diff --git a/.gitignore b/.gitignore index 09c8946..faba2a4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,4 @@ -# 忽略所有文件 -* - -# 但显式跟踪这些目录和文件 -!memories/ -!skills/ -!sync.sh -!.gitignore - -# 忽略锁文件和日志 -memories/*.lock -skills/*.lock +*.lock *.log +__pycache__/ +*.pyc diff --git a/memories/MEMORY.md b/memories/MEMORY.md new file mode 100644 index 0000000..69a9de7 --- /dev/null +++ b/memories/MEMORY.md @@ -0,0 +1,29 @@ +飞书 MCP 应用凭证(MoMix): +- App ID: cli_a9ba63e5efb81cee +- App Secret: ndz2SWe7njl6x9fsqlheAYFHgDV4BpWM +注意:这是 Feishu-MCP (cso1z/Feishu-MCP) 专用的应用凭证,不是对话 Bot 的凭证 +§ +Gitea 配置: +- URL: https://d.momix.cc +- 用户名: Mixer +- Email: moremix201@gmail.com +- API Token: 2815e3176978470a78a96dcb33af7d4b106ed03e +- 当前只有1个仓库: Mixer/LVDK-AI-WorkSpace +- 用户需要学习如何用git push上传项目到Gitea +§ +Gitea 配置信息: +- URL: https://d.momix.cc +- 用户名: Mixer +- Email: moremix201@gmail.com +- API Token: 2815e3176978470a78a96dcb33af7d4b106ed03e +- 已有仓库: Mixer/LVDK-AI-WorkSpace +- 用户需要学习如何用git push上传项目到Gitea +§ +RackNerd VPS (New Year Special): +- Label: racknerd-7f47f56 +- IP: 107.172.100.22 +- SSH Port: 22 +- Username: root +- Root Password: Zg58Mb73C4ueHFYhq3 +- 已安装 hermes agent +- 问题: Telegram 对话失联无响应 \ No newline at end of file diff --git a/skills/github/DESCRIPTION.md b/skills/github/DESCRIPTION.md new file mode 100644 index 0000000..a01a258 --- /dev/null +++ b/skills/github/DESCRIPTION.md @@ -0,0 +1,3 @@ +--- +description: GitHub workflow skills for managing repositories, pull requests, code reviews, issues, and CI/CD pipelines using the gh CLI and git via terminal. +--- diff --git a/skills/github/codebase-inspection/SKILL.md b/skills/github/codebase-inspection/SKILL.md new file mode 100644 index 0000000..6954ad8 --- /dev/null +++ b/skills/github/codebase-inspection/SKILL.md @@ -0,0 +1,115 @@ +--- +name: codebase-inspection +description: Inspect and analyze codebases using pygount for LOC counting, language breakdown, and code-vs-comment ratios. Use when asked to check lines of code, repo size, language composition, or codebase stats. +version: 1.0.0 +author: Hermes Agent +license: MIT +metadata: + hermes: + tags: [LOC, Code Analysis, pygount, Codebase, Metrics, Repository] + related_skills: [github-repo-management] +prerequisites: + commands: [pygount] +--- + +# Codebase Inspection with pygount + +Analyze repositories for lines of code, language breakdown, file counts, and code-vs-comment ratios using `pygount`. + +## When to Use + +- User asks for LOC (lines of code) count +- User wants a language breakdown of a repo +- User asks about codebase size or composition +- User wants code-vs-comment ratios +- General "how big is this repo" questions + +## Prerequisites + +```bash +pip install --break-system-packages pygount 2>/dev/null || pip install pygount +``` + +## 1. Basic Summary (Most Common) + +Get a full language breakdown with file counts, code lines, and comment lines: + +```bash +cd /path/to/repo +pygount --format=summary \ + --folders-to-skip=".git,node_modules,venv,.venv,__pycache__,.cache,dist,build,.next,.tox,.eggs,*.egg-info" \ + . +``` + +**IMPORTANT:** Always use `--folders-to-skip` to exclude dependency/build directories, otherwise pygount will crawl them and take a very long time or hang. + +## 2. Common Folder Exclusions + +Adjust based on the project type: + +```bash +# Python projects +--folders-to-skip=".git,venv,.venv,__pycache__,.cache,dist,build,.tox,.eggs,.mypy_cache" + +# JavaScript/TypeScript projects +--folders-to-skip=".git,node_modules,dist,build,.next,.cache,.turbo,coverage" + +# General catch-all +--folders-to-skip=".git,node_modules,venv,.venv,__pycache__,.cache,dist,build,.next,.tox,vendor,third_party" +``` + +## 3. Filter by Specific Language + +```bash +# Only count Python files +pygount --suffix=py --format=summary . + +# Only count Python and YAML +pygount --suffix=py,yaml,yml --format=summary . +``` + +## 4. Detailed File-by-File Output + +```bash +# Default format shows per-file breakdown +pygount --folders-to-skip=".git,node_modules,venv" . + +# Sort by code lines (pipe through sort) +pygount --folders-to-skip=".git,node_modules,venv" . | sort -t$'\t' -k1 -nr | head -20 +``` + +## 5. Output Formats + +```bash +# Summary table (default recommendation) +pygount --format=summary . + +# JSON output for programmatic use +pygount --format=json . + +# Pipe-friendly: Language, file count, code, docs, empty, string +pygount --format=summary . 2>/dev/null +``` + +## 6. Interpreting Results + +The summary table columns: +- **Language** — detected programming language +- **Files** — number of files of that language +- **Code** — lines of actual code (executable/declarative) +- **Comment** — lines that are comments or documentation +- **%** — percentage of total + +Special pseudo-languages: +- `__empty__` — empty files +- `__binary__` — binary files (images, compiled, etc.) +- `__generated__` — auto-generated files (detected heuristically) +- `__duplicate__` — files with identical content +- `__unknown__` — unrecognized file types + +## Pitfalls + +1. **Always exclude .git, node_modules, venv** — without `--folders-to-skip`, pygount will crawl everything and may take minutes or hang on large dependency trees. +2. **Markdown shows 0 code lines** — pygount classifies all Markdown content as comments, not code. This is expected behavior. +3. **JSON files show low code counts** — pygount may count JSON lines conservatively. For accurate JSON line counts, use `wc -l` directly. +4. **Large monorepos** — for very large repos, consider using `--suffix` to target specific languages rather than scanning everything. diff --git a/skills/github/github-auth/SKILL.md b/skills/github/github-auth/SKILL.md new file mode 100644 index 0000000..ea8f369 --- /dev/null +++ b/skills/github/github-auth/SKILL.md @@ -0,0 +1,246 @@ +--- +name: github-auth +description: Set up GitHub authentication for the agent using git (universally available) or the gh CLI. Covers HTTPS tokens, SSH keys, credential helpers, and gh auth — with a detection flow to pick the right method automatically. +version: 1.1.0 +author: Hermes Agent +license: MIT +metadata: + hermes: + tags: [GitHub, Authentication, Git, gh-cli, SSH, Setup] + related_skills: [github-pr-workflow, github-code-review, github-issues, github-repo-management] +--- + +# GitHub Authentication Setup + +This skill sets up authentication so the agent can work with GitHub repositories, PRs, issues, and CI. It covers two paths: + +- **`git` (always available)** — uses HTTPS personal access tokens or SSH keys +- **`gh` CLI (if installed)** — richer GitHub API access with a simpler auth flow + +## Detection Flow + +When a user asks you to work with GitHub, run this check first: + +```bash +# Check what's available +git --version +gh --version 2>/dev/null || echo "gh not installed" + +# Check if already authenticated +gh auth status 2>/dev/null || echo "gh not authenticated" +git config --global credential.helper 2>/dev/null || echo "no git credential helper" +``` + +**Decision tree:** +1. If `gh auth status` shows authenticated → you're good, use `gh` for everything +2. If `gh` is installed but not authenticated → use "gh auth" method below +3. If `gh` is not installed → use "git-only" method below (no sudo needed) + +--- + +## Method 1: Git-Only Authentication (No gh, No sudo) + +This works on any machine with `git` installed. No root access needed. + +### Option A: HTTPS with Personal Access Token (Recommended) + +This is the most portable method — works everywhere, no SSH config needed. + +**Step 1: Create a personal access token** + +Tell the user to go to: **https://github.com/settings/tokens** + +- Click "Generate new token (classic)" +- Give it a name like "hermes-agent" +- Select scopes: + - `repo` (full repository access — read, write, push, PRs) + - `workflow` (trigger and manage GitHub Actions) + - `read:org` (if working with organization repos) +- Set expiration (90 days is a good default) +- Copy the token — it won't be shown again + +**Step 2: Configure git to store the token** + +```bash +# Set up the credential helper to cache credentials +# "store" saves to ~/.git-credentials in plaintext (simple, persistent) +git config --global credential.helper store + +# Now do a test operation that triggers auth — git will prompt for credentials +# Username: +# Password: +git ls-remote https://github.com//.git +``` + +After entering credentials once, they're saved and reused for all future operations. + +**Alternative: cache helper (credentials expire from memory)** + +```bash +# Cache in memory for 8 hours (28800 seconds) instead of saving to disk +git config --global credential.helper 'cache --timeout=28800' +``` + +**Alternative: set the token directly in the remote URL (per-repo)** + +```bash +# Embed token in the remote URL (avoids credential prompts entirely) +git remote set-url origin https://:@github.com//.git +``` + +**Step 3: Configure git identity** + +```bash +# Required for commits — set name and email +git config --global user.name "Their Name" +git config --global user.email "their-email@example.com" +``` + +**Step 4: Verify** + +```bash +# Test push access (this should work without any prompts now) +git ls-remote https://github.com//.git + +# Verify identity +git config --global user.name +git config --global user.email +``` + +### Option B: SSH Key Authentication + +Good for users who prefer SSH or already have keys set up. + +**Step 1: Check for existing SSH keys** + +```bash +ls -la ~/.ssh/id_*.pub 2>/dev/null || echo "No SSH keys found" +``` + +**Step 2: Generate a key if needed** + +```bash +# Generate an ed25519 key (modern, secure, fast) +ssh-keygen -t ed25519 -C "their-email@example.com" -f ~/.ssh/id_ed25519 -N "" + +# Display the public key for them to add to GitHub +cat ~/.ssh/id_ed25519.pub +``` + +Tell the user to add the public key at: **https://github.com/settings/keys** +- Click "New SSH key" +- Paste the public key content +- Give it a title like "hermes-agent-" + +**Step 3: Test the connection** + +```bash +ssh -T git@github.com +# Expected: "Hi ! You've successfully authenticated..." +``` + +**Step 4: Configure git to use SSH for GitHub** + +```bash +# Rewrite HTTPS GitHub URLs to SSH automatically +git config --global url."git@github.com:".insteadOf "https://github.com/" +``` + +**Step 5: Configure git identity** + +```bash +git config --global user.name "Their Name" +git config --global user.email "their-email@example.com" +``` + +--- + +## Method 2: gh CLI Authentication + +If `gh` is installed, it handles both API access and git credentials in one step. + +### Interactive Browser Login (Desktop) + +```bash +gh auth login +# Select: GitHub.com +# Select: HTTPS +# Authenticate via browser +``` + +### Token-Based