CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-09 14:55:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge origin/main, resolve CHANGELOG conflict, bump to v0.13.7.0

Browse Source 
Main landed v0.13.6.0 (GStack Learns) while this branch had v0.13.6.0
(Community Wave). Resolved by keeping both entries and bumping this
branch to v0.13.7.0. Regenerated SKILL.md files to pick up new learn
skill and apply the find -exec rm fix from this branch.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-03-29 20:03:18 -07:00
parent fed92d053c ae0a9ad195
commit f21edb5943
49 changed files with 2379 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cso/SKILL.md
+34
View File
@@ -65,6 +65,15 @@ for _PF in $(find ~/.gstack/analytics -maxdepth 1 -name '.pending-*' 2>/dev/null
fi
break
done
# Learnings count
eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)" 2>/dev/null || true
_LEARN_FILE="${GSTACK_HOME:-$HOME/.gstack}/projects/${SLUG:-unknown}/learnings.jsonl"
if [ -f "$_LEARN_FILE" ]; then
_LEARN_COUNT=$(wc -l < "$_LEARN_FILE" 2>/dev/null | tr -d ' ')
echo "LEARNINGS: $_LEARN_COUNT entries loaded"
else
echo "LEARNINGS: 0"
fi
```
If `PROACTIVE` is `"false"`, do not proactively suggest gstack skills AND do not
@@ -798,6 +807,31 @@ SECURITY FINDINGS
4 HIGH 9/10 UNVERIFIED Integrations Webhook w/o signature verify P6 api/webhooks.ts:24
```
## Confidence Calibration
Every finding MUST include a confidence score (1-10):
| Score | Meaning | Display rule |
|-------|---------|-------------|
| 9-10 | Verified by reading specific code. Concrete bug or exploit demonstrated. | Show normally |
| 7-8 | High confidence pattern match. Very likely correct. | Show normally |
| 5-6 | Moderate. Could be a false positive. | Show with caveat: "Medium confidence, verify this is actually an issue" |
| 3-4 | Low confidence. Pattern is suspicious but may be fine. | Suppress from main report. Include in appendix only. |
| 1-2 | Speculation. | Only report if severity would be P0. |
**Finding format:**
\`[SEVERITY] (confidence: N/10) file:line — description\`
Example:
\`[P1] (confidence: 9/10) app/models/user.rb:42 — SQL injection via string interpolation in where clause\`
\`[P2] (confidence: 5/10) app/controllers/api/v1/users_controller.rb:18 — Possible N+1 query, verify with production logs\`
**Calibration learning:** If you report a finding with confidence < 7 and the user
confirms it IS a real issue, that is a calibration event. Your initial confidence was
too low. Log the corrected pattern as a learning so future reviews catch it with
higher confidence.
For each finding:
```
## Finding N: [Title] — [File:Line]
cso/SKILL.md.tmpl
+2
View File
@@ -487,6 +487,8 @@ SECURITY FINDINGS
4 HIGH 9/10 UNVERIFIED Integrations Webhook w/o signature verify P6 api/webhooks.ts:24
```
{{CONFIDENCE_CALIBRATION}}
For each finding:
```
## Finding N: [Title] — [File:Line]