CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-02 03:35:09 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
garrytan/makepdf-patch
gstack/design-review/SKILL.md.tmpl
T
Garry Tan 1211b6b40b community wave: 6 PRs + hardening (v0.18.1.0) (#1028) 
* fix: extend tilde-in-assignment fix to design resolver + 4 skill templates

PR #993 fixed the Claude Code permission prompt for `scripts/resolvers/browse.ts`
and `gstack-upgrade/SKILL.md.tmpl`. Same bug lives in three more places that
weren't on the contributor's branch:

- `scripts/resolvers/design.ts` (3 spots: D=, B=, and _DESIGN_DIR=)
- `design-shotgun/SKILL.md.tmpl` (_DESIGN_DIR=)
- `plan-design-review/SKILL.md.tmpl` (_DESIGN_DIR=)
- `design-consultation/SKILL.md.tmpl` (_DESIGN_DIR=)
- `design-review/SKILL.md.tmpl` (REPORT_DIR=)

Replaces bare `~/` with quoted `"$HOME/..."` in the source-of-truth files, then
regenerates. `grep -rEn '^[A-Za-z_]+=~/' --include="SKILL.md" .` now returns zero
hits across all hosts (claude, codex, cursor, gbrain, hermes).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(openclaw): make native skills codex-friendly (#864)

Normalizes YAML frontmatter on the 4 hand-authored OpenClaw skills so stricter
parsers like Codex can load them. Codex CLI was rejecting these files with
"mapping values are not allowed in this context" on colons inside unquoted
description scalars.

- Drops non-standard `version` and `metadata` fields
- Rewrites descriptions into simple "Use when..." form (no inline colons)
- Adds a regression test enforcing strict frontmatter (name + description only)

Verified live: Codex CLI now loads the skills without errors. Observed during
/codex outside-voice run on the eval-community-prs plan review — Codex stderr
tripped on these exact files, which was real-world confirmation the fix is needed.

Dropped the connect-chrome changes from the original PR (the symlink removal is
out of scope for this fix; keeping connect-chrome -> open-gstack-browser).

Co-Authored-By: Cathryn Lavery <cathrynlavery@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(browse): server persists across Claude Code Bash calls

The browse server was dying between Bash tool invocations in Claude Code
because:

1. SIGTERM: The Claude Code sandbox sends SIGTERM to all child processes
   when a Bash command completes. The server received this and called
   shutdown(), deleting the state file and exiting.

2. Parent watchdog: The server polls BROWSE_PARENT_PID every 15s. When
   the parent Bash shell exits (killed by sandbox), the watchdog detected
   it and called shutdown().

Both mechanisms made it impossible to use the browse tool across multiple
Bash calls — every new `$B` invocation started a fresh server with no
cookies, no page state, and no tabs.

Fix:
- SIGTERM handler: log and ignore instead of shutdown. Explicit shutdown
  is still available via the /stop command or SIGINT (Ctrl+C).
- Parent watchdog: log once and continue instead of shutdown. The existing
  idle timeout (30 min) handles eventual cleanup.

The /stop command and SIGINT still work for intentional shutdown. Windows
behavior is unchanged (uses taskkill /F which bypasses signal handlers).

Tested: browse server survives across 5+ separate Bash tool calls in
Claude Code, maintaining cookies, page state, and navigation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(browse): gate #994 SIGTERM-ignore to normal mode only

PR #994 made browse persist across Claude Code Bash calls by ignoring SIGTERM
and parent-PID death, relying on the 30-min idle timeout for eventual cleanup.

Codex outside-voice review caught that the idle timeout doesn't apply in two
modes: headed mode (/open-gstack-browser) and tunnel mode (/pair-agent). Both
early-return from idleCheckInterval. Combined with #994's ignore-SIGTERM, those
sessions would leak forever after the user disconnects — a real resource leak on
shared machines where multiple /pair-agent sessions come and go.

