hai/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-08 21:49:45 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7394b32d92b7f56fc7846b1b65d1adc261cdc91f
gstack/openclaw/skills/gstack-openclaw-retro/SKILL.md
Garry Tan 1211b6b40b community wave: 6 PRs + hardening (v0.18.1.0) (#1028) 
* fix: extend tilde-in-assignment fix to design resolver + 4 skill templates

PR #993 fixed the Claude Code permission prompt for `scripts/resolvers/browse.ts`
and `gstack-upgrade/SKILL.md.tmpl`. Same bug lives in three more places that
weren't on the contributor's branch:

- `scripts/resolvers/design.ts` (3 spots: D=, B=, and _DESIGN_DIR=)
- `design-shotgun/SKILL.md.tmpl` (_DESIGN_DIR=)
- `plan-design-review/SKILL.md.tmpl` (_DESIGN_DIR=)
- `design-consultation/SKILL.md.tmpl` (_DESIGN_DIR=)
- `design-review/SKILL.md.tmpl` (REPORT_DIR=)

Replaces bare `~/` with quoted `"$HOME/..."` in the source-of-truth files, then
regenerates. `grep -rEn '^[A-Za-z_]+=~/' --include="SKILL.md" .` now returns zero
hits across all hosts (claude, codex, cursor, gbrain, hermes).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(openclaw): make native skills codex-friendly (#864)

Normalizes YAML frontmatter on the 4 hand-authored OpenClaw skills so stricter
parsers like Codex can load them. Codex CLI was rejecting these files with
"mapping values are not allowed in this context" on colons inside unquoted
description scalars.

- Drops non-standard `version` and `metadata` fields
- Rewrites descriptions into simple "Use when..." form (no inline colons)
- Adds a regression test enforcing strict frontmatter (name + description only)

Verified live: Codex CLI now loads the skills without errors. Observed during
/codex outside-voice run on the eval-community-prs plan review — Codex stderr
tripped on these exact files, which was real-world confirmation the fix is needed.

Dropped the connect-chrome changes from the original PR (the symlink removal is
out of scope for this fix; keeping connect-chrome -> open-gstack-browser).

Co-Authored-By: Cathryn Lavery <cathrynlavery@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(browse): server persists across Claude Code Bash calls

The browse server was dying between Bash tool invocations in Claude Code
because:

1. SIGTERM: The Claude Code sandbox sends SIGTERM to all child processes
   when a Bash command completes. The server received this and called
   shutdown(), deleting the state file and exiting.

2. Parent watchdog: The server polls BROWSE_PARENT_PID every 15s. When
   the parent Bash shell exits (killed by sandbox), the watchdog detected
   it and called shutdown().

Both mechanisms made it impossible to use the browse tool across multiple
Bash calls — every new `$B` invocation started a fresh server with no
cookies, no page state, and no tabs.

Fix:
- SIGTERM handler: log and ignore instead of shutdown. Explicit shutdown
  is still available via the /stop command or SIGINT (Ctrl+C).
- Parent watchdog: log once and continue instead of shutdown. The existing
  idle timeout (30 min) handles eventual cleanup.

The /stop command and SIGINT still work for intentional shutdown. Windows
behavior is unchanged (uses taskkill /F which bypasses signal handlers).

Tested: browse server survives across 5+ separate Bash tool calls in
Claude Code, maintaining cookies, page state, and navigation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(browse): gate #994 SIGTERM-ignore to normal mode only

PR #994 made browse persist across Claude Code Bash calls by ignoring SIGTERM
and parent-PID death, relying on the 30-min idle timeout for eventual cleanup.

Codex outside-voice review caught that the idle timeout doesn't apply in two
modes: headed mode (/open-gstack-browser) and tunnel mode (/pair-agent). Both
early-return from idleCheckInterval. Combined with #994's ignore-SIGTERM, those
sessions would leak forever after the user disconnects — a real resource leak on
shared machines where multiple /pair-agent sessions come and go.

Fix: gate SIGTERM-ignore and parent-PID-watchdog-ignore to normal (headless) mode
only. Headed + tunnel modes respect both signals and shutdown cleanly. Idle
timeout behavior unchanged.