Login (Headless / SSH Servers) + +```bash +echo "" | gh auth login --with-token + +# Set up git credentials through gh +gh auth setup-git +``` + +### Verify + +```bash +gh auth status +``` + +--- + +## Using the GitHub API Without gh + +When `gh` is not available, you can still access the full GitHub API using `curl` with a personal access token. This is how the other GitHub skills implement their fallbacks. + +### Setting the Token for API Calls + +```bash +# Option 1: Export as env var (preferred — keeps it out of commands) +export GITHUB_TOKEN="" + +# Then use in curl calls: +curl -s -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/user +``` + +### Extracting the Token from Git Credentials + +If git credentials are already configured (via credential.helper store), the token can be extracted: + +```bash +# Read from git credential store +grep "github.com" ~/.git-credentials 2>/dev/null | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|' +``` + +### Helper: Detect Auth Method + +Use this pattern at the start of any GitHub workflow: + +```bash +# Try gh first, fall back to git + curl +if command -v gh &>/dev/null && gh auth status &>/dev/null; then + echo "AUTH_METHOD=gh" +elif [ -n "$GITHUB_TOKEN" ]; then + echo "AUTH_METHOD=curl" +elif [ -f ~/.hermes/.env ] && grep -q "^GITHUB_TOKEN=" ~/.hermes/.env; then + export GITHUB_TOKEN=$(grep "^GITHUB_TOKEN=" ~/.hermes/.env | head -1 | cut -d= -f2 | tr -d '\n\r') + echo "AUTH_METHOD=curl" +elif grep -q "github.com" ~/.git-credentials 2>/dev/null; then + export GITHUB_TOKEN=$(grep "github.com" ~/.git-credentials | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|') + echo "AUTH_METHOD=curl" +else + echo "AUTH_METHOD=none" + echo "Need to set up authentication first" +fi +``` + +--- + +## Troubleshooting + +| Problem | Solution | +|---------|----------| +| `git push` asks for password | GitHub disabled password auth. Use a personal access token as the password, or switch to SSH | +| `remote: Permission to X denied` | Token may lack `repo` scope — regenerate with correct scopes | +| `fatal: Authentication failed` | Cached credentials may be stale — run `git credential reject` then re-authenticate | +| `ssh: connect to host github.com port 22: Connection refused` | Try SSH over HTTPS port: add `Host github.com` with `Port 443` and `Hostname ssh.github.com` to `~/.ssh/config` | +| Credentials not persisting | Check `git config --global credential.helper` — must be `store` or `cache` | +| Multiple GitHub accounts | Use SSH with different keys per host alias in `~/.ssh/config`, or per-repo credential URLs | +| `gh: command not found` + no sudo | Use git-only Method 1 above — no installation needed | diff --git a/skills/github/github-auth/scripts/gh-env.sh b/skills/github/github-auth/scripts/gh-env.sh new file mode 100755 index 0000000..043c6b5 --- /dev/null +++ b/skills/github/github-auth/scripts/gh-env.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash +# GitHub environment detection helper for Hermes Agent skills. +# +# Usage (via terminal tool): +# source skills/github/github-auth/scripts/gh-env.sh +# +# After sourcing, these variables are set: +# GH_AUTH_METHOD - "gh", "curl", or "none" +# GITHUB_TOKEN - personal access token (set if method is "curl") +# GH_USER - GitHub username +# GH_OWNER - repo owner (only if inside a git repo with a github remote) +# GH_REPO - repo name (only if inside a git repo with a github remote) +# GH_OWNER_REPO - owner/repo (only if inside a git repo with a github remote) + +# --- Auth detection --- + +GH_AUTH_METHOD="none" +GITHUB_TOKEN="${GITHUB_TOKEN:-}" +GH_USER="" + +if command -v gh &>/dev/null && gh auth status &>/dev/null 2>&1; then + GH_AUTH_METHOD="gh" + GH_USER=$(gh api user --jq '.login' 2>/dev/null) +elif [ -n "$GITHUB_TOKEN" ]; then + GH_AUTH_METHOD="curl" +elif [ -f "$HOME/.hermes/.env" ] && grep -q "^GITHUB_TOKEN=" "$HOME/.hermes/.env" 2>/dev/null; then + GITHUB_TOKEN=$(grep "^GITHUB_TOKEN=" "$HOME/.hermes/.env" | head -1 | cut -d= -f2 | tr -d '\n\r') + if [ -n "$GITHUB_TOKEN" ]; then + GH_AUTH_METHOD="curl" + fi +elif [ -f "$HOME/.git-credentials" ] && grep -q "github.com" "$HOME/.git-credentials" 2>/dev/null; then + GITHUB_TOKEN=$(grep "github.com" "$HOME/.git-credentials" | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|') + if [ -n "$GITHUB_TOKEN" ]; then + GH_AUTH_METHOD="curl" + fi +fi + +# Resolve username for curl method +if [ "$GH_AUTH_METHOD" = "curl" ] && [ -z "$GH_USER" ]; then + GH_USER=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/user 2>/dev/null \ + | python3 -c "import sys,json; print(json.load(sys.stdin).get('login',''))" 2>/dev/null) +fi + +# --- Repo detection (if inside a git repo with a GitHub remote) --- + +GH_OWNER="" +GH_REPO="" +GH_OWNER_REPO="" + +_remote_url=$(git remote get-url origin 2>/dev/null) +if [ -n "$_remote_url" ] && echo "$_remote_url" | grep -q "github.com"; then + GH_OWNER_REPO=$(echo "$_remote_url" | sed -E 's|.*github\.com[:/]||; s|\.git$||') + GH_OWNER=$(echo "$GH_OWNER_REPO" | cut -d/ -f1) + GH_REPO=$(echo "$GH_OWNER_REPO" | cut -d/ -f2) +fi +unset _remote_url + +# --- Summary --- + +echo "GitHub Auth: $GH_AUTH_METHOD" +[ -n "$GH_USER" ] && echo "User: $GH_USER" +[ -n "$GH_OWNER_REPO" ] && echo "Repo: $GH_OWNER_REPO" +[ "$GH_AUTH_METHOD" = "none" ] && echo "⚠ Not authenticated — see github-auth skill" + +export GH_AUTH_METHOD GITHUB_TOKEN GH_USER GH_OWNER GH_REPO GH_OWNER_REPO diff --git a/skills/github/github-code-review/SKILL.md b/skills/github/github-code-review/SKILL.md new file mode 100644 index 0000000..52d8e4a --- /dev/null +++ b/skills/github/github-code-review/SKILL.md @@ -0,0 +1,480 @@ +--- +name: github-code-review +description: Review code changes by analyzing git diffs, leaving inline comments on PRs, and performing thorough pre-push review. Works with gh CLI or falls back to git + GitHub REST API via curl. +version: 1.1.0 +author: Hermes Agent +license: MIT +metadata: + hermes: + tags: [GitHub, Code-Review, Pull-Requests, Git, Quality] + related_skills: [github-auth, github-pr-workflow] +--- + +# GitHub Code Review + +Perform code reviews on local changes before pushing, or review open PRs on GitHub. Most of this skill uses plain `git` — the `gh`/`curl` split only matters for PR-level interactions. + +## Prerequisites + +- Authenticated with GitHub (see `github-auth` skill) +- Inside a git repository + +### Setup (for PR interactions) + +```bash +if command -v gh &>/dev/null && gh auth status &>/dev/null; then + AUTH="gh" +else + AUTH="git" + if [ -z "$GITHUB_TOKEN" ]; then + if [ -f ~/.hermes/.env ] && grep -q "^GITHUB_TOKEN=" ~/.hermes/.env; then + GITHUB_TOKEN=$(grep "^GITHUB_TOKEN=" ~/.hermes/.env | head -1 | cut -d= -f2 | tr -d '\n\r') + elif grep -q "github.com" ~/.git-credentials 2>/dev/null; then + GITHUB_TOKEN=$(grep "github.com" ~/.git-credentials 2>/dev/null | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|') + fi + fi +fi + +REMOTE_URL=$(git remote get-url origin) +OWNER_REPO=$(echo "$REMOTE_URL" | sed -E 's|.*github\.com[:/]||; s|\.git$||') +OWNER=$(echo "$OWNER_REPO" | cut -d/ -f1) +REPO=$(echo "$OWNER_REPO" | cut -d/ -f2) +``` + +--- + +## 1. Reviewing Local Changes (Pre-Push) + +This is pure `git` — works everywhere, no API needed. + +### Get the Diff + +```bash +# Staged changes (what would be committed) +git diff --staged + +# All changes vs main (what a PR would contain) +git diff main...HEAD + +# File names only +git diff main...HEAD --name-only + +# Stat summary (insertions/deletions per file) +git diff main...HEAD --stat +``` + +### Review Strategy + +1. **Get the big picture first:** + +```bash +git diff main...HEAD --stat +git log main..HEAD --oneline +``` + +2. **Review file by file** — use `read_file` on changed files for full context, and the diff to see what changed: + +```bash +git diff main...HEAD -- src/auth/login.py +``` + +3. **Check for common issues:** + +```bash +# Debug statements, TODOs, console.logs left behind +git diff main...HEAD | grep -n "print(\|console\.log\|TODO\|FIXME\|HACK\|XXX\|debugger" + +# Large files accidentally staged +git diff main...HEAD --stat | sort -t'|' -k2 -rn | head -10 + +# Secrets or credential patterns +git diff main...HEAD | grep -in "password\|secret\|api_key\|token.*=\|private_key" + +# Merge conflict markers +git diff main...HEAD | grep -n "<<<<<<\|>>>>>>\|=======" +``` + +4. **Present structured feedback** to the user. + +### Review Output Format + +When reviewing local changes, present findings in this structure: + +``` +## Code Review Summary + +### Critical +- **src/auth.py:45** — SQL injection: user input passed directly to query. + Suggestion: Use parameterized queries. + +### Warnings +- **src/models/user.py:23** — Password stored in plaintext. Use bcrypt or argon2. +- **src/api/routes.py:112** — No rate limiting on login endpoint. + +### Suggestions +- **src/utils/helpers.py:8** — Duplicates logic in `src/core/utils.py:34`. Consolidate. +- **tests/test_auth.py** — Missing edge case: expired token test. + +### Looks Good +- Clean separation of concerns in the middleware layer +- Good test coverage for the happy path +``` + +--- + +## 2. Reviewing a Pull Request on GitHub + +### View PR Details + +**With gh:** + +```bash +gh pr view 123 +gh pr diff 123 +gh pr diff 123 --name-only +``` + +**With git + curl:** + +```bash +PR_NUMBER=123 + +# Get PR details +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER \ + | python3 -c " +import sys, json +pr = json.load(sys.stdin) +print(f\"Title: {pr['title']}\") +print(f\"Author: {pr['user']['login']}\") +print(f\"Branch: {pr['head']['ref']} -> {pr['base']['ref']}\") +print(f\"State: {pr['state']}\") +print(f\"Body:\n{pr['body']}\")" + +# List changed files +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER/files \ + | python3 -c " +import sys, json +for f in json.load(sys.stdin): + print(f\"{f['status']:10} +{f['additions']:-4} -{f['deletions']:-4} {f['filename']}\")" +``` + +### Check Out PR Locally for Full Review + +This works with plain `git` — no `gh` needed: + +```bash +# Fetch the PR branch and check it out +git fetch origin pull/123/head:pr-123 +git checkout pr-123 + +# Now you can use read_file, search_files, run tests, etc. + +# View diff against the base branch +git diff main...pr-123 +``` + +**With gh (shortcut):** + +```bash +gh pr checkout 123 +``` + +### Leave Comments on a PR + +**General PR comment — with gh:** + +```bash +gh pr comment 123 --body "Overall looks good, a few suggestions below." +``` + +**General PR comment — with curl:** + +```bash +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/issues/$PR_NUMBER/comments \ + -d '{"body": "Overall looks good, a few suggestions below."