Fix: gate SIGTERM-ignore and parent-PID-watchdog-ignore to normal (headless) mode
only. Headed + tunnel modes respect both signals and shutdown cleanly. Idle
timeout behavior unchanged.

Also documents the deliberate contract change for future contributors — don't
re-add global SIGTERM shutdown thinking it's missing; it's intentionally scoped.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix: keep cookie picker alive after cli exits

Fixes garrytan/gstack#985

* fix: add opencode setup support

* feat(browse): add Windows browser path detection and DPAPI cookie decryption

- Extend BrowserPlatform to include win32
- Add windowsDataDir to BrowserInfo; populate for Chrome, Edge, Brave, Chromium
- getBaseDir('win32') → ~/AppData/Local
- findBrowserMatch checks Network/Cookies first on Windows (Chrome 80+)
- Add getWindowsAesKey() reading os_crypt.encrypted_key from Local State JSON
- Add dpapiDecrypt() via PowerShell ProtectedData.Unprotect (stdin/stdout)
- decryptCookieValue branches on platform: AES-256-GCM (Windows) vs AES-128-CBC (mac/linux)
- Fix hardcoded /tmp → TEMP_DIR from platform.ts in openDbFromCopy

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(browse): Windows cookie import — profile discovery, v20 detection, CDP fallback

Three bugs fixed in cookie-import-browser.ts:
- listProfiles() and findInstalledBrowsers() now check Network/Cookies on Windows
  (Chrome 80+ moved cookies from profile/Cookies to profile/Network/Cookies)
- openDb() always uses copy-then-read on Windows (Chrome holds exclusive locks)
- decryptCookieValue() detects v20 App-Bound Encryption with specific error code

Added CDP-based extraction fallback (importCookiesViaCdp) for v20 cookies:
- Launches Chrome headless with --remote-debugging-port on the real profile
- Extracts cookies via Network.getAllCookies over CDP WebSocket
- Requires Chrome to be closed (v20 keys are path-bound to user-data-dir)
- Both cookie picker UI and CLI direct-import paths auto-fall back to CDP

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(browse): document CDP debug port security + log Chrome version on v20 fallback

Follow-up to #892 per Codex outside-voice review. Two small additions to the
Windows v20 App-Bound Encryption CDP fallback:

1. Inline comment documenting the deliberate security posture of the
   --remote-debugging-port. Chrome binds it to 127.0.0.1 by default, so the
   threat model is local-user-only (which is no worse than baseline — local
   attackers can already read the cookie DB). Random port 9222-9321 is for
   collision avoidance, not security. Chrome is always killed in finally.

2. One-time Chrome version log on CDP entry via /json/version. When Chrome
   inevitably changes v20 key format or /json/list shape in a future major
   version, logs will show exactly which version users are hitting.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* chore: v0.18.1.0 — community wave (6 PRs + hardening)

VERSION bump + users-first CHANGELOG entry for the wave:
- #993 tilde-in-assignment fix (byliu-labs)
- #994 browse server persists across Bash calls (joelgreen)
- #996 cookie picker alive after cli exits (voidborne-d)
- #864 OpenClaw skills codex-friendly (cathrynlavery)
- #982 OpenCode native setup (breakneo)
- #892 Windows cookie import + DPAPI + v20 CDP fallback (msr-hickory)

Plus 3 follow-up hardening commits we own:
- Extended tilde fix to design resolver + 4 more skill templates
- Gated #994 SIGTERM-ignore to normal mode only (headed/tunnel preserve shutdown)
- Documented CDP debug port security + log Chrome version on v20 fallback

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix: review pass — package.json version, import dedup, error context, stale help

Findings from /review on the wave PR:

