Add Claude Code maintainer workflow and reusable DB expertise templates#57
Open
renecannao wants to merge 11 commits intomasterfrom
Open
Add Claude Code maintainer workflow and reusable DB expertise templates#57renecannao wants to merge 11 commits intomasterfrom
renecannao wants to merge 11 commits intomasterfrom
Conversation
📝 WalkthroughWalkthroughAdds a repo-local Claude Code operating layer under Changes
Sequence Diagram(s)sequenceDiagram
participant Agent as Claude Agent
participant Hook as Stop Hook (stop-completion-gate.sh)
participant GitFS as Git / Workspace
participant Log as Verification Log (JSONL)
participant Decision as Completion Gate
Agent->>Hook: Stop event (session_id, last_assistant_message)
Hook->>Hook: return if stop_hook_active == true
Hook->>GitFS: determine changed files (CLAUDE_AGENT_CHANGED_FILES or git)
Hook->>Hook: classify changes (Claude, Go, Docs, etc.)
Hook->>Log: query verification log for session and commands
alt Missing verification or docs update
Hook->>Decision: emit block decision with reason (JSON)
Decision-->>Agent: deny completion
else All required verification present
Hook->>Hook: validate last_assistant_message contains required sections
alt missing sections
Hook->>Decision: emit block decision with reason (JSON)
Decision-->>Agent: deny completion
else
Hook->>Decision: allow completion (no output)
Decision-->>Agent: success
end
end
Estimated Code Review Effort🎯 5 (Critical) | ⏱️ ~120 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Code Review
This pull request introduces a specialized Claude Code operating layer for the dbdeployer project, including project-specific memory, rules, skills, and hooks to enforce verification and documentation standards. The review feedback highlights several opportunities to improve the robustness of the shell-based hooks, specifically regarding whitespace normalization in command matching and the handling of special characters in filenames during git operations. Additionally, there is a concern that the fallback logic for identifying changed files might bypass gates if changes have already been committed.
| set -euo pipefail | ||
|
|
||
| input="$(cat)" | ||
| command="$(printf '%s' "$input" | jq -r '.tool_input.command // ""')" |
There was a problem hiding this comment.
The command string should be trimmed of leading and trailing whitespace before pattern matching. An agent might accidentally include a leading space (e.g., git reset --hard), which would bypass the block as currently implemented.
Suggested change
| command="$(printf '%s' "$input" | jq -r '.tool_input.command // ""')" | |
| command="$(printf '%s' "$input" | jq -r '.tool_input.command // ""' | sed -E 's/^[[:space:]]+//; s/[[:space:]]+$//')" |
| command="$(printf '%s' "$input" | jq -r '.tool_input.command // ""')" | ||
| project_dir="${CLAUDE_PROJECT_DIR:-$cwd}" | ||
| log_path="${CLAUDE_AGENT_VERIFICATION_LOG:-$project_dir/.claude/state/verification-log.jsonl}" | ||
| trimmed_command="$(printf '%s' "$command" | sed -E 's/^[[:space:]]+//; s/[[:space:]]+$//')" |
There was a problem hiding this comment.
In addition to trimming leading and trailing whitespace, it is safer to normalize internal whitespace sequences to a single space. This ensures that commands like go test ./... (with multiple spaces) are correctly matched by the case statement.
Suggested change
| trimmed_command="$(printf '%s' "$command" | sed -E 's/^[[:space:]]+//; s/[[:space:]]+$//')" | |
| trimmed_command="$(printf '%s' "$command" | sed -E 's/[[:space:]]+/ /g; s/^ //; s/ $//')" |
| else | ||
| while IFS= read -r file; do | ||
| classify_changed_file "$file" | ||
| done < <(git -C "$project_dir" diff --name-only -M HEAD --) |
There was a problem hiding this comment.
Using git diff without the -z flag and reading it with a standard while read loop is fragile if filenames contain special characters like newlines. For robustness and consistency with the ls-files call on line 76, use the -z flag and a null-delimited read loop.
Suggested change
| done < <(git -C "$project_dir" diff --name-only -M HEAD --) | |
| while IFS= read -r -d '' file; do | |
| classify_changed_file "$file" | |
| done < <(git -C "$project_dir" diff --name-only -z -M HEAD --) |
| else | ||
| while IFS= read -r file; do | ||
| classify_changed_file "$file" | ||
| done < <(git -C "$project_dir" diff --name-only -M HEAD --) |
There was a problem hiding this comment.
The fallback logic using git diff --name-only HEAD only identifies uncommitted changes. If the agent has already committed its work during the session, this check will return an empty list, effectively bypassing the verification and documentation gates. While CLAUDE_AGENT_CHANGED_FILES is checked first, the fallback should ideally account for committed changes in the current branch if possible.
There was a problem hiding this comment.
Pull request overview
This PR adds a repo-local Claude Code “maintainer workflow” layer for dbdeployer (rules/skills/hooks + smoke tests), plus an installable, reusable db-core-expertise skills package with DB-domain reference templates and verification guidance.
Changes:
- Add
.claude/project assets (rules, skills, hook scripts, settings) to enforce verification and completion discipline. - Add fixture-backed smoke tests (
test/claude-agent-tests.sh) validating hooks/settings and the required completion sections. - Add reusable
tools/claude-skills/db-core-expertisetemplates + installer script + maintainer docs/spec/plan.
Reviewed changes
Copilot reviewed 30 out of 31 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/claude-skills/db-core-expertise/verification-playbook.md | Adds reusable verification heuristics and check mapping. |
| tools/claude-skills/db-core-expertise/SKILL.md | Defines the reusable db-core-expertise skill entrypoint and output format. |
| tools/claude-skills/db-core-expertise/scripts/smoke-test.sh | Adds a structural smoke test for the reusable skill package. |
| tools/claude-skills/db-core-expertise/proxysql.md | Adds ProxySQL-focused operational notes and validation commands. |
| tools/claude-skills/db-core-expertise/postgresql.md | Adds PostgreSQL packaging/runtime edge cases and validation commands. |
| tools/claude-skills/db-core-expertise/mysql.md | Adds MySQL version/packaging notes and validation commands. |
| tools/claude-skills/db-core-expertise/docs-style.md | Adds documentation style guidance for maintainers. |
| test/claude-agent/fixtures/stop-sections-missing.json | Fixture for Stop hook blocking when required completion sections are missing. |
| test/claude-agent/fixtures/stop-sections-complete.json | Fixture for Stop hook allowing completion when sections are present. |
| test/claude-agent/fixtures/pretool-git-status.json | Fixture for allowing safe git commands in PreToolUse hook. |
| test/claude-agent/fixtures/pretool-git-reset-hard.json | Fixture for blocking destructive git commands in PreToolUse hook. |
| test/claude-agent/fixtures/posttool-go-test.json | Fixture for recording verification commands in PostToolUse hook. |
| test/claude-agent/fixtures/posttool-echo.json | Fixture ensuring non-verification commands are not recorded. |
| test/claude-agent-tests.sh | Adds repo-local smoke tests asserting .claude/ assets, hook behavior, and installer/template presence. |
| scripts/install_claude_db_skills.sh | Adds installer to copy reusable skill templates into ~/.claude/skills/. |
| docs/superpowers/specs/2026-03-31-dbdeployer-specialized-agent-design.md | Design spec documenting the two-layer Claude workflow architecture. |
| docs/superpowers/plans/2026-03-31-dbdeployer-specialized-agent-implementation.md | Implementation plan detailing steps/files/tests for the workflow. |
| docs/coding/claude-code-agent.md | Maintainer documentation for using and validating the Claude workflow. |
| CONTRIBUTING.md | Links contributors to the Claude workflow guide. |
| .gitignore | Ignores local Claude state and local-only settings. |
| .claude/skills/verification-matrix/SKILL.md | Adds verification matrix skill mapping surfaces to checks. |
| .claude/skills/docs-reference-sync/SKILL.md | Adds docs-sync workflow skill and output format. |
| .claude/skills/dbdeployer-maintainer/SKILL.md | Adds primary maintainer workflow skill and required final sections. |
| .claude/skills/db-correctness-review/SKILL.md | Adds adversarial DB correctness review skill checklist/output format. |
| .claude/settings.json | Registers Claude hooks for PreToolUse/PostToolUse/Stop. |
| .claude/rules/testing-and-completion.md | Defines verification-sensitive paths, required checks, and completion language. |
| .claude/rules/provider-surfaces.md | Adds provider-sensitive guidance scoped to key paths. |
| .claude/hooks/stop-completion-gate.sh | Adds Stop hook gate enforcing verification + docs update + final sections. |
| .claude/hooks/record-verification-command.sh | Adds PostToolUse hook to log verification commands. |
| .claude/hooks/block-destructive-commands.sh | Adds PreToolUse hook to block destructive git commands. |
| .claude/CLAUDE.md | Adds repo-local Claude project memory and completion contract. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+26
to
+30
| if [[ "$file" =~ ^(\.claude/|test/claude-agent/) ]]; then | ||
| requires_claude_verification=1 | ||
| elif [[ "$file" =~ ^(common/|cmd/|ops/|providers/|sandbox/|test/|\.github/workflows/) ]]; then | ||
| requires_go_verification=1 | ||
| fi |
There was a problem hiding this comment.
classify_changed_file treats test/claude-agent-tests.sh as a generic test/ change (Go verification) instead of a Claude-agent surface. That means editing only the Claude smoke test would require go test/go-unit-tests.sh and would not require ./test/claude-agent-tests.sh, which is inconsistent with .claude/skills/verification-matrix and the intent of this gate. Update the classification so test/claude-agent-tests.sh (and any other Claude-agent harness files) set requires_claude_verification=1.
Comment on lines
+89
to
+90
| if [[ "$requires_go_verification" -eq 1 ]] && ! has_logged_command "go test ./..." && ! has_logged_command "./test/go-unit-tests.sh"; then | ||
| missing_verification+=("go test ./... or ./test/go-unit-tests.sh") |
There was a problem hiding this comment.
The Go verification gate currently passes if either go test ./... or ./test/go-unit-tests.sh was logged. However, .claude/rules/testing-and-completion.md states Go code changes must be checked with both commands. Either tighten the gate to require both (when requires_go_verification=1) or relax/update the rule so policy and enforcement are consistent.
Suggested change
| if [[ "$requires_go_verification" -eq 1 ]] && ! has_logged_command "go test ./..." && ! has_logged_command "./test/go-unit-tests.sh"; then | |
| missing_verification+=("go test ./... or ./test/go-unit-tests.sh") | |
| if [[ "$requires_go_verification" -eq 1 ]]; then | |
| if ! has_logged_command "go test ./..."; then | |
| missing_verification+=("go test ./...") | |
| fi | |
| if ! has_logged_command "./test/go-unit-tests.sh"; then | |
| missing_verification+=("./test/go-unit-tests.sh") | |
| fi |
Comment on lines
+4
to
+27
| input="$(cat)" | ||
| session_id="$(printf '%s' "$input" | jq -r '.session_id')" | ||
| cwd="$(printf '%s' "$input" | jq -r '.cwd')" | ||
| command="$(printf '%s' "$input" | jq -r '.tool_input.command // ""')" | ||
| project_dir="${CLAUDE_PROJECT_DIR:-$cwd}" | ||
| log_path="${CLAUDE_AGENT_VERIFICATION_LOG:-$project_dir/.claude/state/verification-log.jsonl}" | ||
| trimmed_command="$(printf '%s' "$command" | sed -E 's/^[[:space:]]+//; s/[[:space:]]+$//')" | ||
|
|
||
| case "$trimmed_command" in | ||
| "go test ./..."|"go test ./... "*|\ | ||
| "./test/go-unit-tests.sh"|"./test/go-unit-tests.sh "*|\ | ||
| "./test/claude-agent-tests.sh"|"./test/claude-agent-tests.sh "*|\ | ||
| "./test/functional-test.sh"|"./test/functional-test.sh "*|\ | ||
| "./test/docker-test.sh"|"./test/docker-test.sh "*|\ | ||
| "./test/proxysql-integration-tests.sh"|"./test/proxysql-integration-tests.sh "*|\ | ||
| "./scripts/build.sh"|"./scripts/build.sh "*) | ||
| mkdir -p "$(dirname "$log_path")" | ||
| jq -cn \ | ||
| --arg session_id "$session_id" \ | ||
| --arg cwd "$cwd" \ | ||
| --arg command "$command" \ | ||
| --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \ | ||
| '{session_id: $session_id, cwd: $cwd, command: $command, timestamp: $timestamp}' >> "$log_path" | ||
| ;; |
There was a problem hiding this comment.
This hook records verification commands purely based on the command string, without checking whether the command succeeded. As a result, a failed go test ./... run would still be logged and could satisfy the Stop completion gate. If the PostToolUse payload provides an exit status / error flag, use it to only log successful runs (or otherwise rename the behavior/docs to avoid claiming “successful verification”).
