mirror of
https://github.com/garrytan/gstack.git
synced 2026-07-04 07:07:54 +02:00
0d68ef1a39
Shortens frontmatter `description:` in every Claude SKILL.md to a single
lead sentence + (gstack) tag. The routing prose ("Use when asked to...",
"Proactively suggest...") and voice triggers move to a "## When to invoke"
body section so they remain discoverable inside the skill. A per-run
registry at scripts/proactive-suggestions.json aggregates the routing/
voice text for all 52 skills so agents can pull guidance on demand
without paying for it in the always-loaded catalog.
Build flag --catalog-mode=full restores v1.44 legacy behavior (full
multi-line descriptions in frontmatter). Default is trim.
splitCatalogDescription() extracts: lead sentence, routing paragraphs,
voice-triggers line, (gstack) tag presence. Short descriptions (<120
chars, already trimmed) are skipped via a guard so re-runs are idempotent.
Measured impact (vs v1.44.1 baseline):
- Catalog tokens (sum of description bytes / 4): 9,319 → 4,045 (-56.6%)
- Total SKILL.md corpus bytes: 2,915 KB → 2,880 KB (-1.2%)
- Routing prose preserved as in-skill "## When to invoke" sections
- 52 skill entries in scripts/proactive-suggestions.json (on-demand registry)
The corpus drop is small because catalog trim MOVES text from frontmatter
to body, it doesn't delete it. The headline win is the catalog: the
always-loaded system prompt surface drops by more than half.
Test plan:
- bun test test/gen-skill-docs.test.ts: 389 pass, 0 fail
- Manual: ship/SKILL.md frontmatter description is now ONE line ending
with `(gstack)`; allowed-tools field on next line (YAML well-formed)
- Manual: scripts/proactive-suggestions.json contains 52 entries
- bun run gen:skill-docs --catalog-mode=full restores legacy behavior
53 files changed (52 SKILL.md across hosts + the new proactive-suggestions.json).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
68 lines
2.5 KiB
Markdown
68 lines
2.5 KiB
Markdown
---
|
|
name: careful
|
|
version: 0.1.0
|
|
description: Safety guardrails for destructive commands. (gstack)
|
|
triggers:
|
|
- be careful
|
|
- warn before destructive
|
|
- safety mode
|
|
allowed-tools:
|
|
- Bash
|
|
- Read
|
|
hooks:
|
|
PreToolUse:
|
|
- matcher: "Bash"
|
|
hooks:
|
|
- type: command
|
|
command: "bash ${CLAUDE_SKILL_DIR}/bin/check-careful.sh"
|
|
statusMessage: "Checking for destructive commands..."
|
|
---
|
|
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly -->
|
|
<!-- Regenerate: bun run gen:skill-docs -->
|
|
|
|
|
|
## When to invoke this skill
|
|
|
|
Warns before rm -rf, DROP TABLE,
|
|
force-push, git reset --hard, kubectl delete, and similar destructive operations.
|
|
User can override each warning. Use when touching prod, debugging live systems,
|
|
or working in a shared environment. Use when asked to "be careful", "safety mode",
|
|
"prod mode", or "careful mode".
|
|
|
|
# /careful — Destructive Command Guardrails
|
|
|
|
Safety mode is now **active**. Every bash command will be checked for destructive
|
|
patterns before running. If a destructive command is detected, you'll be warned
|
|
and can choose to proceed or cancel.
|
|
|
|
```bash
|
|
mkdir -p ~/.gstack/analytics
|
|
echo '{"skill":"careful","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
|
|
```
|
|
|
|
## What's protected
|
|
|
|
| Pattern | Example | Risk |
|
|
|---------|---------|------|
|
|
| `rm -rf` / `rm -r` / `rm --recursive` | `rm -rf /var/data` | Recursive delete |
|
|
| `DROP TABLE` / `DROP DATABASE` | `DROP TABLE users;` | Data loss |
|
|
| `TRUNCATE` | `TRUNCATE orders;` | Data loss |
|
|
| `git push --force` / `-f` | `git push -f origin main` | History rewrite |
|
|
| `git reset --hard` | `git reset --hard HEAD~3` | Uncommitted work loss |
|
|
| `git checkout .` / `git restore .` | `git checkout .` | Uncommitted work loss |
|
|
| `kubectl delete` | `kubectl delete pod` | Production impact |
|
|
| `docker rm -f` / `docker system prune` | `docker system prune -a` | Container/image loss |
|
|
|
|
## Safe exceptions
|
|
|
|
These patterns are allowed without warning:
|
|
- `rm -rf node_modules` / `.next` / `dist` / `__pycache__` / `.cache` / `build` / `.turbo` / `coverage`
|
|
|
|
## How it works
|
|
|
|
The hook reads the command from the tool input JSON, checks it against the
|
|
patterns above, and returns `permissionDecision: "ask"` with a warning message
|
|
if a match is found. You can always override the warning and proceed.
|
|
|
|
To deactivate, end the conversation or start a new one. Hooks are session-scoped.
|