Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
19c4092
chore: upgrade tbd to v0.2.2
claude Jun 2, 2026
25d9f5b
feat: install repren skill to portable + Claude surfaces with pinned uvx
claude Jun 2, 2026
2db3902
feat!: resolve skill install scope with --project/--global (git confi…
claude Jun 2, 2026
00a87bc
docs: surface skill install in --help and lead the README with it
claude Jun 2, 2026
cf246c5
docs: auto-pin doc versions; lead with zero-deps + supply-chain notes
claude Jun 2, 2026
98ba710
docs: use uvx repren@latest in human docs; keep skill runner pinned
claude Jun 2, 2026
9255e4d
skill: make repren the clear default for bulk renames
claude Jun 2, 2026
6367321
skill: use uvx repren@latest; add supply-chain doc; clarify .gitignore
claude Jun 2, 2026
1415fc2
docs: show uvx install form in --help skill hint
claude Jun 2, 2026
dc9e9bd
fix: install skill at repo root; portable scope tests; honest supply-…
claude Jun 2, 2026
4a8b73c
docs: add atomic-ops and agent-skill rows to comparison table
claude Jun 2, 2026
9f94615
refactor: rename claude_skill to agent_skill; minimize em dashes per …
claude Jun 2, 2026
522cd42
fix: handle SIGPIPE so piped output (repren --skill | head) stays quiet
claude Jun 2, 2026
f842610
refactor: hoist stdlib imports (signal, argparse) to module top
claude Jun 2, 2026
f8092ae
docs: use the upcoming 3.1.0 in the exact-pin example
claude Jun 2, 2026
86ccc7d
docs(skill): trim SKILL.md to a routing layer, not a copy of --docs
claude Jun 2, 2026
ec0bda7
docs: cut rhetorical hooks and over-explanation; keep it factual
claude Jun 2, 2026
ff9785b
docs: bold the install callout inside the block quote
claude Jun 2, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
255 changes: 255 additions & 0 deletions .agents/skills/tbd/SKILL.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,255 @@
---
allowed-tools: Bash(tbd:*), Read, Write
description: |-
Git-native issue tracking (beads), coding guidelines, knowledge injection, and spec-driven planning for AI agents. Drop-in replacement for bd/Beads with simpler architecture.
Use for: tracking issues/beads with dependencies, creating bugs/features/tasks, planning specs, implementing features from specs, code reviews, committing code, creating PRs, loading coding guidelines (TypeScript, Python, TDD, golden testing, Convex, monorepo patterns), code cleanup, research briefs, architecture docs, agent handoffs, and checking out third-party library source code.
Invoke when user mentions: tbd, beads, bd, shortcuts, issues, bugs, tasks, features, epics, todo, tracking, specs, planning, implementation, validation, guidelines, templates, commit, PR, pull request, code review, testing, TDD, test-driven, golden testing, snapshot testing, TypeScript, Python, Convex, monorepo, cleanup, dead code, refactor, handoff, research, architecture, labels, search, checkout library, source code review, or any workflow shortcut.
name: tbd
---
<!-- DO NOT EDIT: Generated by tbd setup (format=f04).
Run 'tbd setup' to update.
-->

**`tbd` helps humans and agents ship code with greater speed, quality, and discipline.**

1. **Beads**: Git-native issue tracking (tasks, bugs, features).
Never lose work across sessions.
Drop-in replacement for `bd`.
2. **Spec-Driven Workflows**: Plan features → break into beads → implement
systematically.
3. **Knowledge Injection**: 17+ engineering guidelines (TypeScript, Python, TDD,
testing, Convex, monorepos) available on demand.
4. **Shortcuts**: Reusable instruction templates for common workflows (code review,
commits, PRs, cleanup, handoffs).

## Installation

```bash
npm install -g get-tbd@latest
tbd setup --auto --prefix=<name> # Fresh project (--prefix is REQUIRED: 2-8 alphabetic chars recommended. ALWAYS ASK THE USER FOR THE PREFIX; do not guess it)
tbd setup --auto # Existing tbd project (prefix already set)
tbd setup --from-beads # Migration from .beads/ if `bd` has been used
```

## Routine Commands

```bash
tbd --help # Command reference
tbd status # Status
tbd doctor # If there are problems

tbd setup --auto # Run any time to refresh setup
tbd prime # Restore full context on tbd after compaction
```

## CRITICAL: You Operate tbd — The User Doesn’t

**You are the tbd operator:** Users talk naturally; you translate their requests to tbd
actions. DO NOT tell users to run tbd commands.
That’s your job.