Comment on lines
+47
to
+66
| require_file .claude/CLAUDE.md | ||
| require_file .claude/rules/testing-and-completion.md | ||
| require_file .claude/rules/provider-surfaces.md | ||
| require_file .claude/skills/dbdeployer-maintainer/SKILL.md | ||
| require_file .claude/skills/db-correctness-review/SKILL.md | ||
| require_file .claude/skills/verification-matrix/SKILL.md | ||
| require_file .claude/skills/docs-reference-sync/SKILL.md | ||
| require_file .claude/settings.json | ||
| require_file .claude/hooks/block-destructive-commands.sh | ||
| require_file .claude/hooks/record-verification-command.sh | ||
| require_file .claude/hooks/stop-completion-gate.sh | ||
| require_file docs/coding/claude-code-agent.md | ||
| require_file tools/claude-skills/db-core-expertise/SKILL.md | ||
| require_file tools/claude-skills/db-core-expertise/mysql.md | ||
| require_file tools/claude-skills/db-core-expertise/postgresql.md | ||
| require_file tools/claude-skills/db-core-expertise/proxysql.md | ||
| require_file tools/claude-skills/db-core-expertise/verification-playbook.md | ||
| require_file tools/claude-skills/db-core-expertise/docs-style.md | ||
| require_file tools/claude-skills/db-core-expertise/scripts/smoke-test.sh | ||
| require_file scripts/install_claude_db_skills.sh |
There was a problem hiding this comment.
test/claude-agent-tests.sh computes ROOT=... but then checks many files using relative paths (e.g. require_file .claude/CLAUDE.md) while later invoking hooks via $ROOT/.... This makes the test sensitive to the caller’s working directory and is inconsistent within the script itself. Consider cd "$ROOT" near the top (or consistently prefix paths with $ROOT/) so the test runs reliably from any directory/CI context.
There was a problem hiding this comment.
Actionable comments posted: 15
🧹 Nitpick comments (3)
tools/claude-skills/db-core-expertise/verification-playbook.md (1)
8-10: Consider naming concrete workflow job IDs.This section is clearer and less drift-prone if it points to actual job keys (for example,
sandbox-test,postgresql-test,proxysql-test,proxysql-postgresql) instead of only workflow filenames.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tools/claude-skills/db-core-expertise/verification-playbook.md` around lines 8 - 10, Update the workflow references to include the concrete job IDs rather than just filenames: replace "MySQL deployment => `.github/workflows/integration_tests.yml`" with the workflow file plus the actual job key (e.g., `sandbox-test`), replace "PostgreSQL provider => the PostgreSQL job in `.github/workflows/integration_tests.yml`" with the job key `postgresql-test`, and replace "ProxySQL => `.github/workflows/proxysql_integration_tests.yml`" with the specific job keys like `proxysql-test` or `proxysql-postgresql`; ensure each bullet lists both the workflow filename and the exact job ID (sandbox-test, postgresql-test, proxysql-test, proxysql-postgresql) so readers can locate the concrete job definitions (look for these job keys in the YAML to verify names).scripts/install_claude_db_skills.sh (1)
8-12: Install into a temp dir before replacing the current bundle.This deletes the existing
~/.claude/skills/db-core-expertisebefore the new copy succeeds, so a failedcporchmodleaves the user with nothing installed.Safer swap-in pattern
mkdir -p "$(dirname "$DEST")" -rm -rf "$DEST" -mkdir -p "$DEST" -cp -R "$SRC"/. "$DEST"/ -chmod +x "$DEST/scripts/smoke-test.sh" +tmp_dest="$(mktemp -d "$(dirname "$DEST")/db-core-expertise.XXXXXX")" +trap 'rm -rf "$tmp_dest"' EXIT +cp -R "$SRC"/. "$tmp_dest"/ +chmod +x "$tmp_dest/scripts/smoke-test.sh" +rm -rf "$DEST" +mv "$tmp_dest" "$DEST" +trap - EXIT🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@scripts/install_claude_db_skills.sh` around lines 8 - 12, The script currently deletes DEST then copies, which risks leaving nothing on failure; change to copy into a temporary directory (e.g., TMP="$(mktemp -d")"), create TMP/$(basename "$DEST") or TMP_DIR, cp -R "$SRC"/. "$TMP_DIR"/, run chmod +x on "$TMP_DIR/scripts/smoke-test.sh", and only after successful copy and chmod, atomically replace the real location with mv "$TMP_DIR" "$DEST" (optionally keep a backup or use mv to a swap name then rename), ensuring you never rm -rf "$DEST" before the new bundle is ready; reference the existing DEST and SRC variables and the smoke-test.sh path when implementing.test/claude-agent-tests.sh (1)
66-66: Exercise the installer in this smoke test.The suite proves the bundle is structurally complete, but it never runs
scripts/install_claude_db_skills.shor the installed copy. That leaves the new installer path and itschmodbehavior unguarded in CI.Temp-HOME installer smoke test