}' +``` + +### Leave Inline Review Comments + +**Single inline comment — with gh (via API):** + +```bash +HEAD_SHA=$(gh pr view 123 --json headRefOid --jq '.headRefOid') + +gh api repos/$OWNER/$REPO/pulls/123/comments \ + --method POST \ + -f body="This could be simplified with a list comprehension." \ + -f path="src/auth/login.py" \ + -f commit_id="$HEAD_SHA" \ + -f line=45 \ + -f side="RIGHT" +``` + +**Single inline comment — with curl:** + +```bash +# Get the head commit SHA +HEAD_SHA=$(curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER \ + | python3 -c "import sys,json; print(json.load(sys.stdin)['head']['sha'])") + +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER/comments \ + -d "{ + \"body\": \"This could be simplified with a list comprehension.\", + \"path\": \"src/auth/login.py\", + \"commit_id\": \"$HEAD_SHA\", + \"line\": 45, + \"side\": \"RIGHT\" + }" +``` + +### Submit a Formal Review (Approve / Request Changes) + +**With gh:** + +```bash +gh pr review 123 --approve --body "LGTM!" +gh pr review 123 --request-changes --body "See inline comments." +gh pr review 123 --comment --body "Some suggestions, nothing blocking." +``` + +**With curl — multi-comment review submitted atomically:** + +```bash +HEAD_SHA=$(curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER \ + | python3 -c "import sys,json; print(json.load(sys.stdin)['head']['sha'])") + +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER/reviews \ + -d "{ + \"commit_id\": \"$HEAD_SHA\", + \"event\": \"COMMENT\", + \"body\": \"Code review from Hermes Agent\", + \"comments\": [ + {\"path\": \"src/auth.py\", \"line\": 45, \"body\": \"Use parameterized queries to prevent SQL injection.\"}, + {\"path\": \"src/models/user.py\", \"line\": 23, \"body\": \"Hash passwords with bcrypt before storing.\"}, + {\"path\": \"tests/test_auth.py\", \"line\": 1, \"body\": \"Add test for expired token edge case.\"} + ] + }" +``` + +Event values: `"APPROVE"`, `"REQUEST_CHANGES"`, `"COMMENT"` + +The `line` field refers to the line number in the *new* version of the file. For deleted lines, use `"side": "LEFT"`. + +--- + +## 3. Review Checklist + +When performing a code review (local or PR), systematically check: + +### Correctness +- Does the code do what it claims? +- Edge cases handled (empty inputs, nulls, large data, concurrent access)? +- Error paths handled gracefully? + +### Security +- No hardcoded secrets, credentials, or API keys +- Input validation on user-facing inputs +- No SQL injection, XSS, or path traversal +- Auth/authz checks where needed + +### Code Quality +- Clear naming (variables, functions, classes) +- No unnecessary complexity or premature abstraction +- DRY — no duplicated logic that should be extracted +- Functions are focused (single responsibility) + +### Testing +- New code paths tested? +- Happy path and error cases covered? +- Tests readable and maintainable? + +### Performance +- No N+1 queries or unnecessary loops +- Appropriate caching where beneficial +- No blocking operations in async code paths + +### Documentation +- Public APIs documented +- Non-obvious logic has comments explaining "why" +- README updated if behavior changed + +--- + +## 4. Pre-Push Review Workflow + +When the user asks you to "review the code" or "check before pushing": + +1. `git diff main...HEAD --stat` — see scope of changes +2. `git diff main...HEAD` — read the full diff +3. For each changed file, use `read_file` if you need more context +4. Apply the checklist above +5. Present findings in the structured format (Critical / Warnings / Suggestions / Looks Good) +6. If critical issues found, offer to fix them before the user pushes + +--- + +## 5. PR Review Workflow (End-to-End) + +When the user asks you to "review PR #N", "look at this PR", or gives you a PR URL, follow this recipe: + +### Step 1: Set up environment + +```bash +source ~/.hermes/skills/github/github-auth/scripts/gh-env.sh +# Or run the inline setup block from the top of this skill +``` + +### Step 2: Gather PR context + +Get the PR metadata, description, and list of changed files to understand scope before diving into code. + +**With gh:** +```bash +gh pr view 123 +gh pr diff 123 --name-only +gh pr checks 123 +``` + +**With curl:** +```bash +PR_NUMBER=123 + +# PR details (title, author, description, branch) +curl -s -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$GH_OWNER/$GH_REPO/pulls/$PR_NUMBER + +# Changed files with line counts +curl -s -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$GH_OWNER/$GH_REPO/pulls/$PR_NUMBER/files +``` + +### Step 3: Check out the PR locally + +This gives you full access to `read_file`, `search_files`, and the ability to run tests. + +```bash +git fetch origin pull/$PR_NUMBER/head:pr-$PR_NUMBER +git checkout pr-$PR_NUMBER +``` + +### Step 4: Read the diff and understand changes + +```bash +# Full diff against the base branch +git diff main...HEAD + +# Or file-by-file for large PRs +git diff main...HEAD --name-only +# Then for each file: +git diff main...HEAD -- path/to/file.py +``` + +For each changed file, use `read_file` to see full context around the changes — diffs alone can miss issues visible only with surrounding code. + +### Step 5: Run automated checks locally (if applicable) + +```bash +# Run tests if there's a test suite +python -m pytest 2>&1 | tail -20 +# or: npm test, cargo test, go test ./..., etc. + +# Run linter if configured +ruff check . 2>&1 | head -30 +# or: eslint, clippy, etc. +``` + +### Step 6: Apply the review checklist (Section 3) + +Go through each category: Correctness, Security, Code Quality, Testing, Performance, Documentation. + +### Step 7: Post the review to GitHub + +Collect your findings and submit them as a formal review with inline comments. + +**With gh:** +```bash +# If no issues — approve +gh pr review $PR_NUMBER --approve --body "Reviewed by Hermes Agent. Code looks clean — good test coverage, no security concerns." + +# If issues found — request changes with inline comments +gh pr review $PR_NUMBER --request-changes --body "Found a few issues — see inline comments." +``` + +**With curl — atomic review with multiple inline comments:** +```bash +HEAD_SHA=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$GH_OWNER/$GH_REPO/pulls/$PR_NUMBER \ + | python3 -c "import sys,json; print(json.load(sys.stdin)['head']['sha'])") + +# Build the review JSON — event is APPROVE, REQUEST_CHANGES, or COMMENT +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$GH_OWNER/$GH_REPO/pulls/$PR_NUMBER/reviews \ + -d "{ + \"commit_id\": \"$HEAD_SHA\", + \"event\": \"REQUEST_CHANGES\", + \"body\": \"## Hermes Agent Review\n\nFound 2 issues, 1 suggestion. See inline comments.\", + \"comments\": [ + {\"path\": \"src/auth.py\", \"line\": 45, \"body\": \"🔴 **Critical:** User input passed directly to SQL query — use parameterized queries.\"}, + {\"path\": \"src/models.py\", \"line\": 23, \"body\": \"⚠️ **Warning:** Password stored without hashing.\"}, + {\"path\": \"src/utils.py\", \"line\": 8, \"body\": \"💡 **Suggestion:** This duplicates logic in core/utils.py:34.\"} + ] + }" +``` + +### Step 8: Also post a summary comment + +In addition to inline comments, leave a top-level summary so the PR author gets the full picture at a glance. Use the review output format from `references/review-output-template.md`. + +**With gh:** +```bash +gh pr comment $PR_NUMBER --body "$(cat <<'EOF' +## Code Review Summary + +**Verdict: Changes Requested** (2 issues, 1 suggestion) + +### 🔴 Critical +- **src/auth.py:45** — SQL injection vulnerability + +### ⚠️ Warnings +- **src/models.py:23** — Plaintext password storage + +### 💡 Suggestions +- **src/utils.py:8** — Duplicated logic, consider consolidating + +### ✅ Looks Good +- Clean API design +- Good error handling in the middleware layer + +--- +*Reviewed by Hermes Agent* +EOF +)" +``` + +### Step 9: Clean up + +```bash +git checkout main +git branch -D pr-$PR_NUMBER +``` + +### Decision: Approve vs Request Changes vs Comment + +- **Approve** — no critical or warning-level issues, only minor suggestions or all clear +- **Request Changes** — any critical or warning-level issue that should be fixed before merge +- **Comment** — observations and suggestions, but nothing blocking (use when you're unsure or the PR is a draft) diff --git a/skills/github/github-code-review/references/review-output-template.md b/skills/github/github-code-review/references/review-output-template.md new file mode 100644 index 0000000..f4aa6c1 --- /dev/null +++ b/skills/github/github-code-review/references/review-output-template.md @@ -0,0 +1,74 @@ +# Review Output Template + +Use this as the structure for PR review summary comments. Copy and fill in the sections. + +## For PR Summary Comment + +```markdown +## Code Review Summary + +**Verdict: [Approved ✅ | Changes Requested 🔴 | Reviewed 💬]** ([N] issues, [N] suggestions) + +**PR:** #[number] — [title] +**Author:** @[username] +**Files changed:** [N] (+[additions] -[deletions]) + +### 🔴 Critical + +- **file.py:line** — [description]. Suggestion: [fix]. + +### ⚠️ Warnings + +- **file.py:line** — [description]. + +### 💡 Suggestions + +- **file.py:line** — [description]. + +### ✅ Looks Good + +- [aspect that was done well] + +--- +*Reviewed by Hermes Agent* +``` + +## Severity Guide + +| Level | Icon | When to use | Blocks merge? | +|-------|------|-------------|---------------| +| Critical | 🔴 | Security vulnerabilities, data loss risk, crashes, broken core functionality | Yes | +| Warning | ⚠️ | Bugs in non-critical paths, missing error handling, missing tests for new code | Usually yes | +| Suggestion | 💡 | Style improvements, refactoring ideas, performance hints, documentation gaps | No | +| Looks Good | ✅ | Clean patterns, good test coverage, clear naming, smart design decisions | N/A | + +## Verdict Decision + +- **Approved ✅** — Zero critical/warning items. Only suggestions or all clear. +- **Changes Requested 🔴** — Any critical or warning item exists. +- **Reviewed 💬** — Observations only (draft PRs, uncertain findings, informational). + +## For Inline Comments + +Prefix inline comments with the severity icon so they're scannable: + +``` +🔴 **Critical:** User input passed directly to SQL query — use parameterized queries to prevent injection. +``` + +``` +⚠️ **Warning:** This error is silently swallowed. At minimum, log it. +``` + +``` +💡 **Suggestion:** This could be simplified with a dict comprehension: +`{k: v for k, v in items if v is not None}` +``` + +``` +✅ **Nice:** Good use of context manager here — ensures cleanup on exceptions. +``` + +## For Local (Pre-Push) Review + +When reviewing locally before push, use the same structure but present it as a message to the user instead of a PR comment. Skip the PR metadata header and just start with the severity sections. diff --git a/skills/github/github-issues/SKILL.md b/skills/github/github-issues/SKILL.md new file mode 100644 index 0000000..a3bceb8 --- /dev/null +++ b/skills/github/github-issues/SKILL.md @@ -0,0 +1,369 @@ +--- +name: github-issues +description: Create, manage, triage, and close GitHub issues. Search existing issues, add labels, assign people, and link to PRs. Works with gh CLI or falls back to git + GitHub REST API via curl. +version: 1.1.0 +author: Hermes Agent +license: MIT +metadata: + hermes: + tags: [GitHub, Issues, Project-Management, Bug-Tracking, Triage] + related_skills: [github-auth, github-pr-workflow] +--- + +# GitHub Issues Management + +Create, search, triage, and manage GitHub issues. Each section shows `gh` first, then the `curl` fallback. + +## Prerequisites + +- Authenticated with GitHub (see `github-auth` skill) +- Inside a git repo with a GitHub remote, or specify the repo explicitly + +### Setup + +```bash +if command -v gh &>/dev/null && gh auth status &>/dev/null; then + AUTH="gh" +else + AUTH="git" + if [ -z "$GITHUB_TOKEN" ]; then + if [ -f ~/.hermes/.env ] && grep -q "^GITHUB_TOKEN=" ~/.hermes/.env; then + GITHUB_TOKEN=$(grep "^GITHUB_TOKEN=" ~/.hermes/.env | head -1 | cut -d= -f2 | tr -d '\n\r') + elif grep -q "github.com" ~/.git-credentials 2>/dev/null; then + GITHUB_TOKEN=$(grep "github.com" ~/.git-credentials 2>/dev/null | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|') + fi + fi +fi + +REMOTE_URL=$(git remote get-url origin) +OWNER_REPO=$(echo "$REMOTE_URL" | sed -E 's|.