- **WRONG**: “Run `tbd create` to track this bug”

- **RIGHT**: *(you run `tbd create` yourself and tell the user it’s tracked)*

**Welcoming a user:** When users ask “what is tbd?”
or want help → run `tbd shortcut welcome-user`

## User Request → Agent Action

| User Says | You (the Agent) Run |
| --- | --- |
| **Issues/Beads** | |
| “There’s a bug where …” | `tbd create "..." --type=bug` |
| “Create a task/feature for …” | `tbd create "..." --type=task` or `--type=feature` |
| “Let’s work on issues/beads” | `tbd ready` |
| “Show me issue X” | `tbd show <id>` |
| “Close this issue” | `tbd close <id>` |
| “Search issues for X” | `tbd search "X"` |
| “Add label X to issue” | `tbd label add <id> <label>` |
| “What issues are stale?” | `tbd stale` |
| **Planning & Specs** | |
| “Plan a new feature” / “Create a spec” | `tbd shortcut new-plan-spec` |
| “Break spec into beads” | `tbd shortcut plan-implementation-with-beads` |
| “Implement these beads” | `tbd shortcut implement-beads` |
| **Code Review & Commits** | |
| “Review this code” / “Code review” | `tbd shortcut review-code` |
| “Review this PR” | `tbd shortcut review-github-pr` |
| “Commit this” / “Use the commit shortcut” | `tbd shortcut code-review-and-commit` |
| “Create a PR” / “File a PR” | `tbd shortcut create-or-update-pr-simple` |
| “Merge main into my branch” | `tbd shortcut merge-upstream` |
| **Guidelines & Knowledge** | |
| “Use TypeScript best practices” | `tbd guidelines typescript-rules` |
| “Use Python best practices” | `tbd guidelines python-rules` |
| “Build a TypeScript CLI” | `tbd guidelines typescript-cli-tool-rules` |
| “Improve monorepo setup” | `tbd guidelines pnpm-monorepo-patterns` or `bun-monorepo-patterns` |
| “Add golden/e2e testing” | `tbd guidelines golden-testing-guidelines` |
| “Use TDD” / “Test-driven development” | `tbd guidelines general-tdd-guidelines` |
| “Convex best practices” | `tbd guidelines convex-rules` |
| **Documentation** | |
| “Research this topic” | `tbd shortcut new-research-brief` |
| “Document architecture” | `tbd shortcut new-architecture-doc` |
| **Cleanup & Maintenance** | |
| “Clean up this code” / “Remove dead code” | `tbd shortcut code-cleanup-all` |
| “Fix repository problems” | `tbd doctor --fix` |
| **Sessions & Handoffs** | |
| “Hand off to another agent” | `tbd shortcut agent-handoff` |
| “Check out this library’s source” | `tbd shortcut checkout-third-party-repo` |
| *(your choice whenever appropriate)* | `tbd list`, `tbd dep add`, `tbd close`, `tbd sync`, etc. |

**Note:** Never gitignore `.tbd/workspaces/` — the outbox must be committed to your
working branch. See `tbd guidelines tbd-sync-troubleshooting` for details.

## CRITICAL: Session Closing Protocol

**Before saying “done”, you MUST complete this checklist:**

```
[ ] 1. git add + git commit
[ ] 2. git push
[ ] 3. gh pr checks <PR> --watch 2>&1 (IMPORTANT: WAIT for final summary, do NOT tell user it is done until you confirm it passes CI!)
[ ] 4. tbd close/update <id> for all beads worked on
[ ] 5. tbd sync
[ ] 6. CONFIRM CI passed (if failed: fix, run tests, re-push, restart from step 3)
```

**Work is not done until pushed, CI passes, and tbd is synced.**

## Bead Tracking Rules

- Track all task work not done immediately as beads (discovered work, TODOs,
multi-session work)
- When in doubt, create a bead
- Check `tbd ready` when not given specific directions
- Always close/update beads and run `tbd sync` at session end

## Commands

### Finding Work

| Command | Purpose |
| --- | --- |
| `tbd ready` | Beads ready to work (no blockers) |
| `tbd list --status open` | All open beads |
| `tbd list --status in_progress` | Your active work |
| `tbd show <id>` | Bead details with dependencies |