Also documents the deliberate contract change for future contributors — don't
re-add global SIGTERM shutdown thinking it's missing; it's intentionally scoped.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix: keep cookie picker alive after cli exits

Fixes garrytan/gstack#985

* fix: add opencode setup support

* feat(browse): add Windows browser path detection and DPAPI cookie decryption

- Extend BrowserPlatform to include win32
- Add windowsDataDir to BrowserInfo; populate for Chrome, Edge, Brave, Chromium
- getBaseDir('win32') → ~/AppData/Local
- findBrowserMatch checks Network/Cookies first on Windows (Chrome 80+)
- Add getWindowsAesKey() reading os_crypt.encrypted_key from Local State JSON
- Add dpapiDecrypt() via PowerShell ProtectedData.Unprotect (stdin/stdout)
- decryptCookieValue branches on platform: AES-256-GCM (Windows) vs AES-128-CBC (mac/linux)
- Fix hardcoded /tmp → TEMP_DIR from platform.ts in openDbFromCopy

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix(browse): Windows cookie import — profile discovery, v20 detection, CDP fallback

Three bugs fixed in cookie-import-browser.ts:
- listProfiles() and findInstalledBrowsers() now check Network/Cookies on Windows
  (Chrome 80+ moved cookies from profile/Cookies to profile/Network/Cookies)
- openDb() always uses copy-then-read on Windows (Chrome holds exclusive locks)
- decryptCookieValue() detects v20 App-Bound Encryption with specific error code

Added CDP-based extraction fallback (importCookiesViaCdp) for v20 cookies:
- Launches Chrome headless with --remote-debugging-port on the real profile
- Extracts cookies via Network.getAllCookies over CDP WebSocket
- Requires Chrome to be closed (v20 keys are path-bound to user-data-dir)
- Both cookie picker UI and CLI direct-import paths auto-fall back to CDP

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(browse): document CDP debug port security + log Chrome version on v20 fallback

Follow-up to #892 per Codex outside-voice review. Two small additions to the
Windows v20 App-Bound Encryption CDP fallback:

1. Inline comment documenting the deliberate security posture of the
   --remote-debugging-port. Chrome binds it to 127.0.0.1 by default, so the
   threat model is local-user-only (which is no worse than baseline — local
   attackers can already read the cookie DB). Random port 9222-9321 is for
   collision avoidance, not security. Chrome is always killed in finally.

2. One-time Chrome version log on CDP entry via /json/version. When Chrome
   inevitably changes v20 key format or /json/list shape in a future major
   version, logs will show exactly which version users are hitting.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* chore: v0.18.1.0 — community wave (6 PRs + hardening)

VERSION bump + users-first CHANGELOG entry for the wave:
- #993 tilde-in-assignment fix (byliu-labs)
- #994 browse server persists across Bash calls (joelgreen)
- #996 cookie picker alive after cli exits (voidborne-d)
- #864 OpenClaw skills codex-friendly (cathrynlavery)
- #982 OpenCode native setup (breakneo)
- #892 Windows cookie import + DPAPI + v20 CDP fallback (msr-hickory)

Plus 3 follow-up hardening commits we own:
- Extended tilde fix to design resolver + 4 more skill templates
- Gated #994 SIGTERM-ignore to normal mode only (headed/tunnel preserve shutdown)
- Documented CDP debug port security + log Chrome version on v20 fallback

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix: review pass — package.json version, import dedup, error context, stale help

Findings from /review on the wave PR:

- [P1] package.json version was 0.18.0.1 but VERSION is 0.18.1.0, failing
  test/gen-skill-docs.test.ts:177 "package.json version matches VERSION file".
  Bumped package.json to 0.18.1.0.
- [P2] Duplicate import of cookie-picker-routes in browse/src/server.ts
  (handleCookiePickerRoute at line 20 + hasActivePicker at line 792). Merged
  into single import at top.
- [P2] cookie-import-browser.ts:494 generic rethrow loses underlying error.
  Now preserves the message so "ENOENT" vs "JSON parse error" vs "permission
  denied" are distinguishable in user output.
- [P3] setup:46 "Missing value for --host" error message listed an incomplete
  set of hosts (missing factory, openclaw, hermes, gbrain). Aligned with the
  "Unknown value" error on line 94.