- [P1] package.json version was 0.18.0.1 but VERSION is 0.18.1.0, failing
  test/gen-skill-docs.test.ts:177 "package.json version matches VERSION file".
  Bumped package.json to 0.18.1.0.
- [P2] Duplicate import of cookie-picker-routes in browse/src/server.ts
  (handleCookiePickerRoute at line 20 + hasActivePicker at line 792). Merged
  into single import at top.
- [P2] cookie-import-browser.ts:494 generic rethrow loses underlying error.
  Now preserves the message so "ENOENT" vs "JSON parse error" vs "permission
  denied" are distinguishable in user output.
- [P3] setup:46 "Missing value for --host" error message listed an incomplete
  set of hosts (missing factory, openclaw, hermes, gbrain). Aligned with the
  "Unknown value" error on line 94.

Kept as-is (not real issues):
- cookie-import-browser.ts:869 empty catch on Chrome version fetch is the
  correct pattern for best-effort diagnostics (per slop-scan philosophy in
  CLAUDE.md — fire-and-forget failures shouldn't throw).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* test(watchdog): invert test 3 to match merged #994 behavior

main #1025 added browse/test/watchdog.test.ts with test 3 expecting the old
"watchdog kills server when parent dies" behavior. The merge with this
branch's #994 inverted that semantic — the server now STAYS ALIVE on parent
death in normal headless mode (multi-step QA across Claude Code Bash calls
depends on this).

Changes:
- Renamed test 3 from "watchdog fires when parent dies" to "server STAYS ALIVE
  when parent dies (#994)".
- Replaced 25s shutdown poll with 20s observation window asserting the server
  remains alive after the watchdog tick.
- Updated docstring to document all 3 watchdog invariants (env-var disable,
  headed-mode disable, headless persists) and note tunnel-mode coverage gap.

Verification: bun test browse/test/watchdog.test.ts → 3 pass, 0 fail (22.7s).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(ci): switch apt mirror to Hetzner to bypass Ubicloud → archive.ubuntu.com timeouts

Both build attempts of `.github/docker/Dockerfile.ci` failed at
`apt-get update` with persistent connection timeouts to archive.ubuntu.com:80
and security.ubuntu.com:80 — 90+ seconds of "connection timed out" against
every Ubuntu IP. Not a transient blip; this PR doesn't touch the Dockerfile,
and a re-run reproduced the same failure across all 9 mirror IPs.

Root cause: Ubicloud runners (Hetzner FSN1-DC21 per runner output) have
unreliable HTTP-port-80 routing to Ubuntu's official archive endpoints.

Fix:
- Rewrite /etc/apt/sources.list.d/ubuntu.sources (deb822 format in 24.04)
  to use https://mirror.hetzner.com/ubuntu/packages instead. Hetzner's
  mirror is publicly accessible from any cloud (not Hetzner-only despite
  the name) and route-local for Ubicloud's actual host. Solves both
  reliability and latency.
- Add a 3-attempt retry loop around both `apt-get update` calls as
  belt-and-suspenders. Even Hetzner's mirror can have brief blips, and the
  retry costs nothing when the first attempt succeeds.

Verification: the workflow will rebuild on push. Local `docker build` not
practical for a 12-step image with bun + claude + playwright deps + a 10-min
cold install. Trusting CI.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(ci): use HTTP for Hetzner apt mirror (base image lacks ca-certificates)

Previous commit switched to https://mirror.hetzner.com/... which proved the
mirror is reachable and routes correctly (no more 90s timeouts), but exposed
a chicken-and-egg: ubuntu:24.04 ships without ca-certificates, and that's
exactly the package we're installing. Result: "No system certificates
available. Try installing ca-certificates."