require_file scripts/install_claude_db_skills.sh @@ -bash "$ROOT/tools/claude-skills/db-core-expertise/scripts/smoke-test.sh" +installer_home="$TMPDIR/installer-home" +mkdir -p "$installer_home" +HOME="$installer_home" "$ROOT/scripts/install_claude_db_skills.sh" +bash "$ROOT/tools/claude-skills/db-core-expertise/scripts/smoke-test.sh" +"$installer_home/.claude/skills/db-core-expertise/scripts/smoke-test.sh"Also applies to: 254-256
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@test/claude-agent-tests.sh` at line 66, The test doesn't actually run the installer so add steps in claude-agent-tests.sh to execute the installer referenced by require_file (install_claude_db_skills.sh) and then run the installed copy to exercise its chmod behavior; specifically, after requiring the script, invoke it (with a temporary HOME or TMPDIR to exercise permission/installation paths), assert it exits 0, and then execute the installed binary/path the installer creates and assert that also exits 0 so the installer and installed artifact are covered (also apply the same change near the other occurrences flagged around lines 254-256).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.claude/hooks/block-destructive-commands.sh:
- Around line 1-2: Add the required copyright header as the first lines of the
script before the shebang (#!/usr/bin/env bash) so the CI copyright sanity check
passes; insert the organization's standard copyright/license block above the
existing shebang and keep the existing "set -euo pipefail" line intact.
- Around line 5-16: The hook can be bypassed by environment-variable prefixes
because the matcher "Bash(git *)" only matches commands that start with "git "
and the script only checks if the variable command starts with items in
blocked_patterns; update both layers: change the matcher to cover env-prefixed
invocations (e.g., broaden "Bash(git *)" to match commands with leading env
assignments such as "Bash(*git *)"), and harden block-destructive-commands.sh by
normalizing the captured command variable (strip leading environment assignments
and whitespace from the variable named command before matching) so the for loop
over blocked_patterns and the check in for pattern in "${blocked_patterns[@]}"
correctly detects invocations like VAR=1 git reset --hard.
In @.claude/hooks/record-verification-command.sh:
- Around line 1-2: Add the repo-standard copyright header at the top of the
script so the file .claude/hooks/record-verification-command.sh passes the
sanity check: insert the project's required multi-line header comment
immediately after the shebang (#!/usr/bin/env bash) and before the existing "set
-euo pipefail" line, preserving the shebang as first line and ensuring the
header format matches other files in the repo.
- Around line 24-26: The script is currently logging the raw $command while gate
matching uses the normalized variable trimmed_command, causing
whitespace-normalized commands to pass checks but be logged differently; update
the JSON logging invocation in record-verification-command.sh to pass and record
trimmed_command (e.g., add/replace the --arg for command to use
"$trimmed_command" and include trimmed_command in the JSON object) so the logged
"command" field matches the value used for whitelist/gate checks (ensure
trimmed_command is set before the logging call and referenced in the '{...}'
payload along with session_id, cwd, and timestamp).
In @.claude/hooks/stop-completion-gate.sh:
- Around line 1-2: Add the repo-standard copyright header immediately after the
shebang (#!/usr/bin/env bash) in stop-completion-gate.sh so the CI copyright
sanity check passes; insert the exact standard multi-line header used across the
repo directly below the shebang and above the existing "set -euo pipefail" line,
preserving the shebang at the top and ensuring no extra blank lines or altered
file permissions.
- Around line 26-29: The classifier in .claude/hooks/stop-completion-gate.sh
currently sets requires_claude_verification=1 for
^(\.claude/|test/claude-agent/) but misses three new Claude-surface paths;
update the conditional that sets requires_claude_verification (the branch that
assigns requires_claude_verification=1) to also match
test/claude-agent-tests.sh, tools/claude-skills/db-core-expertise/**, and
scripts/install_claude_db_skills.sh (use appropriate shell glob/regex syntax
consistent with the existing patterns), and then add regression cases in
test/claude-agent-tests.sh to assert these paths trigger Claude verification.
In @.claude/rules/testing-and-completion.md:
- Line 14: The rule text currently requires both commands but the gate accepts
either; update the sentence that mentions `go test ./...` and
`./test/go-unit-tests.sh` so it states that Go changes must be verified using
either `go test ./...` or `./test/go-unit-tests.sh` (or rephrase to "run one of:
...") to match the gate logic and avoid contradictory guidance.
