Skip to content

feat(skills): hook every framework skill into override-consultation protocol#39

Merged
potiuk merged 1 commit into
apache:mainfrom
potiuk:feat/skills-override-consultation-hook
May 3, 2026
Merged

feat(skills): hook every framework skill into override-consultation protocol#39
potiuk merged 1 commit into
apache:mainfrom
potiuk:feat/skills-override-consultation-hook

Conversation

@potiuk

@potiuk potiuk commented May 3, 2026

Copy link
Copy Markdown
Member

Summary

Wire every existing framework skill into the agentic-override protocol that landed in #38. Each of the 15 framework skills (excluding setup-steward itself) now carries an ## Adopter overrides section that opts the skill into the run-time consultation pattern.

What changed in each skill

A standard block was inserted right before the first ## section (after the detail-files table where present, before ## Golden rules / ## Inputs / ## Prerequisites):

## Adopter overrides

Before running the default behaviour documented below, this
skill consults
[`.apache-steward-overrides/<skill-name>.md`](../../../docs/setup/agentic-overrides.md)
in the adopter repo if it exists, and applies any
agent-readable overrides it finds. See
[`docs/setup/agentic-overrides.md`](../../../docs/setup/agentic-overrides.md)
for the contract — what overrides may contain, hard rules,
the reconciliation flow on framework upgrade, upstreaming
guidance.

**Hard rule**: agents NEVER modify the snapshot under
`<adopter-repo>/.apache-steward/`. Local modifications go in
the override file. Framework changes go via PR to
`apache/airflow-steward`.

The bracketed link target carries the specific skill's name (e.g. pr-management-triage.md for the pr-management-triage skill), so adopter overrides land in the right file by convention.

Skills updated (15)

Setup family Security family PR-management family
setup-isolated-setup-install security-issue-import pr-management-code-review
setup-isolated-setup-update security-issue-import-from-md pr-management-stats
setup-isolated-setup-verify security-issue-import-from-pr pr-management-triage
setup-shared-config-sync security-issue-invalidate
security-issue-sync
security-cve-allocate
security-issue-deduplicate
security-issue-fix

Not updated: setup-steward — it is the bootstrap that manages the override mechanism. Overriding it would create a chicken-and-egg loop.

Test plan

  • All prek run --all-files hooks pass (markdownlint, typos, doctoc, check-placeholders)
  • Every framework skill except setup-steward has the ## Adopter overrides section (visual grep)
  • Each section's link target carries the correct per-skill filename
  • Reviewer eyeballs the wording for tone consistency across all 15 skills
  • CI link-check (lychee) passes

Out of scope

  • Framework-skill content actually applying override files at run-time. The framework's skills are agentic markdown; the hook is a documented convention, not a runtime injector. The contract is: a skill that has the ## Adopter overrides section commits to consulting the file. Future tooling (e.g. a sentinel pre-flight check or a hooks-from-skills mechanism) can enforce mechanically; for now, the convention is binding via the published contract.
  • The apache/airflow re-adoption using the new mechanism (PR-C) — separate PR after this lands.

🤖 Generated with Claude Code

…rotocol

Each of the 15 framework skills (excluding setup-steward, the
bootstrap that is itself the override-management mechanism)
now declares an `## Adopter overrides` section that pins the
skill into the agentic-overrides protocol documented in
docs/setup/agentic-overrides.md.

The standard block in every skill:

  ## Adopter overrides

  Before running the default behaviour documented below, this
  skill consults
  [`.apache-steward-overrides/<skill-name>.md`](../../../docs/setup/agentic-overrides.md)
  in the adopter repo if it exists, and applies any
  agent-readable overrides it finds. See
  [`docs/setup/agentic-overrides.md`](../../../docs/setup/agentic-overrides.md)
  for the contract — what overrides may contain, hard rules,
  the reconciliation flow on framework upgrade, upstreaming
  guidance.

  **Hard rule**: agents NEVER modify the snapshot under
  `<adopter-repo>/.apache-steward/`. Local modifications go in
  the override file. Framework changes go via PR to
  `apache/airflow-steward`.