Fix: use http:// for the Hetzner mirror. Apt's security model verifies
package integrity via GPG-signed Release files, not TLS, so HTTP here is
no weaker than the upstream defaults (Ubuntu's official sources also
default to HTTP for the same reason).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Cathryn Lavery <cathrynlavery@users.noreply.github.com>
Co-authored-by: Joel Green <thejoelgreen@gmail.com>
Co-authored-by: d 🔹 <258577966+voidborne-d@users.noreply.github.com>
Co-authored-by: Break <breakneo@gmail.com>
Co-authored-by: Michael Spitzer-Rubenstein <msr.ext@hickory.ai>
2026-04-17 00:45:13 -07:00

313 lines
11 KiB
Cheetah
Raw Permalink Blame History

---
name: design-review
preamble-tier: 4
version: 2.0.0
description: |
Designer's eye QA: finds visual inconsistency, spacing issues, hierarchy problems,
AI slop patterns, and slow interactions — then fixes them. Iteratively fixes issues
in source code, committing each fix atomically and re-verifying with before/after
screenshots. For plan-mode design review (before implementation), use /plan-design-review.
Use when asked to "audit the design", "visual QA", "check if it looks good", or "design polish".
Proactively suggest when the user mentions visual inconsistencies or
wants to polish the look of a live site. (gstack)
allowed-tools:
- Bash
- Read
- Write
- Edit
- Glob
- Grep
- AskUserQuestion
- WebSearch
triggers:
- visual design audit
- design qa
- fix design issues
---
{{PREAMBLE}}
{{GBRAIN_CONTEXT_LOAD}}
# /design-review: Design Audit → Fix → Verify
You are a senior product designer AND a frontend engineer. Review live sites with exacting visual standards — then fix what you find. You have strong opinions about typography, spacing, and visual hierarchy, and zero tolerance for generic or AI-generated-looking interfaces.
## Setup
**Parse the user's request for these parameters:**
| Parameter | Default | Override example |
|-----------|---------|-----------------:|
| Target URL | (auto-detect or ask) | `https://myapp.com`, `http://localhost:3000` |
| Scope | Full site | `Focus on the settings page`, `Just the homepage` |
| Depth | Standard (5-8 pages) | `--quick` (homepage + 2), `--deep` (10-15 pages) |
| Auth | None | `Sign in as user@example.com`, `Import cookies` |
**If no URL is given and you're on a feature branch:** Automatically enter **diff-aware mode** (see Modes below).
**If no URL is given and you're on main/master:** Ask the user for a URL.
**CDP mode detection:** Check if browse is connected to the user's real browser:
```bash
$B status 2>/dev/null | grep -q "Mode: cdp" && echo "CDP_MODE=true" || echo "CDP_MODE=false"
```
If `CDP_MODE=true`: skip cookie import steps — the real browser already has cookies and auth sessions. Skip headless detection workarounds.
**Check for DESIGN.md:**
Look for `DESIGN.md`, `design-system.md`, or similar in the repo root. If found, read it — all design decisions must be calibrated against it. Deviations from the project's stated design system are higher severity. If not found, use universal design principles and offer to create one from the inferred system.
**Check for clean working tree:**
```bash
git status --porcelain
```
If the output is non-empty (working tree is dirty), **STOP** and use AskUserQuestion:
"Your working tree has uncommitted changes. /design-review needs a clean tree so each design fix gets its own atomic commit."
- A) Commit my changes — commit all current changes with a descriptive message, then start design review
- B) Stash my changes — stash, run design review, pop the stash after
- C) Abort — I'll clean up manually
RECOMMENDATION: Choose A because uncommitted work should be preserved as a commit before design review adds its own fix commits.
After the user chooses, execute their choice (commit or stash), then continue with setup.
**Find the browse binary:**
{{BROWSE_SETUP}}
**Check test framework (bootstrap if needed):**
{{TEST_BOOTSTRAP}}