*github\.com[:/]||; s|\.git$||') +OWNER=$(echo "$OWNER_REPO" | cut -d/ -f1) +REPO=$(echo "$OWNER_REPO" | cut -d/ -f2) +``` + +--- + +## 1. Viewing Issues + +**With gh:** + +```bash +gh issue list +gh issue list --state open --label "bug" +gh issue list --assignee @me +gh issue list --search "authentication error" --state all +gh issue view 42 +``` + +**With curl:** + +```bash +# List open issues +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + "https://api.github.com/repos/$OWNER/$REPO/issues?state=open&per_page=20" \ + | python3 -c " +import sys, json +for i in json.load(sys.stdin): + if 'pull_request' not in i: # GitHub API returns PRs in /issues too + labels = ', '.join(l['name'] for l in i['labels']) + print(f\"#{i['number']:5} {i['state']:6} {labels:30} {i['title']}\")" + +# Filter by label +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + "https://api.github.com/repos/$OWNER/$REPO/issues?state=open&labels=bug&per_page=20" \ + | python3 -c " +import sys, json +for i in json.load(sys.stdin): + if 'pull_request' not in i: + print(f\"#{i['number']} {i['title']}\")" + +# View a specific issue +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/issues/42 \ + | python3 -c " +import sys, json +i = json.load(sys.stdin) +labels = ', '.join(l['name'] for l in i['labels']) +assignees = ', '.join(a['login'] for a in i['assignees']) +print(f\"#{i['number']}: {i['title']}\") +print(f\"State: {i['state']} Labels: {labels} Assignees: {assignees}\") +print(f\"Author: {i['user']['login']} Created: {i['created_at']}\") +print(f\"\n{i['body']}\")" + +# Search issues +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + "https://api.github.com/search/issues?q=authentication+error+repo:$OWNER/$REPO" \ + | python3 -c " +import sys, json +for i in json.load(sys.stdin)['items']: + print(f\"#{i['number']} {i['state']:6} {i['title']}\")" +``` + +## 2. Creating Issues + +**With gh:** + +```bash +gh issue create \ + --title "Login redirect ignores ?next= parameter" \ + --body "## Description +After logging in, users always land on /dashboard. + +## Steps to Reproduce +1. Navigate to /settings while logged out +2. Get redirected to /login?next=/settings +3. Log in +4. Actual: redirected to /dashboard (should go to /settings) + +## Expected Behavior +Respect the ?next= query parameter." \ + --label "bug,backend" \ + --assignee "username" +``` + +**With curl:** + +```bash +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/issues \ + -d '{ + "title": "Login redirect ignores ?next= parameter", + "body": "## Description\nAfter logging in, users always land on /dashboard.\n\n## Steps to Reproduce\n1. Navigate to /settings while logged out\n2. Get redirected to /login?next=/settings\n3. Log in\n4. Actual: redirected to /dashboard\n\n## Expected Behavior\nRespect the ?next= query parameter.", + "labels": ["bug", "backend"], + "assignees": ["username"] + }' +``` + +### Bug Report Template + +``` +## Bug Description + + +## Steps to Reproduce +1. +2. + +## Expected Behavior + + +## Actual Behavior + + +## Environment +- OS: +- Version: +``` + +### Feature Request Template + +``` +## Feature Description + + +## Motivation + + +## Proposed Solution + + +## Alternatives Considered + +``` + +## 3. Managing Issues + +### Add/Remove Labels + +**With gh:** + +```bash +gh issue edit 42 --add-label "priority:high,bug" +gh issue edit 42 --remove-label "needs-triage" +``` + +**With curl:** + +```bash +# Add labels +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/issues/42/labels \ + -d '{"labels": ["priority:high", "bug"]}' + +# Remove a label +curl -s -X DELETE \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/issues/42/labels/needs-triage + +# List available labels in the repo +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/labels \ + | python3 -c " +import sys, json +for l in json.load(sys.stdin): + print(f\" {l['name']:30} {l.get('description', '')}\")" +``` + +### Assignment + +**With gh:** + +```bash +gh issue edit 42 --add-assignee username +gh issue edit 42 --add-assignee @me +``` + +**With curl:** + +```bash +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/issues/42/assignees \ + -d '{"assignees": ["username"]}' +``` + +### Commenting + +**With gh:** + +```bash +gh issue comment 42 --body "Investigated — root cause is in auth middleware. Working on a fix." +``` + +**With curl:** + +```bash +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/issues/42/comments \ + -d '{"body": "Investigated — root cause is in auth middleware. Working on a fix."}' +``` + +### Closing and Reopening + +**With gh:** + +```bash +gh issue close 42 +gh issue close 42 --reason "not planned" +gh issue reopen 42 +``` + +**With curl:** + +```bash +# Close +curl -s -X PATCH \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/issues/42 \ + -d '{"state": "closed", "state_reason": "completed"}' + +# Reopen +curl -s -X PATCH \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/issues/42 \ + -d '{"state": "open"}' +``` + +### Linking Issues to PRs + +Issues are automatically closed when a PR merges with the right keywords in the body: + +``` +Closes #42 +Fixes #42 +Resolves #42 +``` + +To create a branch from an issue: + +**With gh:** + +```bash +gh issue develop 42 --checkout +``` + +**With git (manual equivalent):** + +```bash +git checkout main && git pull origin main +git checkout -b fix/issue-42-login-redirect +``` + +## 4. Issue Triage Workflow + +When asked to triage issues: + +1. **List untriaged issues:** + +```bash +# With gh +gh issue list --label "needs-triage" --state open + +# With curl +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + "https://api.github.com/repos/$OWNER/$REPO/issues?labels=needs-triage&state=open" \ + | python3 -c " +import sys, json +for i in json.load(sys.stdin): + if 'pull_request' not in i: + print(f\"#{i['number']} {i['title']}\")" +``` + +2. **Read and categorize** each issue (view details, understand the bug/feature) + +3. **Apply labels and priority** (see Managing Issues above) + +4. **Assign** if the owner is clear + +5. **Comment with triage notes** if needed + +## 5. Bulk Operations + +For batch operations, combine API calls with shell scripting: + +**With gh:** + +```bash +# Close all issues with a specific label +gh issue list --label "wontfix" --json number --jq '.[].number' | \ + xargs -I {} gh issue close {} --reason "not planned" +``` + +**With curl:** + +```bash +# List issue numbers with a label, then close each +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + "https://api.github.com/repos/$OWNER/$REPO/issues?labels=wontfix&state=open" \ + | python3 -c "import sys,json; [print(i['number']) for i in json.load(sys.stdin)]" \ + | while read num; do + curl -s -X PATCH \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/issues/$num \ + -d '{"state": "closed", "state_reason": "not_planned"}' + echo "Closed #$num" + done +``` + +## Quick Reference Table + +| Action | gh | curl endpoint | +|--------|-----|--------------| +| List issues | `gh issue list` | `GET /repos/{o}/{r}/issues` | +| View issue | `gh issue view N` | `GET /repos/{o}/{r}/issues/N` | +| Create issue | `gh issue create ...` | `POST /repos/{o}/{r}/issues` | +| Add labels | `gh issue edit N --add-label ...` | `POST /repos/{o}/{r}/issues/N/labels` | +| Assign | `gh issue edit N --add-assignee ...` | `POST /repos/{o}/{r}/issues/N/assignees` | +| Comment | `gh issue comment N --body ...` | `POST /repos/{o}/{r}/issues/N/comments` | +| Close | `gh issue close N` | `PATCH /repos/{o}/{r}/issues/N` | +| Search | `gh issue list --search "..."` | `GET /search/issues?q=...` | diff --git a/skills/github/github-issues/templates/bug-report.md b/skills/github/github-issues/templates/bug-report.md new file mode 100644 index 0000000..c07a782 --- /dev/null +++ b/skills/github/github-issues/templates/bug-report.md @@ -0,0 +1,35 @@ +## Bug Description + + + +## Steps to Reproduce + +1. +2. +3. + +## Expected Behavior + + + +## Actual Behavior + + + +## Environment + +- OS: +- Version/Commit: +- Python version: +- Browser (if applicable): + +## Error Output + + + +``` +``` + +## Additional Context + + diff --git a/skills/github/github-issues/templates/feature-request.md b/skills/github/github-issues/templates/feature-request.md new file mode 100644 index 0000000..449ad82 --- /dev/null +++ b/skills/github/github-issues/templates/feature-request.md @@ -0,0 +1,31 @@ +## Feature Description + + + +## Motivation + + + +## Proposed Solution + + + +``` +# Example usage +``` + +## Alternatives Considered + + + +- + +## Scope / Effort Estimate + + + +Small / Medium / Large — + +## Additional Context + + diff --git a/skills/github/github-pr-workflow/SKILL.md b/skills/github/github-pr-workflow/SKILL.md new file mode 100644 index 0000000..48f15ed --- /dev/null +++ b/skills/github/github-pr-workflow/SKILL.md @@ -0,0 +1,366 @@ +--- +name: github-pr-workflow +description: Full pull request lifecycle — create branches, commit changes, open PRs, monitor CI status, auto-fix failures, and merge. Works with gh CLI or falls back to git + GitHub REST API via curl. +version: 1.1.0 +author: Hermes Agent +license: MIT +metadata: + hermes: + tags: [GitHub, Pull-Requests, CI/CD, Git, Automation, Merge] + related_skills: [github-auth, github-code-review] +--- + +# GitHub Pull Request Workflow + +Complete guide for managing the PR lifecycle. Each section shows the `gh` way first, then the `git` + `curl` fallback for machines without `gh`. + +## Prerequisites + +- Authenticated with GitHub (see `github-auth` skill) +- Inside a git repository with a GitHub remote + +### Quick Auth Detection + +```bash +# Determine which method to use throughout this workflow +if command -v gh &>/dev/null && gh auth status &>/dev/null; then + AUTH="gh" +else + AUTH="git" + # Ensure we have a token for API calls + if [ -z "$GITHUB_TOKEN" ]; then + if [ -f ~/.hermes/.env ] && grep -q "^GITHUB_TOKEN=" ~/.hermes/.env; then + GITHUB_TOKEN=$(grep "^GITHUB_TOKEN=" ~/.hermes/.env | head -1 | cut -d= -f2 | tr -d '\n\r') + elif grep -q "github.com" ~/.git-credentials 2>/dev/null; then + GITHUB_TOKEN=$(grep "github.com" ~/.git-credentials 2>/dev/null | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|') + fi + fi +fi +echo "Using: $AUTH" +``` + +### Extracting Owner/Repo from the Git Remote + +Many `curl` commands need `owner/repo`. Extract it from the git remote: + +```bash +# Works for both HTTPS and SSH remote URLs +REMOTE_URL=$(git remote get-url origin) +OWNER_REPO=$(echo "$REMOTE_URL" | sed -E 's|.