Kept as-is (not real issues):
- cookie-import-browser.ts:869 empty catch on Chrome version fetch is the
  correct pattern for best-effort diagnostics (per slop-scan philosophy in
  CLAUDE.md — fire-and-forget failures shouldn't throw).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* test(watchdog): invert test 3 to match merged #994 behavior

main #1025 added browse/test/watchdog.test.ts with test 3 expecting the old
"watchdog kills server when parent dies" behavior. The merge with this
branch's #994 inverted that semantic — the server now STAYS ALIVE on parent
death in normal headless mode (multi-step QA across Claude Code Bash calls
depends on this).

Changes:
- Renamed test 3 from "watchdog fires when parent dies" to "server STAYS ALIVE
  when parent dies (#994)".
- Replaced 25s shutdown poll with 20s observation window asserting the server
  remains alive after the watchdog tick.
- Updated docstring to document all 3 watchdog invariants (env-var disable,
  headed-mode disable, headless persists) and note tunnel-mode coverage gap.

Verification: bun test browse/test/watchdog.test.ts → 3 pass, 0 fail (22.7s).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(ci): switch apt mirror to Hetzner to bypass Ubicloud → archive.ubuntu.com timeouts

Both build attempts of `.github/docker/Dockerfile.ci` failed at
`apt-get update` with persistent connection timeouts to archive.ubuntu.com:80
and security.ubuntu.com:80 — 90+ seconds of "connection timed out" against
every Ubuntu IP. Not a transient blip; this PR doesn't touch the Dockerfile,
and a re-run reproduced the same failure across all 9 mirror IPs.

Root cause: Ubicloud runners (Hetzner FSN1-DC21 per runner output) have
unreliable HTTP-port-80 routing to Ubuntu's official archive endpoints.

Fix:
- Rewrite /etc/apt/sources.list.d/ubuntu.sources (deb822 format in 24.04)
  to use https://mirror.hetzner.com/ubuntu/packages instead. Hetzner's
  mirror is publicly accessible from any cloud (not Hetzner-only despite
  the name) and route-local for Ubicloud's actual host. Solves both
  reliability and latency.
- Add a 3-attempt retry loop around both `apt-get update` calls as
  belt-and-suspenders. Even Hetzner's mirror can have brief blips, and the
  retry costs nothing when the first attempt succeeds.

Verification: the workflow will rebuild on push. Local `docker build` not
practical for a 12-step image with bun + claude + playwright deps + a 10-min
cold install. Trusting CI.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(ci): use HTTP for Hetzner apt mirror (base image lacks ca-certificates)

Previous commit switched to https://mirror.hetzner.com/... which proved the
mirror is reachable and routes correctly (no more 90s timeouts), but exposed
a chicken-and-egg: ubuntu:24.04 ships without ca-certificates, and that's
exactly the package we're installing. Result: "No system certificates
available. Try installing ca-certificates."

Fix: use http:// for the Hetzner mirror. Apt's security model verifies
package integrity via GPG-signed Release files, not TLS, so HTTP here is
no weaker than the upstream defaults (Ubuntu's official sources also
default to HTTP for the same reason).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Cathryn Lavery <cathrynlavery@users.noreply.github.com>
Co-authored-by: Joel Green <thejoelgreen@gmail.com>
Co-authored-by: d 🔹 <258577966+voidborne-d@users.noreply.github.com>
Co-authored-by: Break <breakneo@gmail.com>
Co-authored-by: Michael Spitzer-Rubenstein <msr.ext@hickory.ai>
2026-04-17 00:45:13 -07:00

9.5 KiB
Raw Blame History

name, description
name description
gstack-openclaw-retro Weekly engineering retrospective. Analyzes commit history, work patterns, and code quality metrics with persistent history and trend tracking. Team-aware with per-person contributions, praise, and growth areas. Use when asked for weekly retro, what shipped this week, or engineering retrospective.

Weekly Engineering Retrospective

Generates a comprehensive engineering retrospective analyzing commit history, work patterns, and code quality metrics. Team-aware: identifies the user running the command, then analyzes every contributor with per-person praise and growth opportunities.

Arguments

  • Default: last 7 days
  • 24h: last 24 hours
  • 14d: last 14 days
  • 30d: last 30 days
  • compare: compare current window vs prior same-length window

Instructions

Parse the argument to determine the time window. Default to 7 days. All times should be reported in the user's local timezone.