In @.claude/skills/docs-reference-sync/SKILL.md:
- Around line 16-20: The output section in SKILL.md currently reads like a
primary response contract; change it to explicitly state these fields are
supplemental only (e.g., rename header to "Supplemental Output" and add a single
sentence clarifying that "Docs To Update", "Files Updated", and "Open Caveats"
are supplemental and must not replace the final response's required fields).
Also add a short cross-reference note calling out that Changed, Verification,
Edge Cases, and Docs Updated remain mandatory per `.claude/CLAUDE.md:19-21` and
`test/claude-agent-tests.sh:40-45`, so the skill must not generate only the
supplemental keys as the completion. Ensure the unique labels "Docs To Update",
"Files Updated", and "Open Caveats" are preserved but described as
optional/supplemental.
In @.claude/skills/verification-matrix/SKILL.md:
- Around line 11-17: Update the verification matrix to treat the new reusable
skill package and its installer as verification-sensitive: add entries mapping
tools/claude-skills/db-core-expertise/** and scripts/install_claude_db_skills.sh
to the existing claude-agent test rule so maintainers run
./test/claude-agent-tests.sh for those changes; modify the section that
currently lists `.claude/**`, `test/claude-agent/**`, and
`test/claude-agent-tests.sh` to include these two paths (referencing the symbols
tools/claude-skills/db-core-expertise/** and
scripts/install_claude_db_skills.sh) so the matrix documents the correct
verification path.
In
`@docs/superpowers/plans/2026-03-31-dbdeployer-specialized-agent-implementation.md`:
- Around line 174-175: The plan snippets violate the completion contract by
omitting the required "Changed" section; update each example final-response
snippet (the bullet list that currently ends with "Verification", "Edge Cases",
and "Docs Updated") to also include a "Changed" entry, and ensure any snippet
that cannot run a required check explicitly states the gap rather than marking
the task complete; search for the final-response template instances (the list
starting with "Final responses must include") and the other occurrences around
the noted examples (also the block referenced near lines 788-793) and add the
"Changed" field in each snippet so all templates match the contract exactly.
In `@scripts/install_claude_db_skills.sh`:
- Around line 1-2: Add the repo-standard copyright header immediately after the
shebang (#!/usr/bin/env bash) so the script remains executable; open
scripts/install_claude_db_skills.sh and insert the project's standard multi-line
copyright/license header between the shebang and the existing set -euo pipefail
line, preserving the shebang on the first line and not adding any leading blank
lines.
In `@test/claude-agent-tests.sh`:
- Around line 1-2: Add the repo-standard copyright header immediately after the
shebang line (#!/usr/bin/env bash) in test/claude-agent-tests.sh; open the
script, keep the existing shebang at the top, then insert the project's
canonical multi-line copyright/header block on the next lines so the CI
copyright sanity check passes.
- Around line 14-23: The helpers require_file and require_string currently check
paths relative to the current working directory; update both functions
(require_file and require_string) to resolve the provided path against the
precomputed ROOT variable when the path is not absolute (e.g., if [[ "$path" !=
/* ]]; then path="$ROOT/$path"; fi), then run the existing checks (file
existence for require_file, grep for require_string) using the resolved path and
keep proper quoting for "$path" and "$needle".
In `@tools/claude-skills/db-core-expertise/scripts/smoke-test.sh`:
- Around line 1-2: Add the repo-standard copyright header to the top of
tools/claude-skills/db-core-expertise/scripts/smoke-test.sh by inserting the
required multi-line header immediately after the existing shebang
(#!/usr/bin/env bash) and before the set -euo pipefail line so the script still
runs with the same strict flags; ensure the header text exactly matches the
repository's canonical header to satisfy the copyright check.
In `@tools/claude-skills/db-core-expertise/verification-playbook.md`:
- Line 7: Update the wording that currently lists both Go verification commands
as required ("Go code => `go test ./...` and `./test/go-unit-tests.sh`") to use
OR semantics to match enforcement; replace the conjunction so the line reads
that either `go test ./...` or `./test/go-unit-tests.sh` can be used, ensuring
the playbook text and gate behavior are consistent.
---
Nitpick comments:
In `@scripts/install_claude_db_skills.sh`:
- Around line 8-12: The script currently deletes DEST then copies, which risks
leaving nothing on failure; change to copy into a temporary directory (e.g.,
TMP="$(mktemp -d")"), create TMP/$(basename "$DEST") or TMP_DIR, cp -R "$SRC"/.