*github\.com[:/]||; s|\.git$||') +OWNER=$(echo "$OWNER_REPO" | cut -d/ -f1) +REPO=$(echo "$OWNER_REPO" | cut -d/ -f2) +echo "Owner: $OWNER, Repo: $REPO" +``` + +--- + +## 1. Branch Creation + +This part is pure `git` — identical either way: + +```bash +# Make sure you're up to date +git fetch origin +git checkout main && git pull origin main + +# Create and switch to a new branch +git checkout -b feat/add-user-authentication +``` + +Branch naming conventions: +- `feat/description` — new features +- `fix/description` — bug fixes +- `refactor/description` — code restructuring +- `docs/description` — documentation +- `ci/description` — CI/CD changes + +## 2. Making Commits + +Use the agent's file tools (`write_file`, `patch`) to make changes, then commit: + +```bash +# Stage specific files +git add src/auth.py src/models/user.py tests/test_auth.py + +# Commit with a conventional commit message +git commit -m "feat: add JWT-based user authentication + +- Add login/register endpoints +- Add User model with password hashing +- Add auth middleware for protected routes +- Add unit tests for auth flow" +``` + +Commit message format (Conventional Commits): +``` +type(scope): short description + +Longer explanation if needed. Wrap at 72 characters. +``` + +Types: `feat`, `fix`, `refactor`, `docs`, `test`, `ci`, `chore`, `perf` + +## 3. Pushing and Creating a PR + +### Push the Branch (same either way) + +```bash +git push -u origin HEAD +``` + +### Create the PR + +**With gh:** + +```bash +gh pr create \ + --title "feat: add JWT-based user authentication" \ + --body "## Summary +- Adds login and register API endpoints +- JWT token generation and validation + +## Test Plan +- [ ] Unit tests pass + +Closes #42" +``` + +Options: `--draft`, `--reviewer user1,user2`, `--label "enhancement"`, `--base develop` + +**With git + curl:** + +```bash +BRANCH=$(git branch --show-current) + +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.v3+json" \ + https://api.github.com/repos/$OWNER/$REPO/pulls \ + -d "{ + \"title\": \"feat: add JWT-based user authentication\", + \"body\": \"## Summary\nAdds login and register API endpoints.\n\nCloses #42\", + \"head\": \"$BRANCH\", + \"base\": \"main\" + }" +``` + +The response JSON includes the PR `number` — save it for later commands. + +To create as a draft, add `"draft": true` to the JSON body. + +## 4. Monitoring CI Status + +### Check CI Status + +**With gh:** + +```bash +# One-shot check +gh pr checks + +# Watch until all checks finish (polls every 10s) +gh pr checks --watch +``` + +**With git + curl:** + +```bash +# Get the latest commit SHA on the current branch +SHA=$(git rev-parse HEAD) + +# Query the combined status +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/commits/$SHA/status \ + | python3 -c " +import sys, json +data = json.load(sys.stdin) +print(f\"Overall: {data['state']}\") +for s in data.get('statuses', []): + print(f\" {s['context']}: {s['state']} - {s.get('description', '')}\")" + +# Also check GitHub Actions check runs (separate endpoint) +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/commits/$SHA/check-runs \ + | python3 -c " +import sys, json +data = json.load(sys.stdin) +for cr in data.get('check_runs', []): + print(f\" {cr['name']}: {cr['status']} / {cr['conclusion'] or 'pending'}\")" +``` + +### Poll Until Complete (git + curl) + +```bash +# Simple polling loop — check every 30 seconds, up to 10 minutes +SHA=$(git rev-parse HEAD) +for i in $(seq 1 20); do + STATUS=$(curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/commits/$SHA/status \ + | python3 -c "import sys,json; print(json.load(sys.stdin)['state'])") + echo "Check $i: $STATUS" + if [ "$STATUS" = "success" ] || [ "$STATUS" = "failure" ] || [ "$STATUS" = "error" ]; then + break + fi + sleep 30 +done +``` + +## 5. Auto-Fixing CI Failures + +When CI fails, diagnose and fix. This loop works with either auth method. + +### Step 1: Get Failure Details + +**With gh:** + +```bash +# List recent workflow runs on this branch +gh run list --branch $(git branch --show-current) --limit 5 + +# View failed logs +gh run view --log-failed +``` + +**With git + curl:** + +```bash +BRANCH=$(git branch --show-current) + +# List workflow runs on this branch +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + "https://api.github.com/repos/$OWNER/$REPO/actions/runs?branch=$BRANCH&per_page=5" \ + | python3 -c " +import sys, json +runs = json.load(sys.stdin)['workflow_runs'] +for r in runs: + print(f\"Run {r['id']}: {r['name']} - {r['conclusion'] or r['status']}\")" + +# Get failed job logs (download as zip, extract, read) +RUN_ID= +curl -s -L \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/actions/runs/$RUN_ID/logs \ + -o /tmp/ci-logs.zip +cd /tmp && unzip -o ci-logs.zip -d ci-logs && cat ci-logs/*.txt +``` + +### Step 2: Fix and Push + +After identifying the issue, use file tools (`patch`, `write_file`) to fix it: + +```bash +git add +git commit -m "fix: resolve CI failure in " +git push +``` + +### Step 3: Verify + +Re-check CI status using the commands from Section 4 above. + +### Auto-Fix Loop Pattern + +When asked to auto-fix CI, follow this loop: + +1. Check CI status → identify failures +2. Read failure logs → understand the error +3. Use `read_file` + `patch`/`write_file` → fix the code +4. `git add . && git commit -m "fix: ..." && git push` +5. Wait for CI → re-check status +6. Repeat if still failing (up to 3 attempts, then ask the user) + +## 6. Merging + +**With gh:** + +```bash +# Squash merge + delete branch (cleanest for feature branches) +gh pr merge --squash --delete-branch + +# Enable auto-merge (merges when all checks pass) +gh pr merge --auto --squash --delete-branch +``` + +**With git + curl:** + +```bash +PR_NUMBER= + +# Merge the PR via API (squash) +curl -s -X PUT \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER/merge \ + -d "{ + \"merge_method\": \"squash\", + \"commit_title\": \"feat: add user authentication (#$PR_NUMBER)\" + }" + +# Delete the remote branch after merge +BRANCH=$(git branch --show-current) +git push origin --delete $BRANCH + +# Switch back to main locally +git checkout main && git pull origin main +git branch -d $BRANCH +``` + +Merge methods: `"merge"` (merge commit), `"squash"`, `"rebase"` + +### Enable Auto-Merge (curl) + +```bash +# Auto-merge requires the repo to have it enabled in settings. +# This uses the GraphQL API since REST doesn't support auto-merge. +PR_NODE_ID=$(curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER \ + | python3 -c "import sys,json; print(json.load(sys.stdin)['node_id'])") + +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/graphql \ + -d "{\"query\": \"mutation { enablePullRequestAutoMerge(input: {pullRequestId: \\\"$PR_NODE_ID\\\", mergeMethod: SQUASH}) { clientMutationId } }\"}" +``` + +## 7. Complete Workflow Example + +```bash +# 1. Start from clean main +git checkout main && git pull origin main + +# 2. Branch +git checkout -b fix/login-redirect-bug + +# 3. (Agent makes code changes with file tools) + +# 4. Commit +git add src/auth/login.py tests/test_login.py +git commit -m "fix: correct redirect URL after login + +Preserves the ?next= parameter instead of always redirecting to /dashboard." + +# 5. Push +git push -u origin HEAD + +# 6. Create PR (picks gh or curl based on what's available) +# ... (see Section 3) + +# 7. Monitor CI (see Section 4) + +# 8. Merge when green (see Section 6) +``` + +## Useful PR Commands Reference + +| Action | gh | git + curl | +|--------|-----|-----------| +| List my PRs | `gh pr list --author @me` | `curl -s -H "Authorization: token $GITHUB_TOKEN" "https://api.github.com/repos/$OWNER/$REPO/pulls?state=open"` | +| View PR diff | `gh pr diff` | `git diff main...HEAD` (local) or `curl -H "Accept: application/vnd.github.diff" ...` | +| Add comment | `gh pr comment N --body "..."` | `curl -X POST .../issues/N/comments -d '{"body":"..."}'` | +| Request review | `gh pr edit N --add-reviewer user` | `curl -X POST .../pulls/N/requested_reviewers -d '{"reviewers":["user"]}'` | +| Close PR | `gh pr close N` | `curl -X PATCH .../pulls/N -d '{"state":"closed"}'` | +| Check out someone's PR | `gh pr checkout N` | `git fetch origin pull/N/head:pr-N && git checkout pr-N` | diff --git a/skills/github/github-pr-workflow/references/ci-troubleshooting.md b/skills/github/github-pr-workflow/references/ci-troubleshooting.md new file mode 100644 index 0000000..d7f9197 --- /dev/null +++ b/skills/github/github-pr-workflow/references/ci-troubleshooting.md @@ -0,0 +1,183 @@ +# CI Troubleshooting Quick Reference + +Common CI failure patterns and how to diagnose them from the logs. + +## Reading CI Logs + +```bash +# With gh +gh run view --log-failed + +# With curl — download and extract +curl -sL -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$GH_OWNER/$GH_REPO/actions/runs//logs \ + -o /tmp/ci-logs.zip && unzip -o /tmp/ci-logs.zip -d /tmp/ci-logs +``` + +## Common Failure Patterns + +### Test Failures + +**Signatures in logs:** +``` +FAILED tests/test_foo.py::test_bar - AssertionError +E assert 42 == 43 +ERROR tests/test_foo.py - ModuleNotFoundError +``` + +**Diagnosis:** +1. Find the test file and line number from the traceback +2. Use `read_file` to read the failing test +3. Check if it's a logic error in the code or a stale test assertion +4. Look for `ModuleNotFoundError` — usually a missing dependency in CI + +**Common fixes:** +- Update assertion to match new expected behavior +- Add missing dependency to requirements.txt / pyproject.toml +- Fix flaky test (add retry, mock external service, fix race condition) + +--- + +### Lint / Formatting Failures + +**Signatures in logs:** +``` +src/auth.py:45:1: E302 expected 2 blank lines, got 1 +src/models.py:12:80: E501 line too long (95 > 88 characters) +error: would reformat src/utils.py +``` + +**Diagnosis:** +1. Read the specific file:line numbers mentioned +2. Check which linter is complaining (flake8, ruff, black, isort, mypy) + +**Common fixes:** +- Run the formatter locally: `black .`, `isort .`, `ruff check --fix .` +- Fix the specific style violation by editing the file +- If using `patch`, make sure to match existing indentation style + +--- + +### Type Check Failures (mypy / pyright) + +**Signatures in logs:** +``` +src/api.py:23: error: Argument 1 to "process" has incompatible type "str"; expected "int" +src/models.py:45: error: Missing return statement +``` + +**Diagnosis:** +1. Read the file at the mentioned line +2. Check the function signature and what's being passed + +**Common fixes:** +- Add type cast or conversion +- Fix the function signature +- Add `# type: ignore` comment as last resort (with explanation) + +--- + +### Build / Compilation Failures + +**Signatures in logs:** +``` +ModuleNotFoundError: No module named 'some_package' +ERROR: Could not find a version that satisfies the requirement foo==1.2.3 +npm ERR! Could not resolve dependency +``` + +**Diagnosis:** +1. Check requirements.txt / package.json for the missing or incompatible dependency +2. Compare local vs CI Python/Node version + +**Common fixes:** +- Add missing dependency to requirements file +- Pin compatible version +- Update lockfile (`pip freeze`, `npm install`) + +--- + +### Permission / Auth Failures + +**Signatures in logs:** +``` +fatal: could not read Username for 'https://github.com': No such device or address +Error: Resource not accessible by integration +403 Forbidden +``` + +**Diagnosis:** +1. Check if the workflow needs special permissions (token scopes) +2. Check if secrets are configured (missing `GITHUB_TOKEN` or custom secrets) + +**Common fixes:** +- Add `permissions:` block to workflow YAML +- Verify secrets exist: `gh secret list` or check repo settings +- For fork PRs: some secrets aren't available by design + +--- + +### Timeout Failures + +**Signatures in logs:** +``` +Error: The operation was canceled. +The job running on runner ... has exceeded the maximum execution time +``` + +**Diagnosis:** +1. Check which step timed out +2. Look for infinite loops, hung processes, or slow network calls + +**Common fixes:** +- Add timeout to the specific step: `timeout-minutes: 10` +- Fix the underlying performance issue +- Split into parallel jobs + +--- + +### Docker / Container Failures + +**Signatures in logs:** +``` +docker: Error response from daemon +failed to solve: ... not found +COPY failed: file not found in build context +``` + +**Diagnosis:** +1. Check Dockerfile for the failing step +2. Verify the referenced files exist in the repo + +**Common fixes:** +- Fix path in COPY/ADD command +- Update base image tag +- Add missing file to `.dockerignore` exclusion or remove from it + +--- + +## Auto-Fix Decision Tree + +``` +CI Failed +├── Test failure +│ ├── Assertion mismatch → update test or fix logic +│ └── Import/module error → add dependency +├── Lint failure → run formatter, fix style +├── Type error → fix types +├── Build failure +│ ├── Missing dep → add to requirements +│ └── Version conflict → update pins +├── Permission error → update workflow permissions (needs user) +└── Timeout → investigate perf (may need user input) +``` + +## Re-running After Fix + +```bash +git add && git commit -m "fix: resolve CI failure" && git push + +# Then monitor +gh pr checks --watch 2>/dev/null || \ + echo "Poll with: curl -s -H 'Authorization: token ...' https://api.github.com/repos/.../commits/$(git rev-parse HEAD)/status" +``` diff --git a/skills/github/github-pr-workflow/references/conventional-commits.md b/skills/github/github-pr-workflow/references/conventional-commits.md new file mode 100644 index 0000000..9c7532f --- /dev/null +++ b/skills/github/github-pr-workflow/references/conventional-commits.md @@ -0,0 +1,71 @@ +# Conventional Commits Quick Reference + +Format: `type(scope): description` + +## Types + +| Type | When to use | Example | +|------|------------|---------| +| `feat` | New feature or capability | `feat(auth): add OAuth2 login flow` | +| `fix` | Bug fix | `fix(api): handle null response from /users endpoint` | +| `refactor` | Code restructuring, no behavior change | `refactor(db): extract query builder into separate module` | +| `docs` | Documentation only | `docs: update API usage examples in README` | +| `test` | Adding or updating tests | `test(auth): add integration tests for token refresh` | +| `ci` | CI/CD configuration | `ci: add Python 3.12 to test matrix` | +| `chore` | Maintenance, dependencies, tooling | `chore: upgrade pytest to 8.x` | +| `perf` | Performance improvement | `perf(search): add index on users.email column` | +| `style` | Formatting, whitespace, semicolons | `style: run black formatter on src/` | +| `build` | Build system or external deps | `build: switch from setuptools to hatch` | +| `revert` | Reverts a previous commit | `revert: revert "feat(auth): add OAuth2 login flow"` | + +## Scope (optional) + +Short identifier for the area of the codebase: `auth`, `api`, `db`, `ui`, `cli`, etc. + +## Breaking Changes + +Add `!` after type or `BREAKING CHANGE:` in footer: + +``` +feat(api)!: change authentication to use bearer tokens + +BREAKING CHANGE: API endpoints now require Bearer token instead of API key header. +Migration guide: https://docs.example.com/migrate-auth +``` + +## Multi-line Body + +Wrap at 72 characters. Use bullet points for multiple changes: + +``` +feat(auth): add JWT-based user authentication + +- Add login/register endpoints with input validation +- Add User model with argon2 password hashing +- Add auth middleware for protected routes +- Add token refresh endpoint with rotation + +Closes #42 +``` + +## Linking Issues + +In the commit body or footer: + +``` +Closes #42 ← closes the issue when merged +Fixes #42 ← same effect +Refs #42 ← references without closing +Co-authored-by: Name +``` + +## Quick Decision Guide + +- Added something new? → `feat` +- Something was broken and you fixed it? → `fix` +- Changed how code is organized but not what it does? → `refactor` +- Only touched tests? → `test` +- Only touched docs? → `docs` +- Updated CI/CD pipelines? → `ci` +- Updated dependencies or tooling? → `chore` +- Made something faster? → `perf` diff --git a/skills/github/github-pr-workflow/templates/pr-body-bugfix.md b/skills/github/github-pr-workflow/templates/pr-body-bugfix.md new file mode 100644 index 0000000..c80f220 --- /dev/null +++ b/skills/github/github-pr-workflow/templates/pr-body-bugfix.md @@ -0,0 +1,35 @@ +## Bug Description + + + +Fixes # + +## Root Cause + + + +## Fix + + + +- + +## How to Verify + + + +1. +2. +3. + +## Test Plan + +- [ ] Added regression test for this bug +- [ ] Existing tests still pass +- [ ] Manual verification of the fix + +## Risk Assessment + + + +Low / Medium / High — diff --git a/skills/github/github-pr-workflow/templates/pr-body-feature.md b/skills/github/github-pr-workflow/templates/pr-body-feature.md new file mode 100644 index 0000000..495aa16 --- /dev/null +++ b/skills/github/github-pr-workflow/templates/pr-body-feature.md @@ -0,0 +1,33 @@ +## Summary + + + +- + +## Motivation + + + +Closes # + +## Changes + + + +- + +## Test Plan + + + +- [ ] Unit tests pass (`pytest`) +- [ ] Manual testing of new functionality +- [ ] No regressions in existing behavior + +## Screenshots / Examples + + + +## Notes for Reviewers + + diff --git a/skills/github/github-repo-management/SKILL.md b/skills/github/github-repo-management/SKILL.md new file mode 100644 index 0000000..b3732f2 --- /dev/null +++ b/skills/github/github-repo-management/SKILL.md @@ -0,0 +1,515 @@ +--- +name: github-repo-management +description: Clone, create, fork, configure, and manage GitHub repositories. Manage remotes, secrets, releases, and workflows. Works with gh CLI or falls back to git + GitHub REST API via curl. +version: 1.1.0 +author: Hermes Agent +license: MIT +metadata: + hermes: + tags: [GitHub, Repositories, Git, Releases, Secrets, Configuration] + related_skills: [github-auth, github-pr-workflow, github-issues] +--- + +# GitHub Repository Management + +Create, clone, fork, configure, and manage GitHub repositories. Each section shows `gh` first, then the `git` + `curl` fallback. + +## Prerequisites + +- Authenticated with GitHub (see `github-auth` skill) + +### Setup + +```bash +if command -v gh &>/dev/null && gh auth status &>/dev/null; then + AUTH="gh" +else + AUTH="git" + if [ -z "$GITHUB_TOKEN" ]; then + if [ -f ~/.hermes/.env ] && grep -q "^GITHUB_TOKEN=" ~/.hermes/.env; then + GITHUB_TOKEN=$(grep "^GITHUB_TOKEN=" ~/.hermes/.env | head -1 | cut -d= -f2 | tr -d '\n\r') + elif grep -q "github.com" ~/.git-credentials 2>/dev/null; then + GITHUB_TOKEN=$(grep "github.com" ~/.git-credentials 2>/dev/null | head -1 | sed 's|https://[^:]*:\([^@]*\)@.*|\1|') + fi + fi +fi + +# Get your GitHub username (needed for several operations) +if [ "$AUTH" = "gh" ]; then + GH_USER=$(gh api user --jq '.login') +else + GH_USER=$(curl -s -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/user | python3 -c "import sys,json; print(json.load(sys.stdin)['login'])") +fi +``` + +If you're inside a repo already: + +```bash +REMOTE_URL=$(git remote get-url origin) +OWNER_REPO=$(echo "$REMOTE_URL" | sed -E 's|.*github\.com[:/]||; s|\.git$||') +OWNER=$(echo "$OWNER_REPO" | cut -d/ -f1) +REPO=$(echo "$OWNER_REPO" | cut -d/ -f2) +``` + +--- + +## 1. Cloning Repositories + +Cloning is pure `git` — works identically either way: + +```bash +# Clone via HTTPS (works with credential helper or token-embedded URL) +git clone https://github.com/owner/repo-name.git + +# Clone into a specific directory +git clone https://github.com/owner/repo-name.git ./my-local-dir + +# Shallow clone (faster for large repos) +git clone --depth 1 https://github.com/owner/repo-name.git + +# Clone a specific branch +git clone --branch develop https://github.com/owner/repo-name.git + +# Clone via SSH (if SSH is configured) +git clone git@github.com:owner/repo-name.git +``` + +**With gh (shorthand):** + +```bash +gh repo clone owner/repo-name +gh repo clone owner/repo-name -- --depth 1 +``` + +## 2. Creating Repositories + +**With gh:** + +```bash +# Create a public repo and clone it +gh repo create my-new-project --public --clone + +# Private, with description and license +gh repo create my-new-project --private --description "A useful tool" --license MIT --clone + +# Under an organization +gh repo create my-org/my-new-project --public --clone + +# From existing local directory +cd /path/to/existing/project +gh repo create my-project --source . --public --push +``` + +**With git + curl:** + +```bash +# Create the remote repo via API +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/user/repos \ + -d '{ + "name": "my-new-project", + "description": "A useful tool", + "private": false, + "auto_init": true, + "license_template": "mit" + }' + +# Clone it +git clone https://github.com/$GH_USER/my-new-project.git +cd my-new-project + +# -- OR -- push an existing local directory to the new repo +cd /path/to/existing/project +git init +git add . +git commit -m "Initial commit" +git remote add origin https://github.com/$GH_USER/my-new-project.git +git push -u origin main +``` + +To create under an organization: + +```bash +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/orgs/my-org/repos \ + -d '{"name": "my-new-project", "private": false}' +``` + +### From a Template + +**With gh:** + +```bash +gh repo create my-new-app --template owner/template-repo --public --clone +``` + +**With curl:** + +```bash +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/owner/template-repo/generate \ + -d '{"owner": "'"$GH_USER"'", "name": "my-new-app", "private": false}' +``` + +## 3. Forking Repositories + +**With gh:** + +```bash +gh repo fork owner/repo-name --clone +``` + +**With git + curl:** + +```bash +# Create the fork via API +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/owner/repo-name/forks + +# Wait a moment for GitHub to create it, then clone +sleep 3 +git clone https://github.com/$GH_USER/repo-name.git +cd repo-name + +# Add the original repo as "upstream" remote +git remote add upstream https://github.com/owner/repo-name.git +``` + +### Keeping a Fork in Sync + +```bash +# Pure git — works everywhere +git fetch upstream +git checkout main +git merge upstream/main +git push origin main +``` + +**With gh (shortcut):** + +```bash +gh repo sync $GH_USER/repo-name +``` + +## 4. Repository Information + +**With gh:** + +```bash +gh repo view owner/repo-name +gh repo list --limit 20 +gh search repos "machine learning" --language python --sort stars +``` + +**With curl:** + +```bash +# View repo details +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO \ + | python3 -c " +import sys, json +r = json.load(sys.stdin) +print(f\"Name: {r['full_name']}\") +print(f\"Description: {r['description']}\") +print(f\"Stars: {r['stargazers_count']} Forks: {r['forks_count']}\") +print(f\"Default branch: {r['default_branch']}\") +print(f\"Language: {r['language']}\")" + +# List your repos +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + "https://api.github.com/user/repos?per_page=20&sort=updated" \ + | python3 -c " +import sys, json +for r in json.load(sys.stdin): + vis = 'private' if r['private'] else 'public' + print(f\" {r['full_name']:40} {vis:8} {r.get('language', ''):10} ★{r['stargazers_count']}\")" + +# Search repos +curl -s \ + "https://api.github.com/search/repositories?q=machine+learning+language:python&sort=stars&per_page=10" \ + | python3 -c " +import sys, json +for r in json.load(sys.stdin)['items']: + print(f\" {r['full_name']:40} ★{r['stargazers_count']:6} {r['description'][:60] if r['description'] else ''}\")" +``` + +## 5. Repository Settings + +**With gh:** + +```bash +gh repo edit --description "Updated description" --visibility public +gh repo edit --enable-wiki=false --enable-issues=true +gh repo edit --default-branch main +gh repo edit --add-topic "machine-learning,python" +gh repo edit --enable-auto-merge +``` + +**With curl:** + +```bash +curl -s -X PATCH \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO \ + -d '{ + "description": "Updated description", + "has_wiki": false, + "has_issues": true, + "allow_auto_merge": true + }' + +# Update topics +curl -s -X PUT \ + -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github.mercy-preview+json" \ + https://api.github.com/repos/$OWNER/$REPO/topics \ + -d '{"names": ["machine-learning", "python", "automation"]}' +``` + +## 6. Branch Protection + +```bash +# View current protection +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/branches/main/protection + +# Set up branch protection +curl -s -X PUT \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/branches/main/protection \ + -d '{ + "required_status_checks": { + "strict": true, + "contexts": ["ci/test", "ci/lint"] + }, + "enforce_admins": false, + "required_pull_request_reviews": { + "required_approving_review_count": 1 + }, + "restrictions": null + }' +``` + +## 7. Secrets Management (GitHub Actions) + +**With gh:** + +```bash +gh secret set API_KEY --body "your-secret-value" +gh secret set SSH_KEY < ~/.ssh/id_rsa +gh secret list +gh secret delete API_KEY +``` + +**With curl:** + +Secrets require encryption with the repo's public key — more involved via API: + +```bash +# Get the repo's public key for encrypting secrets +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/actions/secrets/public-key + +# Encrypt and set (requires Python with PyNaCl) +python3 -c " +from base64 import b64encode +from nacl import encoding, public +import json, sys + +# Get the public key +key_id = '' +public_key = '' + +# Encrypt +sealed = public.SealedBox( + public.PublicKey(public_key.encode('utf-8'), encoding.Base64Encoder) +).encrypt('your-secret-value'.encode('utf-8')) +print(json.dumps({ + 'encrypted_value': b64encode(sealed).decode('utf-8'), + 'key_id': key_id +}))" + +# Then PUT the encrypted secret +curl -s -X PUT \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/actions/secrets/API_KEY \ + -d '' + +# List secrets (names only, values hidden) +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/actions/secrets \ + | python3 -c " +import sys, json +for s in json.load(sys.stdin)['secrets']: + print(f\" {s['name']:30} updated: {s['updated_at']}\")" +``` + +Note: For secrets, `gh secret set` is dramatically simpler. If setting secrets is needed and `gh` isn't available, recommend installing it for just that operation. + +## 8. Releases + +**With gh:** + +```bash +gh release create v1.0.0 --title "v1.0.0" --generate-notes +gh release create v2.0.0-rc1 --draft --prerelease --generate-notes +gh release create v1.0.0 ./dist/binary --title "v1.0.0" --notes "Release notes" +gh release list +gh release download v1.0.0 --dir ./downloads +``` + +**With curl:** + +```bash +# Create a release +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/releases \ + -d '{ + "tag_name": "v1.0.0", + "name": "v1.0.0", + "body": "## Changelog\n- Feature A\n- Bug fix B", + "draft": false, + "prerelease": false, + "generate_release_notes": true + }' + +# List releases +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/releases \ + | python3 -c " +import sys, json +for r in json.load(sys.stdin): + tag = r.get('tag_name', 'no tag') + print(f\" {tag:15} {r['name']:30} {'draft' if r['draft'] else 'published'}\")" + +# Upload a release asset (binary file) +RELEASE_ID= +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + -H "Content-Type: application/octet-stream" \ + "https://uploads.github.com/repos/$OWNER/$REPO/releases/$RELEASE_ID/assets?name=binary-amd64" \ + --data-binary @./dist/binary-amd64 +``` + +## 9. GitHub Actions Workflows + +**With gh:** + +```bash +gh workflow list +gh run list --limit 10 +gh run view +gh run view --log-failed +gh run rerun +gh run rerun --failed +gh workflow run ci.yml --ref main +gh workflow run deploy.yml -f environment=staging +``` + +**With curl:** + +```bash +# List workflows +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/actions/workflows \ + | python3 -c " +import sys, json +for w in json.load(sys.stdin)['workflows']: + print(f\" {w['id']:10} {w['name']:30} {w['state']}\")" + +# List recent runs +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + "https://api.github.com/repos/$OWNER/$REPO/actions/runs?per_page=10" \ + | python3 -c " +import sys, json +for r in json.load(sys.stdin)['workflow_runs']: + print(f\" Run {r['id']} {r['name']:30} {r['conclusion'] or r['status']}\")" + +# Download failed run logs +RUN_ID= +curl -s -L \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/actions/runs/$RUN_ID/logs \ + -o /tmp/ci-logs.zip +cd /tmp && unzip -o ci-logs.zip -d ci-logs + +# Re-run a failed workflow +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/actions/runs/$RUN_ID/rerun + +# Re-run only failed jobs +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/actions/runs/$RUN_ID/rerun-failed-jobs + +# Trigger a workflow manually (workflow_dispatch) +WORKFLOW_ID= +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$OWNER/$REPO/actions/workflows/$WORKFLOW_ID/dispatches \ + -d '{"ref": "main", "inputs": {"environment": "staging"}}' +``` + +## 10. Gists + +**With gh:** + +```bash +gh gist create script.py --public --desc "Useful script" +gh gist list +``` + +**With curl:** + +```bash +# Create a gist +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/gists \ + -d '{ + "description": "Useful script", + "public": true, + "files": { + "script.py": {"content": "print(\"hello\")"} + } + }' + +# List your gists +curl -s \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/gists \ + | python3 -c " +import sys, json +for g in json.load(sys.stdin): + files = ', '.join(g['files'].keys()) + print(f\" {g['id']} {g['description'] or '(no desc)':40} {files}\")" +``` + +## Quick Reference Table + +| Action | gh | git + curl | +|--------|-----|-----------| +| Clone | `gh repo clone o/r` | `git clone https://github.com/o/r.git` | +| Create repo | `gh repo create name --public` | `curl POST /user/repos` | +| Fork | `gh repo fork o/r --clone` | `curl POST /repos/o/r/forks` + `git clone` | +| Repo info | `gh repo view o/r` | `curl GET /repos/o/r` | +| Edit settings | `gh repo edit --...