Midnight-aligned windows: For day units, compute an absolute start date at local midnight. For example, if today is 2026-03-18 and the window is 7 days, the start date is 2026-03-11. Use --since="2026-03-11T00:00:00" for git log queries. For hour units, use --since="N hours ago".

Step 1: Gather Raw Data

First, fetch origin and identify the current user:

git fetch origin main --quiet
git config user.name
git config user.email

The name returned by git config user.name is "you" ... the person reading this retro. All other authors are teammates.

Run ALL of these git commands (they are independent):

# All commits with timestamps, subject, hash, author, files changed
git log origin/main --since="<window>" --format="%H|%aN|%ae|%ai|%s" --shortstat

# Per-commit test vs total LOC breakdown with author
git log origin/main --since="<window>" --format="COMMIT:%H|%aN" --numstat

# Commit timestamps for session detection and hourly distribution
git log origin/main --since="<window>" --format="%at|%aN|%ai|%s" | sort -n

# Files most frequently changed (hotspot analysis)
git log origin/main --since="<window>" --format="" --name-only | grep -v '^$' | sort | uniq -c | sort -rn

# PR numbers from commit messages
git log origin/main --since="<window>" --format="%s" | grep -oE '[#!][0-9]+' | sort -t'#' -k1 | uniq

# Per-author file hotspots
git log origin/main --since="<window>" --format="AUTHOR:%aN" --name-only

# Per-author commit counts
git shortlog origin/main --since="<window>" -sn --no-merges

# Test file count
find . -name '*.test.*' -o -name '*.spec.*' -o -name '*_test.*' -o -name '*_spec.*' 2>/dev/null | grep -v node_modules | wc -l

# Test files changed in window
git log origin/main --since="<window>" --format="" --name-only | grep -E '\.(test|spec)\.' | sort -u | wc -l

Step 2: Compute Metrics

Calculate and present these metrics in a summary:

  • Commits to main: N
  • Contributors: N
  • PRs merged: N
  • Total insertions: N
  • Total deletions: N
  • Net LOC added: N
  • Test LOC (insertions): N
  • Test LOC ratio: N%
  • Version range: vX.Y.Z → vX.Y.Z
  • Active days: N
  • Detected sessions: N
  • Avg LOC/session-hour: N

Then show a per-author leaderboard immediately below:

Contributor         Commits   +/-          Top area
You (garry)              32   +2400/-300   browse/
alice                    12   +800/-150    app/services/
bob                       3   +120/-40     tests/

Sort by commits descending. The current user always appears first, labeled "You (name)".

Step 3: Commit Time Distribution

Show hourly histogram in local time:

Hour  Commits  ████████████████
 00:    4      ████
 07:    5      █████
 ...

Identify:

  • Peak hours
  • Dead zones
  • Bimodal pattern (morning/evening) vs continuous
  • Late-night coding clusters (after 10pm)

Step 4: Work Session Detection

Detect sessions using 45-minute gap threshold between consecutive commits.

Classify sessions:

  • Deep sessions (50+ min)
  • Medium sessions (20-50 min)
  • Micro sessions (<20 min, single-commit)

Calculate:

  • Total active coding time
  • Average session length
  • LOC per hour of active time

Step 5: Commit Type Breakdown

Categorize by conventional commit prefix (feat/fix/refactor/test/chore/docs). Show as percentage bar:

feat:     20  (40%)  ████████████████████
fix:      27  (54%)  ███████████████████████████
refactor:  2  ( 4%)  ██

Flag if fix ratio exceeds 50% ... signals a "ship fast, fix fast" pattern that may indicate review gaps.

Step 6: Hotspot Analysis

Show top 10 most-changed files. Flag:

  • Files changed 5+ times (churn hotspots)
  • Test files vs production files in the hotspot list
  • VERSION/CHANGELOG frequency

Step 7: PR Size Distribution

Estimate PR sizes and bucket them:

  • Small (<100 LOC)
  • Medium (100-500 LOC)
  • Large (500-1500 LOC)
  • XL (1500+ LOC)

Step 8: Focus Score + Ship of the Week

Focus score: Percentage of commits touching the single most-changed top-level directory. Higher = deeper focused work. Lower = scattered context-switching.

Ship of the week: The single highest-LOC PR in the window. Highlight PR number, LOC changed, and why it matters.

Step 9: Team Member Analysis

For each contributor (including the current user), compute:

  1. Commits and LOC ... total commits, insertions, deletions, net LOC
  2. Areas of focus ... which directories/files they touched most (top 3)
  3. Commit type mix ... their personal feat/fix/refactor/test breakdown
  4. Session patterns ... when they code (peak hours), session count
  5. Test discipline ... their personal test LOC ratio
  6. Biggest ship ... their single highest-impact commit or PR

For the current user ("You"): Deepest treatment. Include all session analysis, time patterns, focus score. Frame in first person.

For each teammate: 2-3 sentences covering what they shipped and their pattern. Then:

  • Praise (1-2 specific things): Anchor in actual commits. Not "great work" ... say exactly what was good.
  • Opportunity for growth (1 specific thing): Frame as leveling-up, not criticism. Anchor in actual data.

If solo repo: Skip team breakdown.

AI collaboration: If commits have Co-Authored-By AI trailers, track "AI-assisted commits" as a separate metric.

Step 10: Week-over-Week Trends (if window >= 14d)

Split into weekly buckets and show trends:

  • Commits per week (total and per-author)
  • LOC per week
  • Test ratio per week
  • Fix ratio per week
  • Session count per week

Step 11: Streak Tracking

Count consecutive days with at least 1 commit, going back from today:

# Team streak
git log origin/main --format="%ad" --date=format:"%Y-%m-%d" | sort -u

# Personal streak
git log origin/main --author="<user_name>" --format="%ad" --date=format:"%Y-%m-%d" | sort -u

Display both:

  • "Team shipping streak: 47 consecutive days"
  • "Your shipping streak: 32 consecutive days"

Step 12: Load History & Compare

Check for prior retro history in memory/:

If prior retros exist, load the most recent one and calculate deltas:

                    Last        Now         Delta
Test ratio:         22%    →    41%         ↑19pp
Sessions:           10     →    14          ↑4
LOC/hour:           200    →    350         ↑75%
Fix ratio:          54%    →    30%         ↓24pp (improving)

If no prior retros exist, note "First retro recorded, run again next week to see trends."

Step 13: Save Retro History

Save a JSON snapshot to memory/retro-YYYY-MM-DD.json with metrics, authors, version range, streak, and tweetable summary.

Step 14: Write the Narrative

Format for Telegram (bullets, bold, no markdown tables in the final output).

Structure:

Tweetable summary (first line):

Week of Mar 1: 47 commits (3 contributors), 3.2k LOC, 38% tests, 12 PRs, peak: 10pm | Streak: 47d

Then sections:

  • Summary ... key metrics
  • Trends vs Last Retro ... deltas (skip if first retro)
  • Time & Session Patterns ... when the team codes, session lengths, deep vs micro
  • Shipping Velocity ... commit types, PR sizes, fix-chain detection
  • Code Quality Signals ... test ratio, hotspots, churn
  • Focus & Highlights ... focus score, ship of the week
  • Your Week ... personal deep-dive for the current user
  • Team Breakdown ... per-teammate analysis with praise + growth (skip if solo)
  • Top 3 Team Wins ... highest-impact things shipped
  • 3 Things to Improve ... specific, actionable, anchored in commits
  • 3 Habits for Next Week ... small, practical, realistic (<5 min to adopt)

Compare Mode

When the user says "compare":

  • Run the retro for the current window
  • Run the retro for the prior same-length window
  • Present side-by-side metrics with arrows showing improvement/regression
  • Brief narrative on biggest changes

Important Rules

  • All times in local timezone. Never set TZ.
  • Format for Telegram. Use bullets and bold. Avoid markdown tables in the final output.
  • Praise anchored in commits. Never say "great work" without naming what was good.
  • Growth areas anchored in data. Never criticize without evidence.
  • Save history. Every retro saves to memory/ for trend tracking.
  • Completion status:
    • DONE ... retro generated, history saved
    • DONE_WITH_CONCERNS ... generated but missing data (e.g., no prior retros for comparison)
    • BLOCKED ... not in a git repo or no commits in window
Reference in New Issue View Git Blame Copy Permalink