules.

Comment thread plugin-creator/tessl.json
Comment on lines +2 to +3
"name": "tessl/plugin-creator-dev",
"mode": "vendored",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Align the package name with the plugin manifest.

tessl/plugin-creator-dev creates a second identity for the same plugin. The plugin manifest and install docs both point at tessl/plugin-creator, so this name should match them.

Suggested fix
-  "name": "tessl/plugin-creator-dev",
+  "name": "tessl/plugin-creator",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"name": "tessl/plugin-creator-dev",
"mode": "vendored",
"name": "tessl/plugin-creator",
"mode": "vendored",
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugin-creator/tessl.json` around lines 2 - 3, The package name in the plugin
config is creating a second identity, so update the name in tessl.json to match
the plugin manifest and install docs. Keep the existing plugin-creator
configuration intact, but change the identity used by the plugin metadata so it
consistently refers to tessl/plugin-creator.

marc-tessl and others added 2 commits July 5, 2026 22:03
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- create-context: clarify CLI guidance (skill new = standalone, sub-skills authored directly)
- build-composition: broaden pack smoke test to rules and commands
- plan-composition: add commands to the shape decision
- decompose-into-skills: require verb-form sub-skill names
- .tesslignore the dev tessl.json so it does not ship a second identity

Skipped: the two eval-fixture SKILL.md nits (fixtures are intentionally imperfect inputs).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@marc-tessl
marc-tessl dismissed coderabbitai[bot]’s stale review July 5, 2026 21:08

Addressed substantive comments in follow-up commits (CLI guidance, pack check, dev-manifest naming via .tesslignore, verb-form names). Skipped the two eval-fixture nits (fixtures are intentionally imperfect inputs). Merging per owner authorisation.

…kill

- gather-context: read .tessl/memory/preferences (plugins/agents/source-control-and-ci) for grounding
- build-composition: run security review for plugins touching MCP/scripts/secrets/auth/CI
- choosing-the-shape: point deterministic-check / verifier behaviours at change-verify, not skills/rules

Replicates the old harness-engineering plugin-creator's remaining behaviour so this can supersede it.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@marc-tessl
marc-tessl requested a review from sandra-tessl July 6, 2026 07:20

@sandra-tessl sandra-tessl left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@marc-tessl
marc-tessl merged commit 907459b into main Jul 6, 2026
2 checks passed
@marc-tessl
marc-tessl deleted the opt-plugin-creator-draft branch July 6, 2026 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants