Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions .claude/skills/sync-security-issue/SKILL.md
Original file line number Diff line number Diff line change
Expand Up @@ -1297,6 +1297,27 @@ will change and *why*. Group them by category:
Re-read that file before composing the entry body — the
zero-extra-spacing rule is load-bearing and easy to miss.

**Standalone comments are reserved for release-manager
instructions only.** The rollup is the default surface for
every sync output — status changes, label rationale, milestone
moves, assignee swaps, reporter-draft notes, fix-PR links,
CVE-review-comment surfacing, legacy-fold entries, recap
pointers, blockers, *everything*. The **only** comment shapes
this skill posts as separate, first-class comments outside the
rollup are the two **release-manager-directed call-to-action**
comments documented further down in this Step 2b list: the
*Release-manager hand-off comment* (fired at the
`pr merged` → `fix released` transition, Step 12) and the
*Publication-ready notification comment* (fired at the
*Public advisory URL* update, Step 14). Both exist because they
tell the RM to *do something next* on a fresh, dated,
mention-bearing surface — the rollup's `<details>`-collapsed
entries are the wrong shape for an actionable nudge. If a
proposal does not fit one of those two shapes, it goes into the
rollup. When in doubt, default to the rollup; do not invent a
new standalone-comment shape because something "feels important
enough".

**Entry shape for a sync pass.** Inside the rollup's
`<details>` block, emit:

Expand Down
Loading