"$TMP_DIR"/, run chmod +x on "$TMP_DIR/scripts/smoke-test.sh", and only after
successful copy and chmod, atomically replace the real location with mv
"$TMP_DIR" "$DEST" (optionally keep a backup or use mv to a swap name then
rename), ensuring you never rm -rf "$DEST" before the new bundle is ready;
reference the existing DEST and SRC variables and the smoke-test.sh path when
implementing.
In `@test/claude-agent-tests.sh`:
- Line 66: The test doesn't actually run the installer so add steps in
claude-agent-tests.sh to execute the installer referenced by require_file
(install_claude_db_skills.sh) and then run the installed copy to exercise its
chmod behavior; specifically, after requiring the script, invoke it (with a
temporary HOME or TMPDIR to exercise permission/installation paths), assert it
exits 0, and then execute the installed binary/path the installer creates and
assert that also exits 0 so the installer and installed artifact are covered
(also apply the same change near the other occurrences flagged around lines
254-256).
In `@tools/claude-skills/db-core-expertise/verification-playbook.md`:
- Around line 8-10: Update the workflow references to include the concrete job
IDs rather than just filenames: replace "MySQL deployment =>
`.github/workflows/integration_tests.yml`" with the workflow file plus the
actual job key (e.g., `sandbox-test`), replace "PostgreSQL provider => the
PostgreSQL job in `.github/workflows/integration_tests.yml`" with the job key
`postgresql-test`, and replace "ProxySQL =>
`.github/workflows/proxysql_integration_tests.yml`" with the specific job keys
like `proxysql-test` or `proxysql-postgresql`; ensure each bullet lists both the
workflow filename and the exact job ID (sandbox-test, postgresql-test,
proxysql-test, proxysql-postgresql) so readers can locate the concrete job
definitions (look for these job keys in the YAML to verify names).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 98f6bb55-ea8f-4ec7-89d5-29d98db18be4
📒 Files selected for processing (31)
.claude/CLAUDE.md.claude/hooks/block-destructive-commands.sh.claude/hooks/record-verification-command.sh.claude/hooks/stop-completion-gate.sh.claude/rules/provider-surfaces.md.claude/rules/testing-and-completion.md.claude/settings.json.claude/skills/db-correctness-review/SKILL.md.claude/skills/dbdeployer-maintainer/SKILL.md.claude/skills/docs-reference-sync/SKILL.md.claude/skills/verification-matrix/SKILL.md.gitignoreCONTRIBUTING.mddocs/coding/claude-code-agent.mddocs/superpowers/plans/2026-03-31-dbdeployer-specialized-agent-implementation.mddocs/superpowers/specs/2026-03-31-dbdeployer-specialized-agent-design.mdscripts/install_claude_db_skills.shtest/claude-agent-tests.shtest/claude-agent/fixtures/posttool-echo.jsontest/claude-agent/fixtures/posttool-go-test.jsontest/claude-agent/fixtures/pretool-git-reset-hard.jsontest/claude-agent/fixtures/pretool-git-status.jsontest/claude-agent/fixtures/stop-sections-complete.jsontest/claude-agent/fixtures/stop-sections-missing.jsontools/claude-skills/db-core-expertise/SKILL.mdtools/claude-skills/db-core-expertise/docs-style.mdtools/claude-skills/db-core-expertise/mysql.mdtools/claude-skills/db-core-expertise/postgresql.mdtools/claude-skills/db-core-expertise/proxysql.mdtools/claude-skills/db-core-expertise/scripts/smoke-test.shtools/claude-skills/db-core-expertise/verification-playbook.md
Comment on lines
+1
to
+2
| #!/usr/bin/env bash | ||
| set -euo pipefail |
There was a problem hiding this comment.
Add required copyright header to unblock CI.
The pipeline reports this file fails the sanity copyright check, so merge is currently blocked.
🧩 Minimal fix
#!/usr/bin/env bash
+# Copyright (c) ProxySQL. All rights reserved.
set -euo pipefail📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| #!/usr/bin/env bash | |
| # Copyright (c) ProxySQL. All rights reserved. | |
| set -euo pipefail |
🧰 Tools
🪛 GitHub Actions: CI
[error] 1-1: Sanity check failed (copyright). File has no copyright.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.claude/hooks/block-destructive-commands.sh around lines 1 - 2, Add the
required copyright header as the first lines of the script before the shebang
(#!/usr/bin/env bash) so the CI copyright sanity check passes; insert the
organization's standard copyright/license block above the existing shebang and
keep the existing "set -euo pipefail" line intact.
There was a problem hiding this comment.