### Creating & Updating

| Command | Purpose |
| --- | --- |
| `tbd create "title" --type=bug --priority=1` | New bead; run `tbd create --help` for all types and priorities (P0-P4, not “high/medium/low”) |
| `tbd update <id> --status in_progress` | Claim work |
| `tbd close <id> [--reason "..."]` | Mark complete |

### Dependencies & Sync

| Command | Purpose |
| --- | --- |
| `tbd dep add <bead> <depends-on>` | Add dependency |
| `tbd blocked` | Show blocked beads |
| `tbd sync` | Sync with git remote (run at session end) |
| `tbd stats` | Project statistics |
| `tbd doctor` | Check for problems |
| `tbd doctor --fix` | Auto-fix repository problems |

### Labels & Search

| Command | Purpose |
| --- | --- |
| `tbd search <query>` | Search issues by text |
| `tbd label add <id> <label>` | Add label to issue |
| `tbd label remove <id> <label>` | Remove label from issue |
| `tbd label list` | List all labels in use |
| `tbd stale` | List issues not updated recently |

### Documentation

| Command | Purpose |
| --- | --- |
| `tbd shortcut <name>` | Run a shortcut |
| `tbd shortcut --list` | List shortcuts |
| `tbd guidelines <name>` | Load coding guidelines |
| `tbd guidelines --list` | List guidelines |
| `tbd template <name>` | Output a template |

## Quick Reference

- **Priority**: P0=critical, P1=high, P2=medium (default), P3=low, P4=backlog
- **Types**: issues default to `task`; run `tbd create --help` for the valid types
- **Status**: open, in_progress, closed
- **JSON output**: Add `--json` to any command

<!-- BEGIN SHORTCUT DIRECTORY -->
## Available Shortcuts

Run `tbd shortcut <name>` to use any of these shortcuts:

| Name | Description |
| --- | --- |
| agent-handoff | Generate a concise handoff prompt for another coding agent to continue work |
| checkout-third-party-repo | Get source code for libraries and third-party repos using git. Essential for reliable source code review. Prefer this to web searches or fetching of web pages from github.com as it is far more effective (github.com blocks web scraping from main website). |
| code-cleanup-all | Full cleanup cycle including duplicate removal, dead code, and code quality improvements |
| code-cleanup-docstrings | Review and add concise docstrings to major functions and types |
| code-cleanup-tests | Review and remove tests that do not add meaningful coverage |
| code-review-and-commit | Run pre-commit checks, review changes, and commit code |
| coding-spike | Prototype to validate a spec through hands-on implementation |
| create-or-update-pr-simple | Create or update a pull request with a concise summary |
| create-or-update-pr-with-validation-plan | Create or update a pull request with a detailed test/validation plan |
| implement-beads | Implement beads from a spec, following TDD and project rules |
| merge-upstream | Merge origin/main into current branch with conflict resolution |
| new-architecture-doc | Create an architecture document for a system or component design |
| new-guideline | Create a new coding guideline document for tbd |
| new-plan-spec | Create a new feature planning specification document |
| new-qa-playbook | Create a QA test playbook for manual validation workflows |
| new-research-brief | Create a research document for investigating a topic or technology |
| new-shortcut | Create a new shortcut (reusable instruction template) for tbd |
| new-validation-plan | Create a validation/test plan showing what’s tested and what remains |
| plan-implementation-with-beads | Create implementation beads from a feature planning spec |
| precommit-process | Full pre-commit checklist including spec sync, code review, and testing |
| review-code | Comprehensive code review for uncommitted changes, branch work, or GitHub PRs |
| review-code-python | Python-focused code review (language-specific rules only) |
| review-code-typescript | TypeScript-focused code review (language-specific rules only) |
| review-github-pr | Review a GitHub pull request with follow-up actions (comment, fix, CI check) |
| revise-all-architecture-docs | Comprehensive revision of all current architecture documents |
| revise-architecture-doc | Update an architecture document to reflect current codebase state |
| setup-github-cli | Ensure GitHub CLI (gh) is installed and working |
| sync-failure-recovery | Handle tbd sync failures by saving to workspace and recovering later |
| update-specs-status | Review active specs and sync their status with tbd issues |
| welcome-user | Welcome message for users after tbd installation or setup |