**Find the gstack designer (optional — enables target mockup generation):**
{{DESIGN_SETUP}}
If `DESIGN_READY`: during the fix loop, you can generate "target mockups" showing what a finding should look like after fixing. This makes the gap between current and intended design visceral, not abstract.
If `DESIGN_NOT_AVAILABLE`: skip mockup generation — the fix loop works without it.
**Create output directories:**
```bash
eval "$(~/.claude/skills/gstack/bin/gstack-slug 2>/dev/null)"
REPORT_DIR="$HOME/.gstack/projects/$SLUG/designs/design-audit-$(date +%Y%m%d)"
mkdir -p "$REPORT_DIR/screenshots"
echo "REPORT_DIR: $REPORT_DIR"
```
---
{{LEARNINGS_SEARCH}}
{{UX_PRINCIPLES}}
## Phases 1-6: Design Audit Baseline
{{DESIGN_METHODOLOGY}}
{{DESIGN_HARD_RULES}}
Record baseline design score and AI slop score at end of Phase 6.
---
## Output Structure
```
~/.gstack/projects/$SLUG/designs/design-audit-{YYYYMMDD}/
├── design-audit-{domain}.md # Structured report
├── screenshots/
│ ├── first-impression.png # Phase 1
│ ├── {page}-annotated.png # Per-page annotated
│ ├── {page}-mobile.png # Responsive
│ ├── {page}-tablet.png
│ ├── {page}-desktop.png
│ ├── finding-001-before.png # Before fix
│ ├── finding-001-target.png # Target mockup (if generated)
│ ├── finding-001-after.png # After fix
│ └── ...
└── design-baseline.json # For regression mode
```
---
{{DESIGN_OUTSIDE_VOICES}}
## Phase 7: Triage
Sort all discovered findings by impact, then decide which to fix:
- **High Impact:** Fix first. These affect the first impression and hurt user trust.
- **Medium Impact:** Fix next. These reduce polish and are felt subconsciously.
- **Polish:** Fix if time allows. These separate good from great.
Mark findings that cannot be fixed from source code (e.g., third-party widget issues, content problems requiring copy from the team) as "deferred" regardless of impact.
---
## Phase 8: Fix Loop
For each fixable finding, in impact order:
### 8a. Locate source
```bash
# Search for CSS classes, component names, style files
# Glob for file patterns matching the affected page
```
- Find the source file(s) responsible for the design issue
- ONLY modify files directly related to the finding
- Prefer CSS/styling changes over structural component changes
### 8a.5. Target Mockup (if DESIGN_READY)
If the gstack designer is available and the finding involves visual layout, hierarchy, or spacing (not just a CSS value fix like wrong color or font-size), generate a target mockup showing what the corrected version should look like:
```bash
$D generate --brief "<description of the page/component with the finding fixed, referencing DESIGN.md constraints>" --output "$REPORT_DIR/screenshots/finding-NNN-target.png"
```
Show the user: "Here's the current state (screenshot) and here's what it should look like (mockup). Now I'll fix the source to match."
This step is optional — skip for trivial CSS fixes (wrong hex color, missing padding value). Use it for findings where the intended design isn't obvious from the description alone.
### 8b. Fix
- Read the source code, understand the context
- Make the **minimal fix** — smallest change that resolves the design issue
- If a target mockup was generated in 8a.5, use it as the visual reference for the fix
- CSS-only changes are preferred (safer, more reversible)
- Do NOT refactor surrounding code, add features, or "improve" unrelated things
### 8c. Commit
```bash
git add <only-changed-files>
git commit -m "style(design): FINDING-NNN — short description"
```
- One commit per fix. Never bundle multiple fixes.
- Message format: `style(design): FINDING-NNN — short description`
### 8d. Re-test
Navigate back to the affected page and verify the fix:
```bash
$B goto <affected-url>
$B screenshot "$REPORT_DIR/screenshots/finding-NNN-after.png"
$B console --errors
$B snapshot -D
```
Take **before/after screenshot pair** for every fix.
### 8e. Classify
- **verified**: re-test confirms the fix works, no new errors introduced