Skills updated (15):

  setup-isolated-setup-install         security-issue-import
  setup-isolated-setup-update          security-issue-import-from-md
  setup-isolated-setup-verify          security-issue-import-from-pr
  setup-shared-config-sync             security-issue-invalidate
                                        security-issue-sync
  pr-management-code-review            security-cve-allocate
  pr-management-stats                  security-issue-deduplicate
  pr-management-triage                 security-issue-fix

Skill not updated:

  setup-steward — the bootstrap skill is itself the
  override-management mechanism. Overriding it would create
  a chicken-and-egg.

Per-skill substitution: the bracketed link target carries the
specific skill name (e.g. `pr-management-triage.md` for the
pr-management-triage skill), so adopter overrides land in the
right file by convention.

Insertion site is the line immediately before the first `##`
section in each SKILL.md — after the detail-files table where
present, before any `## Golden rules` / `## Inputs` /
`## Prerequisites` section. doctoc TOCs regenerated.

Generated-by: Claude Code (Claude Opus 4.7)
@potiuk potiuk merged commit 84852ca into apache:main May 3, 2026
7 checks passed
potiuk added a commit that referenced this pull request May 4, 2026
…ft detection (#40)

Rewrite setup-steward to support three install methods, split
the lock file into committed (project pin) and local
(per-machine fetch), and drive every framework-skill invocation
through a drift check that compares the two locks.

Three install methods (copy-pasteable recipes in
docs/setup/install-recipes.md)

- svn-zip: signed zip from ASF dist
  (`https://dist.apache.org/repos/dist/release/<project>/`),
  the canonical ASF release distribution path. Verified via
  SHA-512 + OpenPGP. Recommended for production once the
  framework ships official releases.
- git-tag: pinned to a specific git tag — frozen by tag.
- git-branch: tracks a branch tip (default: main) — the WIP
  path during pre-release.

Each recipe is a single shell block: adds the right gitignore
entries, downloads + verifies + extracts, copies the
setup-steward skill into the adopter's skills dir (matching the
flat or double-symlinked convention), and tells the user to
follow /setup-steward from there.

Lock-file split

- .apache-steward.lock (committed) — the project's pin: method,
  url, ref, plus a verification anchor (commit SHA for tag,
  sha512 for zip). Edited only by /setup-steward; bumping it is
  a deliberate project-level commit.
- .apache-steward.local.lock (gitignored) — what THIS machine
  actually fetched: source_method, source_url, source_ref,
  fetched_commit, fetched_at. Per-developer, per-checkout.

Drift detection

Every framework skill (and /setup-steward verify) compares the
local lock to the committed lock at the top of its run. On
mismatch:

- Method or URL differ → ✗ full re-install
- Ref differs (project bumped tag, or git-branch local is
  behind upstream) → ⚠ sync
- svn-zip SHA-512 differs from the committed anchor → ✗
  security-flagged; investigate before upgrading

The proposal is always /setup-steward upgrade. On user OK,
upgrade:

1. Deletes the gitignored snapshot outright.
2. Re-installs per the committed lock.
3. Refreshes gitignored framework-skill symlinks (adds new
   skills, removes renamed-away ones).
4. Reconciles agentic overrides against the new framework
   structure (surfaces conflicts; never auto-rewrites).
5. Updates the local lock.

Changes

- Rewrite setup-steward/SKILL.md, adopt.md, upgrade.md,
  verify.md to express the new model.
- New: docs/setup/install-recipes.md with the three
  copy-pasteable recipes + explanatory framing.
- README's Adopting the framework section split into
  Bootstrap (shell) + Skill takeover + Subsequent
  contributors + Drift detection.

Out of scope (follow-up): wire the drift check into each
framework skill's pre-flight section (alongside the
override-consultation hook from #39). 15 skills to touch;
mechanical, deferred to keep this PR focused on the
mechanism.

Generated-by: Claude Code (Claude Opus 4.7)
potiuk added a commit that referenced this pull request May 4, 2026
#41)

Mirror of #39's override-consultation hook for the new
drift-detection mechanism that landed in #40. Every framework
skill (excluding setup-steward, which IS the drift mechanism)
now declares a `## Snapshot drift` section right after its
`## Adopter overrides` section.

The standard block in every skill:

  ## Snapshot drift

  Also at the top of every run, this skill compares the
  gitignored `.apache-steward.local.lock` (per-machine
  fetch) against the committed `.apache-steward.lock` (the
  project pin). On mismatch the skill surfaces the gap and
  proposes [`/setup-steward upgrade`]. The proposal is
  non-blocking — the user may defer if they want to run with
  the local snapshot for now.

  Drift severity:
    - method or URL differ        → ✗ full re-install
    - ref differs                 → ⚠ sync needed
    - svn-zip SHA-512 mismatches  → ✗ security-flagged

15 skills updated:

  setup-isolated-setup-install         security-issue-import
  setup-isolated-setup-update          security-issue-import-from-md
  setup-isolated-setup-verify          security-issue-import-from-pr
  setup-shared-config-sync             security-issue-invalidate
                                        security-issue-sync
  pr-management-code-review            security-cve-allocate
  pr-management-stats                  security-issue-deduplicate
  pr-management-triage                 security-issue-fix

Skill not updated:

  setup-steward — IS the bootstrap + upgrade + verify +
  override-management skill; the drift check it would
  perform is the same one its `verify` sub-action exposes.

The hook is documented behaviour, not runtime injection. A
skill that has the `## Snapshot drift` section commits to
performing the check when invoked. Future tooling can enforce
mechanically; for now the convention is binding via the
published contract.

Generated-by: Claude Code (Claude Opus 4.7)
potiuk added a commit that referenced this pull request May 4, 2026
…to framework PR (#43)

New framework skill that walks an adopter through promoting a
local `.apache-steward-overrides/<skill>.md` file into a PR
against `apache/airflow-steward`. Closes the loop on the
override mechanism: overrides start out as adopter-local
modifications (per #38 + #39), and when one stops being
project-specific and starts looking like a missing feature,
this skill is the path to upstream it.

Walkthrough

Step 0 — Pre-flight (adopter has overrides + snapshot is
        current + framework clone available)
Step 1 — Pick the override (auto-pick when only one;
        prompt when multiple)
Step 2 — Read the override + the framework skill it modifies
Step 3 — Decide if upstreamable. Four buckets:
          - project-specific  → STOP (keep as override)
          - missing feature   → continue
          - better default    → continue
          - refactor a step   → continue
Step 4 — Design the framework-level abstraction. Four
        possible shapes (config knob / change default /
        new optional step / refactor existing step)
Step 5 — Implement in user's apache-steward clone, run
        framework pre-commit
Step 6 — Confirm + open PR (assistant proposes, user fires)
Step 7 — Surface post-merge cleanup pointer (after merge
        + /setup-steward upgrade, delete the override file)

Golden rules

1. Not every override should be upstreamed.
2. Write to the framework clone, never to the gitignored
   snapshot.
3. Assistant proposes, user fires (clone, branch, commit,
   push, PR — every state-changing action confirmed first).
4. Decouple PR open from override deletion (the cleanup
   happens AFTER the PR merges, not preemptively).

Includes the standard pre-flight blocks per the framework's
conventions:

- ## Adopter overrides — consults
  .apache-steward-overrides/setup-override-upstream.md
  (per #39).
- ## Snapshot drift — compares local lock vs committed
  lock (per #41), with a doubly-important note: the skill
  designs against the snapshot's framework code, so stale
  snapshot leads to wrong abstraction design.

Generated-by: Claude Code (Claude Opus 4.7)
@andreahlert andreahlert added the mode:platform Substrate / infra — not a mode (sandbox, CI, validators) label May 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

mode:platform Substrate / infra — not a mode (sandbox, CI, validators)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants