fix: update stale skill-validator references to skill-and-tool-validator#352
Conversation
|
Hi @MD-Mushfiqur123, thanks for taking the time to work on this. For future issues, please leave a comment on the issue first so it can be assigned to you. That helps avoid multiple people working on the same issue at the same time. This particular issue has already been addressed, so we won’t be able to use this PR, but there are other open issues you’re very welcome to pick up. |
Hmm. I think it's not solved yet ? There was #354 solving the same issue :) but this one was earlier |
potiuk
left a comment
There was a problem hiding this comment.
LGTM — clean rename sweep across 9 files covering the spec-loop AGENTS doc,
seven tools/spec-loop/specs/*.md, and one eval fixture. The
tools/spec-loop/specs/meta-and-quality-tooling.md change goes a small step
further than a mechanical rename — it widens the validator's described scope
from just "SKILL.md frontmatter" to "SKILL.md frontmatter and tool
definitions", which matches what the renamed validator actually does after
#340 added validate_tools(). Thanks for catching that nuance.
Welcome and thanks for the contribution — your first one in the repo.
This review was drafted by an AI-assisted tool and confirmed by an Apache Steward
maintainer. The maintainer approving this PR has read the findings and signed off.
If something feels off, please reply on the PR and a maintainer will follow up.More on how Apache Steward handles maintainer review:
CONTRIBUTING.md.
|
Friendly ping — this PR has been approved and is ready to merge. Could you take a look? |
…erns from session manual cleanups (#402) Per direct observations from the airflow-s 2026-05-29/30 bulk sync — two recurring title-noise patterns were cleaned manually that the existing cascade did not catch: 1. Trailing prior-CVE-relationship parentheticals — the cross-CVE relationship is structurally captured by the Gate #3 cross-CVE clause in the public summary; embedding the relationship in the title is noise to downstream advisory consumers. Catches every shape observed in this session: - `(CVE-YYYY-NNNNN)` - `(possible CVE-YYYY-NNNNN variant)` — from #345 - `(incomplete fix for CVE-YYYY-NNNNN)` — from #351 - `(fix-bypass of CVE-YYYY-NNNNN)` — from #352 - and any other `(... CVE-YYYY-NNNNN ...)` shape 2. Trailing reporter-name attribution parentheticals — reporter attribution lives in the credits field, never in the public title. Pattern matches `(<name> follow-up)` where `<name>` matches name-like tokens (word chars, dots, hyphens, single inline spaces) to avoid over-stripping substantive technical content. Catches: - `(Evan Ricafort follow-up)` — from #346 Substantive technical parentheticals stay intact — e.g. the operator- name list `(GCSToSFTPOperator + GCSTimeSpanFileTransformOperator)` on the GCS path-traversal tracker is NOT stripped (it lacks a CVE ID and doesn't end in `follow-up`). The matching Step 1d signal row in security-issue-sync now enumerates the two new patterns so the proposal-time detector and the pre-push Gate #4 stay in lock-step with the cascade. Validated against 9 cases: 4 session-derived fixes (all pass), 3 synthetic CVE-relationship variants (all pass), 1 substantive technical parenthetical (preserved correctly), 1 "<word> follow-up" edge case (stripped as designed — narrow scope acceptable since "follow-up" titles in airflow-s are exclusively reporter-attribution). Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Resolves #351
Updates stale
skill-validator/skill-validatereferences to the renamedskill-and-tool-validator/skill-and-tool-validateacross docs and spec files.