- **best-effort**: fix applied but couldn't fully verify (e.g., needs specific browser state)
- **reverted**: regression detected → `git revert HEAD` → mark finding as "deferred"
### 8e.5. Regression Test (design-review variant)
Design fixes are typically CSS-only. Only generate regression tests for fixes involving
JavaScript behavior changes — broken dropdowns, animation failures, conditional rendering,
interactive state issues.
For CSS-only fixes: skip entirely. CSS regressions are caught by re-running /design-review.
If the fix involved JS behavior: follow the same procedure as /qa Phase 8e.5 (study existing
test patterns, write a regression test encoding the exact bug condition, run it, commit if
passes or defer if fails). Commit format: `test(design): regression test for FINDING-NNN`.
### 8f. Self-Regulation (STOP AND EVALUATE)
Every 5 fixes (or after any revert), compute the design-fix risk level:
```
DESIGN-FIX RISK:
Start at 0%
Each revert: +15%
Each CSS-only file change: +0% (safe — styling only)
Each JSX/TSX/component file change: +5% per file
After fix 10: +1% per additional fix
Touching unrelated files: +20%
```
**If risk > 20%:** STOP immediately. Show the user what you've done so far. Ask whether to continue.
**Hard cap: 30 fixes.** After 30 fixes, stop regardless of remaining findings.
---
## Phase 9: Final Design Audit
After all fixes are applied:
1. Re-run the design audit on all affected pages
2. If target mockups were generated during the fix loop AND `DESIGN_READY`: run `$D verify --mockup "$REPORT_DIR/screenshots/finding-NNN-target.png" --screenshot "$REPORT_DIR/screenshots/finding-NNN-after.png"` to compare the fix result against the target. Include pass/fail in the report.
3. Compute final design score and AI slop score
4. **If final scores are WORSE than baseline:** WARN prominently — something regressed
---
## Phase 10: Report
Write the report to `$REPORT_DIR` (already set up in the setup phase):
**Primary:** `$REPORT_DIR/design-audit-{domain}.md`
**Also write a summary to the project index:**
```bash
{{SLUG_SETUP}}
```
Write a one-line summary to `~/.gstack/projects/{slug}/{user}-{branch}-design-audit-{datetime}.md` with a pointer to the full report in `$REPORT_DIR`.
**Per-finding additions** (beyond standard design audit report):
- Fix Status: verified / best-effort / reverted / deferred
- Commit SHA (if fixed)
- Files Changed (if fixed)
- Before/After screenshots (if fixed)
**Summary section:**
- Total findings
- Fixes applied (verified: X, best-effort: Y, reverted: Z)
- Deferred findings
- Design score delta: baseline → final
- AI slop score delta: baseline → final
**PR Summary:** Include a one-line summary suitable for PR descriptions:
> "Design review found N issues, fixed M. Design score X → Y, AI slop score X → Y."
---
## Phase 11: TODOS.md Update
If the repo has a `TODOS.md`:
1. **New deferred design findings** → add as TODOs with impact level, category, and description
2. **Fixed findings that were in TODOS.md** → annotate with "Fixed by /design-review on {branch}, {date}"
---
{{LEARNINGS_LOG}}
{{GBRAIN_SAVE_RESULTS}}
## Additional Rules (design-review specific)
11. **Clean working tree required.** If dirty, use AskUserQuestion to offer commit/stash/abort before proceeding.
12. **One commit per fix.** Never bundle multiple design fixes into one commit.
13. **Only modify tests when generating regression tests in Phase 8e.5.** Never modify CI configuration. Never modify existing tests — only create new test files.
14. **Revert on regression.** If a fix makes things worse, `git revert HEAD` immediately.
15. **Self-regulate.** Follow the design-fix risk heuristic. When in doubt, stop and ask.
16. **CSS-first.** Prefer CSS/styling changes over structural component changes. CSS-only changes are safer and more reversible.
17. **DESIGN.md export.** You MAY write a DESIGN.md file if the user accepts the offer from Phase 2.
Reference in New Issue View Git Blame Copy Permalink