## Available Guidelines

Run `tbd guidelines <name>` to apply any of these guidelines:

| Name | Description |
| --- | --- |
| backward-compatibility-rules | Guidelines for maintaining backward compatibility across code, APIs, file formats, and database schemas |
| bun-monorepo-patterns | Modern patterns for Bun-based TypeScript monorepo architecture |
| cli-agent-skill-patterns | How to write skills and agent-integrated CLIs that work across Claude Code, Codex, and the broader coding-agent ecosystem—a simple baseline plus references for advanced, multi-subcommand tools |
| commit-conventions | Conventional Commits format with extensions for agentic workflows |
| common-doc-guidelines | Common cross-project standards for writing and organizing docs, code comments, and text files—how to organize, structure, write, and format documents, plus the guideline footer convention. Downstream of github.com/jlevy/practical-prose. Use whenever writing or editing any documentation, README, guideline, or design doc. |
| convex-limits-best-practices | Comprehensive reference for Convex platform limits, workarounds, and performance best practices |
| convex-rules | Guidelines and best practices for building Convex projects, including database schema design, queries, mutations, and real-world examples |
| electron-app-development-patterns | Guidelines for Electron development ecosystems including npm, pnpm, and Bun, with security baselines and framework comparisons |
| error-handling-rules | Rules for handling errors, failures, and exceptional conditions |
| general-coding-rules | Rules for constants, magic numbers, and general coding practices |
| general-comment-rules | Language-agnostic rules for writing clean, maintainable comments |
| general-eng-assistant-rules | Rules for AI assistants acting as senior engineers, including objectivity and communication guidelines |
| general-tdd-guidelines | Test-Driven Development methodology and best practices |
| general-testing-rules | Rules for writing minimal, effective tests with maximum coverage |
| golden-testing-guidelines | Guidelines for implementing golden/snapshot testing for complex systems |
| pnpm-monorepo-patterns | Modern patterns for pnpm-based TypeScript monorepo architecture |
| python-cli-patterns | Modern patterns for Python CLI application architecture |
| python-modern-guidelines | Guidelines for modern Python projects using uv, with a few more opinionated practices |
| python-rules | General Python coding rules and best practices |
| release-notes-guidelines | Guidelines for writing clear, accurate release notes |
| supply-chain-hardening | Strongly recommended for EVERY repo—apply it if a repo has not been hardened yet. Cross-ecosystem policy for installing dependencies safely (the 14-day cool-off, disabled install scripts, lockfile discipline, untrusted-repo handling). Use whenever a user mentions hardening, security, supply chain, or setting up a new repo; before adding/upgrading dependencies; when auditing for compromised packages; or when reviewing install/build/run commands across npm/pnpm, PyPI, Cargo, or Go. |
| tbd-sync-troubleshooting | Common issues and solutions for tbd sync and workspace operations |
| typescript-cli-tool-rules | Rules for building CLI tools with Commander.js, picocolors, and TypeScript |
| typescript-code-coverage | Best practices for code coverage in TypeScript with Vitest and v8 provider |
| typescript-rules | TypeScript coding rules and best practices |
| typescript-sorting-patterns | Deterministic sorting patterns and comparison chains for TypeScript |
| typescript-yaml-handling-rules | Best practices for parsing and serializing YAML in TypeScript |

<!-- END SHORTCUT DIRECTORY -->
123 changes: 123 additions & 0 deletions .codex/ensure-gh-cli.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
#!/bin/bash
# Automated GitHub CLI setup for Claude Code sessions
# This script runs on SessionStart to ensure gh CLI is available and authenticated
#
# Supply-chain policy (see SUPPLY-CHAIN-SECURITY.md): the gh version is PINNED to
# a release at least 14 days old, and every download is verified against a pinned
# SHA-256 checksum. Do NOT change this to fetch "latest" from the API at runtime;
# that bypasses the cool-off window. To bump the pin, pick a release that is >=14
# days old and copy its checksums from:
# https://github.com/cli/cli/releases/download/v<VERSION>/gh_<VERSION>_checksums.txt

set -euo pipefail

# Add common binary locations to PATH
export PATH="$HOME/.local/bin:$HOME/bin:/usr/local/bin:$PATH"

# Pinned gh release (>=14 days old per supply-chain cool-off) and its checksums.
GH_VERSION="2.92.0"

# SHA-256 checksums from gh_2.92.0_checksums.txt, keyed by asset suffix.
checksum_for() {
case "$1" in
linux_amd64.tar.gz) echo "b57848131bdf0c229cd35e1f2a51aa718199858b2e728410b37e89a428943ec4" ;;
linux_arm64.tar.gz) echo "c2248526dd0160c08d3fccca2332c3c1a07c15a78b23978e77735f1b5a18cfee" ;;
macOS_amd64.zip) echo "ae9bb327ab0d91071bdada79f8f14034a2a0f19b0e001835a782eafa519d2af0" ;;
macOS_arm64.zip) echo "b11c54f6bd7d15ed6590475079e5b2fcf36f45d3991a80041b29c9d0cc1f1d07" ;;
*) echo "" ;;
esac
}