` | `curl PATCH /repos/o/r` | +| Create release | `gh release create v1.0` | `curl POST /repos/o/r/releases` | +| List workflows | `gh workflow list` | `curl GET /repos/o/r/actions/workflows` | +| Rerun CI | `gh run rerun ID` | `curl POST /repos/o/r/actions/runs/ID/rerun` | +| Set secret | `gh secret set KEY` | `curl PUT /repos/o/r/actions/secrets/KEY` (+ encryption) | diff --git a/skills/github/github-repo-management/references/github-api-cheatsheet.md b/skills/github/github-repo-management/references/github-api-cheatsheet.md new file mode 100644 index 0000000..ab7e1d1 --- /dev/null +++ b/skills/github/github-repo-management/references/github-api-cheatsheet.md @@ -0,0 +1,161 @@ +# GitHub REST API Cheatsheet + +Base URL: `https://api.github.com` + +All requests need: `-H "Authorization: token $GITHUB_TOKEN"` + +Use the `gh-env.sh` helper to set `$GITHUB_TOKEN`, `$GH_OWNER`, `$GH_REPO` automatically: +```bash +source ~/.hermes/skills/github/github-auth/scripts/gh-env.sh +``` + +## Repositories + +| Action | Method | Endpoint | +|--------|--------|----------| +| Get repo info | GET | `/repos/{owner}/{repo}` | +| Create repo (user) | POST | `/user/repos` | +| Create repo (org) | POST | `/orgs/{org}/repos` | +| Update repo | PATCH | `/repos/{owner}/{repo}` | +| Delete repo | DELETE | `/repos/{owner}/{repo}` | +| List your repos | GET | `/user/repos?per_page=30&sort=updated` | +| List org repos | GET | `/orgs/{org}/repos` | +| Fork repo | POST | `/repos/{owner}/{repo}/forks` | +| Create from template | POST | `/repos/{owner}/{template}/generate` | +| Get topics | GET | `/repos/{owner}/{repo}/topics` | +| Set topics | PUT | `/repos/{owner}/{repo}/topics` | + +## Pull Requests + +| Action | Method | Endpoint | +|--------|--------|----------| +| List PRs | GET | `/repos/{owner}/{repo}/pulls?state=open` | +| Create PR | POST | `/repos/{owner}/{repo}/pulls` | +| Get PR | GET | `/repos/{owner}/{repo}/pulls/{number}` | +| Update PR | PATCH | `/repos/{owner}/{repo}/pulls/{number}` | +| List PR files | GET | `/repos/{owner}/{repo}/pulls/{number}/files` | +| Merge PR | PUT | `/repos/{owner}/{repo}/pulls/{number}/merge` | +| Request reviewers | POST | `/repos/{owner}/{repo}/pulls/{number}/requested_reviewers` | +| Create review | POST | `/repos/{owner}/{repo}/pulls/{number}/reviews` | +| Inline comment | POST | `/repos/{owner}/{repo}/pulls/{number}/comments` | + +### PR Merge Body + +```json +{"merge_method": "squash", "commit_title": "feat: description (#N)"} +``` + +Merge methods: `"merge"`, `"squash"`, `"rebase"` + +### PR Review Events + +`"APPROVE"`, `"REQUEST_CHANGES"`, `"COMMENT"` + +## Issues + +| Action | Method | Endpoint | +|--------|--------|----------| +| List issues | GET | `/repos/{owner}/{repo}/issues?state=open` | +| Create issue | POST | `/repos/{owner}/{repo}/issues` | +| Get issue | GET | `/repos/{owner}/{repo}/issues/{number}` | +| Update issue | PATCH | `/repos/{owner}/{repo}/issues/{number}` | +| Add comment | POST | `/repos/{owner}/{repo}/issues/{number}/comments` | +| Add labels | POST | `/repos/{owner}/{repo}/issues/{number}/labels` | +| Remove label | DELETE | `/repos/{owner}/{repo}/issues/{number}/labels/{name}` | +| Add assignees | POST | `/repos/{owner}/{repo}/issues/{number}/assignees` | +| List labels | GET | `/repos/{owner}/{repo}/labels` | +| Search issues | GET | `/search/issues?q={query}+repo:{owner}/{repo}` | + +Note: The Issues API also returns PRs. Filter with `"pull_request" not in item` when parsing. + +## CI / GitHub Actions + +| Action | Method | Endpoint | +|--------|--------|----------| +| List workflows | GET | `/repos/{owner}/{repo}/actions/workflows` | +| List runs | GET | `/repos/{owner}/{repo}/actions/runs?per_page=10` | +| List runs (branch) | GET | `/repos/{owner}/{repo}/actions/runs?branch={branch}` | +| Get run | GET | `/repos/{owner}/{repo}/actions/runs/{run_id}` | +| Download logs | GET | `/repos/{owner}/{repo}/actions/runs/{run_id}/logs` | +| Re-run | POST | `/repos/{owner}/{repo}/actions/runs/{run_id}/rerun` | +| Re-run failed | POST | `/repos/{owner}/{repo}/actions/runs/{run_id}/rerun-failed-jobs` | +| Trigger dispatch | POST | `/repos/{owner}/{repo}/actions/workflows/{id}/dispatches` | +| Commit status | GET | `/repos/{owner}/{repo}/commits/{sha}/status` | +| Check runs | GET | `/repos/{owner}/{repo}/commits/{sha}/check-runs` | + +## Releases + +| Action | Method | Endpoint | +|--------|--------|----------| +| List releases | GET | `/repos/{owner}/{repo}/releases` | +| Create release | POST | `/repos/{owner}/{repo}/releases` | +| Get release | GET | `/repos/{owner}/{repo}/releases/{id}` | +| Delete release | DELETE | `/repos/{owner}/{repo}/releases/{id}` | +| Upload asset | POST | `https://uploads.github.com/repos/{owner}/{repo}/releases/{id}/assets?name={filename}` | + +## Secrets + +| Action | Method | Endpoint | +|--------|--------|----------| +| List secrets | GET | `/repos/{owner}/{repo}/actions/secrets` | +| Get public key | GET | `/repos/{owner}/{repo}/actions/secrets/public-key` | +| Set secret | PUT | `/repos/{owner}/{repo}/actions/secrets/{name}` | +| Delete secret | DELETE | `/repos/{owner}/{repo}/actions/secrets/{name}` | + +## Branch Protection + +| Action | Method | Endpoint | +|--------|--------|----------| +| Get protection | GET | `/repos/{owner}/{repo}/branches/{branch}/protection` | +| Set protection | PUT | `/repos/{owner}/{repo}/branches/{branch}/protection` | +| Delete protection | DELETE | `/repos/{owner}/{repo}/branches/{branch}/protection` | + +## User / Auth + +| Action | Method | Endpoint | +|--------|--------|----------| +| Get current user | GET | `/user` | +| List user repos | GET | `/user/repos` | +| List user gists | GET | `/gists` | +| Create gist | POST | `/gists` | +| Search repos | GET | `/search/repositories?q={query}` | + +## Pagination + +Most list endpoints support: +- `?per_page=100` (max 100) +- `?page=2` for next page +- Check `Link` header for `rel="next"` URL + +## Rate Limits + +- Authenticated: 5,000 requests/hour +- Check remaining: `curl -s -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/rate_limit` + +## Common curl Patterns + +```bash +# GET +curl -s -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$GH_OWNER/$GH_REPO + +# POST with JSON body +curl -s -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$GH_OWNER/$GH_REPO/issues \ + -d '{"title": "...", "body": "..."}' + +# PATCH (update) +curl -s -X PATCH \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$GH_OWNER/$GH_REPO/issues/42 \ + -d '{"state": "closed"}' + +# DELETE +curl -s -X DELETE \ + -H "Authorization: token $GITHUB_TOKEN" \ + https://api.github.com/repos/$GH_OWNER/$GH_REPO/issues/42/labels/bug + +# Parse JSON response with python3 +curl -s ... | python3 -c "import sys,json; data=json.load(sys.stdin); print(data['field'])" +``` diff --git a/sync.sh b/sync.sh index e6c9536..5f63ca2 100755 --- a/sync.sh +++ b/sync.sh @@ -1,151 +1,25 @@ #!/bin/bash -# Hermes Sync Script - 同步记忆和技能到 Gitea -# 用法: ./sync.sh [local|pull|push|status] - +# Hermes Sync Script set -e - -HERMES_HOME="${HERMES_HOME:-$HOME/.hermes}" SYNC_DIR="/root/hermes-sync-tmp" -BRANCH_NAME="$(hostname)" -GITEA_REMOTE="origin" -COMMIT_MSG="Sync $(date '+%Y-%m-%d %H:%M')" +BRANCH="$(hostname)" +cd "$SYNC_DIR" -# 颜色输出 -RED='\033[0;31m' -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -NC='\033[0m' - -log() { echo -e "${GREEN}[$(date '+%H:%M:%S')]${NC} $1"; } -warn() { echo -e "${YELLOW}[$(date '+%H:%M:%S')] WARNING:${NC} $1"; } -error() { echo -e "${RED}[$(date '+%H:%M:%S')] ERROR:${NC} $1"; } - -# 同步函数 - 从远程拉取最新记忆和技能 -pull_changes() { - log "Pulling latest changes from remote..." - cd "$SYNC_DIR" - - git fetch "$GITEA_REMOTE" 2>/dev/null || warn "Fetch failed (may be empty repo)" - - # 尝试合并远程更改 - if git rev-parse "$GITEA_REMOTE/$BRANCH_NAME" >/dev/null 2>&1; then - if git show-ref --quiet -- HEAD 2>/dev/null && ! git diff --quiet "$GITEA_REMOTE/$BRANCH_NAME" HEAD 2>/dev/null; then - log "Merging remote changes..." - git merge "$GITEA_REMOTE/$BRANCH_NAME" --no-edit || { - warn "Merge conflict detected, attempting auto-resolve..." - # 自动解决:ours 优先(保留本地记忆) - git checkout --ours memories/ skills/ 2>/dev/null || true - git add memories/ skills/ - git commit -m "Auto-resolved merge conflict at $(date)" - } - else - log "Already up to date" - fi - fi - - # 如果本地分支不存在,基于远程创建 - if ! git rev-parse "$BRANCH_NAME" >/dev/null 2>&1; then - if git rev-parse "$GITEA_REMOTE/$BRANCH_NAME" >/dev/null 2>&1; then - git checkout -b "$BRANCH_NAME" "$GITEA_REMOTE/$BRANCH_NAME" - fi - fi - - # 复制到 hermes 目录 - rsync -a --delete "$SYNC_DIR/memories/" "$HERMES_HOME/memories/" 2>/dev/null || { - mkdir -p "$HERMES_HOME/memories/" - cp -r "$SYNC_DIR/memories/"* "$HERMES_HOME/memories/" 2>/dev/null || true - } - - # 技能目录用 rsync 合并(不删除本地独有的) - rsync -a --delete "$SYNC_DIR/skills/" "$HERMES_HOME/skills/" 2>/dev/null || { - cp -r "$SYNC_DIR/skills/"* "$HERMES_HOME/skills/" 2>/dev/null || true - } - - log "Pull complete. Memories and skills updated." -} - -# 推送本地更改到远程 -push_changes() { - log "Pushing local changes to remote..." - cd "$SYNC_DIR" - - # 确保分支存在 - if ! git rev-parse "$BRANCH_NAME" >/dev/null 2>&1; then - git checkout -b "$BRANCH_NAME" - fi - - # 复制 hermes 内容到同步目录 - mkdir -p "$SYNC_DIR/memories" "$SYNC_DIR/skills" - rsync -a "$HERMES_HOME/memories/" "$SYNC_DIR/memories/" 2>/dev/null || true - rsync -a "$HERMES_HOME/skills/" "$SYNC_DIR/skills/" 2>/dev/null || true - - # 检查是否有更改 - if git diff --quiet && git diff --cached --quiet; then - log "No changes to push" - return 0 - fi - +case "$1" in + push) + cp /root/.hermes/memories/MEMORY.md memories/ 2>/dev/null || true + cp -r /root/.hermes/skills/github skills/github 2>/dev/null || true git add -A - git commit -m "$COMMIT_MSG" - git push "$GITEA_REMOTE" "$BRANCH_NAME" --force || { - error "Push failed! Check credentials and network." - return 1 - } - - log "Push complete. Your changes are now synced." -} - -# 双向同步 -sync_bidirectional() { - log "Starting bidirectional sync..." - pull_changes - push_changes -} - -# 查看状态 -show_status() { - cd "$SYNC_DIR" - echo "=== Hermes Sync Status ===" - echo "Branch: $BRANCH_NAME" - echo "" - echo "Local changes:" - git status -s 2>/dev/null || echo " (clean)" - echo "" - echo "Remote changes:" - git fetch "$GITEA_REMOTE" 2>/dev/null - if git rev-parse "$GITEA_REMOTE/$BRANCH_NAME" >/dev/null 2>&1; then - BEHIND=$(git rev-list --count "$BRANCH_NAME..$GITEA_REMOTE/$BRANCH_NAME" 2>/dev/null || echo "?") - AHEAD=$(git rev-list --count "$GITEA_REMOTE/$BRANCH_NAME..$BRANCH_NAME" 2>/dev/null || echo "?") - echo " Behind remote: $BEHIND commits" - echo " Ahead of remote: $AHEAD commits" - else - echo " No remote branch yet" - fi - echo "" - echo "Last sync:" - git log -1 --format="%cr (%s)" 2>/dev/null || echo " Never committed" -} - -# 主逻辑 -case "${1:-status}" in - pull) - pull_changes - ;; - push) - push_changes - ;; - sync|bidirectional) - sync_bidirectional - ;; - status) - show_status - ;; - *) - echo "Usage: $0 {pull|push|sync|status}" - echo " pull - Pull from remote to local" - echo " push - Push local to remote" - echo " sync - Pull then push (bidirectional)" - echo " status - Show sync status" - exit 1 - ;; + git commit -m "Sync $(date '+%Y-%m-%d %H:%M')" || true + git push origin main || true + ;; + pull) + git fetch origin + git checkout HEAD -- memories/ skills/ 2>/dev/null || true + cp memories/MEMORY.md /root/.hermes/memories/ 2>/dev/null || true + cp -r skills/github /root/.hermes/skills/ 2>/dev/null || true + ;; + *) + echo "Usage: $0 {push|pull}" + ;; esac