🧹 Nitpick comments (2)
test/claude-agent-tests.sh (1)
17-22: Consider renamingTMPDIRto avoid shadowing the system environment variable.
TMPDIRis a well-known environment variable used bymktempand other tools to determine the default temporary directory. Shadowing it here could confuse readers and affect any subprocesses that rely on the original value.♻️ Proposed fix
set -euo pipefail ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" FIXTURES="$ROOT/test/claude-agent/fixtures" -TMPDIR="$(mktemp -d)" -trap 'rm -rf "$TMPDIR"' EXIT +TEST_TMPDIR="$(mktemp -d)" +trap 'rm -rf "$TEST_TMPDIR"' EXITThen update all subsequent references from
$TMPDIRto$TEST_TMPDIR(lines 222, 227, 232, 237, 240, 242, 251, 260, 269, 276, 281, 288, 293, 300, 305, 311, 317, 323, 334).🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@test/claude-agent-tests.sh` around lines 17 - 22, Rename the local variable TMPDIR in test/claude-agent-tests.sh to avoid shadowing the system TMPDIR: change the declaration TMPDIR="$(mktemp -d)" to TEST_TMPDIR="$(mktemp -d)" (and the trap that references it), then update every subsequent reference of $TMPDIR in this script (all uses throughout the file) to $TEST_TMPDIR so subprocesses don't inherit the shadowed environment variable.docs/coding/claude-code-agent.md (1)
35-39: Consider varying sentence structure to improve readability.Static analysis flagged three successive sentences beginning with "Use". Consider rephrasing for variety.
📝 Suggested rewording
1. Start non-trivial tasks with `/dbdeployer-maintainer`. -2. Use `/db-correctness-review` when behavior, packaging, replication, or ProxySQL wiring may have changed. -3. Use `/verification-matrix` before stopping so the strongest feasible checks run. -4. Use `/docs-reference-sync` when behavior, flags, support statements, or examples change. +2. Run `/db-correctness-review` when behavior, packaging, replication, or ProxySQL wiring may have changed. +3. Before stopping, invoke `/verification-matrix` so the strongest feasible checks run. +4. When behavior, flags, support statements, or examples change, apply `/docs-reference-sync`.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@docs/coding/claude-code-agent.md` around lines 35 - 39, The three consecutive list items that start with "Use" ("Use `/db-correctness-review`...", "Use `/verification-matrix`...", "Use `/docs-reference-sync`...") should be rephrased for variety and readability; modify those list entries so one or two start with different structures (e.g., "Run `/db-correctness-review` when...", "Before stopping, run `/verification-matrix` to...", "Invoke `/docs-reference-sync` when...") while keeping the same triggers and intent intact.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@docs/coding/claude-code-agent.md`:
- Around line 35-39: The three consecutive list items that start with "Use"
("Use `/db-correctness-review`...", "Use `/verification-matrix`...", "Use
`/docs-reference-sync`...") should be rephrased for variety and readability;
modify those list entries so one or two start with different structures (e.g.,
"Run `/db-correctness-review` when...", "Before stopping, run
`/verification-matrix` to...", "Invoke `/docs-reference-sync` when...") while
keeping the same triggers and intent intact.
In `@test/claude-agent-tests.sh`:
- Around line 17-22: Rename the local variable TMPDIR in
test/claude-agent-tests.sh to avoid shadowing the system TMPDIR: change the
declaration TMPDIR="$(mktemp -d)" to TEST_TMPDIR="$(mktemp -d)" (and the trap
that references it), then update every subsequent reference of $TMPDIR in this
script (all uses throughout the file) to $TEST_TMPDIR so subprocesses don't
inherit the shadowed environment variable.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 99542f1b-bc4d-4e25-a50a-3f040b91ada8
📒 Files selected for processing (3)
CONTRIBUTING.mddocs/coding/claude-code-agent.mdtest/claude-agent-tests.sh
✅ Files skipped from review due to trivial changes (1)
- CONTRIBUTING.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.claude/with project memory, rules, workflow skills, and hook guardrailsdbdeployerdb-core-expertisetemplate package for reusable MySQL/PostgreSQL/ProxySQL guidanceTest Plan
./test/claude-agent-tests.sh./scripts/install_claude_db_skills.sh~/.claude/skills/db-core-expertise/scripts/smoke-test.shNotes
.claude/layer stays coupled todbdeployertools/claude-skills/db-core-expertiseand can be extracted to its own repo later if it starts evolving independentlySummary by CodeRabbit
Documentation
New Features
Tests
Chores