# Check if gh is already installed
if command -v gh &> /dev/null; then
echo "[gh] CLI found at $(which gh)"
else
echo "[gh] CLI not found, installing pinned v${GH_VERSION}..."

# Detect platform
OS=$(uname -s | tr '[:upper:]' '[:lower:]')
ARCH=$(uname -m)
[ "$ARCH" = "x86_64" ] && ARCH="amd64"
[ "$ARCH" = "aarch64" ] && ARCH="arm64"

# Build the asset suffix and archive type per platform.
if [ "$OS" = "darwin" ]; then
PLATFORM="macOS_${ARCH}.zip"
ARCHIVE_EXT="zip"
EXTRACT_DIR="/tmp/gh_${GH_VERSION}_macOS_${ARCH}"
else
PLATFORM="${OS}_${ARCH}.tar.gz"
ARCHIVE_EXT="tar.gz"
EXTRACT_DIR="/tmp/gh_${GH_VERSION}_${OS}_${ARCH}"
fi

echo "[gh] Detected platform: ${PLATFORM}"

EXPECTED=$(checksum_for "$PLATFORM")
if [ -z "$EXPECTED" ]; then
echo "[gh] ERROR: no pinned checksum for platform ${PLATFORM}; refusing to install"
echo "[gh] Add the checksum from gh_${GH_VERSION}_checksums.txt to this script"
exit 1
fi

ASSET="gh_${GH_VERSION}_${PLATFORM}"
DOWNLOAD_URL="https://github.com/cli/cli/releases/download/v${GH_VERSION}/${ASSET}"

echo "[gh] Downloading from ${DOWNLOAD_URL}..."
curl -fsSL -o "/tmp/${ASSET}" "$DOWNLOAD_URL"

# Verify the download against the pinned checksum before extracting.
if command -v sha256sum &> /dev/null; then
ACTUAL=$(sha256sum "/tmp/${ASSET}" | awk '{print $1}')
else
ACTUAL=$(shasum -a 256 "/tmp/${ASSET}" | awk '{print $1}')
fi
if [ "$ACTUAL" != "$EXPECTED" ]; then
echo "[gh] ERROR: checksum mismatch for ${ASSET}"
echo "[gh] expected ${EXPECTED}"
echo "[gh] actual ${ACTUAL}"
rm -f "/tmp/${ASSET}"
exit 1
fi
echo "[gh] Checksum verified for ${ASSET}"

# Extract based on archive type
if [ "$ARCHIVE_EXT" = "zip" ]; then
unzip -q "/tmp/${ASSET}" -d /tmp
else
tar -xzf "/tmp/${ASSET}" -C /tmp
fi

# Install to ~/.local/bin (works in cloud and local)
mkdir -p ~/.local/bin
cp "${EXTRACT_DIR}/bin/gh" ~/.local/bin/gh
chmod +x ~/.local/bin/gh

# Clean up
rm -rf "${EXTRACT_DIR}" "/tmp/${ASSET}"

echo "[gh] Installed to ~/.local/bin/gh"
fi

# Verify gh is now in PATH
if ! command -v gh &> /dev/null; then
echo "[gh] ERROR: gh CLI still not found in PATH after installation"
echo "[gh] Ensure ~/.local/bin is in your PATH"
exit 1
fi

# Check authentication status
if [ -n "${GH_TOKEN:-}" ]; then
# GH_TOKEN is set, verify it works
if gh auth status &> /dev/null; then
echo "[gh] Authenticated successfully"
else
echo "[gh] WARNING: GH_TOKEN is set but authentication check failed"
echo "[gh] Token may be invalid or expired"
fi
else
echo "[gh] NOTE: GH_TOKEN not set - some operations may require authentication"
echo "[gh] See: docs/general/agent-setup/github-cli-setup.md"
fi

exit 0
Loading