Skip to content

fix: update stale skill-validator references to skill-and-tool-validator#352

Merged
potiuk merged 1 commit into
apache:mainfrom
MD-Mushfiqur123:main
May 28, 2026
Merged

fix: update stale skill-validator references to skill-and-tool-validator#352
potiuk merged 1 commit into
apache:mainfrom
MD-Mushfiqur123:main

Conversation

@MD-Mushfiqur123

Copy link
Copy Markdown
Contributor

Resolves #351

Updates stale skill-validator / skill-validate references to the renamed skill-and-tool-validator / skill-and-tool-validate across docs and spec files.

@justinmclean

Copy link
Copy Markdown
Member

Hi @MD-Mushfiqur123, thanks for taking the time to work on this. For future issues, please leave a comment on the issue first so it can be assigned to you. That helps avoid multiple people working on the same issue at the same time.

This particular issue has already been addressed, so we won’t be able to use this PR, but there are other open issues you’re very welcome to pick up.

@potiuk

potiuk commented May 28, 2026

Copy link
Copy Markdown
Member

Hi @MD-Mushfiqur123, thanks for taking the time to work on this. For future issues, please leave a comment on the issue first so it can be assigned to you. That helps avoid multiple people working on the same issue at the same time.

This particular issue has already been addressed, so we won’t be able to use this PR, but there are other open issues you’re very welcome to pick up.

Hmm. I think it's not solved yet ? There was #354 solving the same issue :) but this one was earlier

@potiuk potiuk left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — clean rename sweep across 9 files covering the spec-loop AGENTS doc,
seven tools/spec-loop/specs/*.md, and one eval fixture. The
tools/spec-loop/specs/meta-and-quality-tooling.md change goes a small step
further than a mechanical rename — it widens the validator's described scope
from just "SKILL.md frontmatter" to "SKILL.md frontmatter and tool
definitions", which matches what the renamed validator actually does after
#340 added validate_tools(). Thanks for catching that nuance.

Welcome and thanks for the contribution — your first one in the repo.


This review was drafted by an AI-assisted tool and confirmed by an Apache Steward
maintainer. The maintainer approving this PR has read the findings and signed off.
If something feels off, please reply on the PR and a maintainer will follow up.

More on how Apache Steward handles maintainer review:
CONTRIBUTING.md.

@potiuk potiuk merged commit b62a159 into apache:main May 28, 2026
15 checks passed
@potiuk potiuk mentioned this pull request May 28, 2026
15 tasks
@MD-Mushfiqur123

Copy link
Copy Markdown
Contributor Author

Friendly ping — this PR has been approved and is ready to merge. Could you take a look?

potiuk added a commit that referenced this pull request May 30, 2026
…erns from session manual cleanups (#402)

Per direct observations from the airflow-s 2026-05-29/30 bulk sync —
two recurring title-noise patterns were cleaned manually that the
existing cascade did not catch:

1. Trailing prior-CVE-relationship parentheticals — the cross-CVE
   relationship is structurally captured by the Gate #3 cross-CVE
   clause in the public summary; embedding the relationship in the
   title is noise to downstream advisory consumers. Catches every
   shape observed in this session:
   - `(CVE-YYYY-NNNNN)`
   - `(possible CVE-YYYY-NNNNN variant)` — from #345
   - `(incomplete fix for CVE-YYYY-NNNNN)` — from #351
   - `(fix-bypass of CVE-YYYY-NNNNN)` — from #352
   - and any other `(... CVE-YYYY-NNNNN ...)` shape

2. Trailing reporter-name attribution parentheticals — reporter
   attribution lives in the credits field, never in the public
   title. Pattern matches `(<name> follow-up)` where `<name>`
   matches name-like tokens (word chars, dots, hyphens, single
   inline spaces) to avoid over-stripping substantive technical
   content. Catches:
   - `(Evan Ricafort follow-up)` — from #346

Substantive technical parentheticals stay intact — e.g. the operator-
name list `(GCSToSFTPOperator + GCSTimeSpanFileTransformOperator)` on
the GCS path-traversal tracker is NOT stripped (it lacks a CVE ID
and doesn't end in `follow-up`).

The matching Step 1d signal row in security-issue-sync now enumerates
the two new patterns so the proposal-time detector and the pre-push
Gate #4 stay in lock-step with the cascade.

Validated against 9 cases: 4 session-derived fixes (all pass), 3
synthetic CVE-relationship variants (all pass), 1 substantive
technical parenthetical (preserved correctly), 1 "<word> follow-up"
edge case (stripped as designed — narrow scope acceptable since
"follow-up" titles in airflow-s are exclusively reporter-attribution).

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Update stale skill-validator / skill-validate references to the renamed skill-and-tool-validator

3 participants