agent-team-foundation/github-scan
packages/github-scan/skills/github-scan/SKILL.md
Operate the `first-tree github scan` CLI — the GitHub notification daemon and inbox runtime. Use whenever you need to run, start, stop, inspect, poll, or debug github-scan; view or respond to GitHub-triggered work from the terminal; or wire up the github-scan statusline hook.
$ install --global
skillsauthnpx skillsauth add agent-team-foundation/first-tree github-scanInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 7, 2026, 2:24 AM56.3s2 files scanned
SKILL.md
- name:
- github-scan
- version:
- 0.3.0
- first-tree:
- >=0.4.0 <0.5.0
- description:
- Operate the `first-tree github scan` CLI — the GitHub notification daemon and inbox runtime. Use whenever you need to run, start, stop, inspect, poll, or debug github-scan; view or respond to GitHub-triggered work from the terminal; or wire up the github-scan statusline hook.
GitHub Scan — Operational Skill
This skill is the operational handbook for the github-scan product. If you
have not yet loaded the first-tree entry-point skill, load that first — it
explains the toolkit layout and the current canonical First Tree skill set.
This skill covers how to drive the first-tree github scan CLI.
When To Use This Skill
Load this skill when the task involves any of:
- Running or inspecting the github-scan daemon
- Viewing the GitHub notification inbox or the live activity feed
- Triggering a one-off notification poll
- Configuring, starting, or stopping the background daemon (launchd on macOS)
- Installing the github-scan statusline hook into Claude Code
- Diagnosing a broken github-scan install or a stuck claim
GitHub Scan is designed for agents, not humans — most commands are idempotent and safe to re-run.
Core Concepts
- Inbox — the local store of explicit GitHub mentions and review requests, under
~/.first-tree/github-scan/. - Daemon — a long-running broker process that polls GitHub, keeps the
inbox fresh, dispatches work to per-task agent runners, and serves a
local HTTP/SSE endpoint on
127.0.0.1:7879for the dashboard. - Runner — a per-task worker spawned by the daemon for a single claim.
- Claim — exclusive lease on a notification so only one runner acts on it.
- Statusline — a sub-30 ms Claude Code statusline hook that prints a one-line summary of the inbox state.
CLI Commands
Primary (start here)
| Command | Purpose |
| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| first-tree github scan install --allow-repo owner/repo | First-run setup — checks gh/jq/gh auth, creates ~/.first-tree/github-scan/config.yaml with defaults, and starts the daemon. The repo scope is required so github-scan never falls back to scanning the whole account. (Wiring the Claude Code statusline is a separate manual step — see the Statusline section.) |
| first-tree github scan start --allow-repo owner/repo | Launch the daemon in the background (launchd on macOS, detached spawn elsewhere) |
| first-tree github scan stop | Stop the daemon and remove its lock |
| first-tree github scan status | Print the daemon lock + runtime/status.env |
| first-tree github scan doctor | One-screen diagnostic of the local install |
| first-tree github scan watch | Live TUI: status board + activity feed |
| first-tree github scan poll | Poll explicit GitHub mentions and review requests once (no daemon required) |
Advanced (agents, debugging)
These are the daemon's foreground entrypoints and manual-cleanup helpers.
Humans normally only need the primary set above; reach for these when
debugging the pipeline or when doctor directs you to.
| Command | Purpose |
| -------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- |
| first-tree github scan run --allow-repo owner/repo / first-tree github scan daemon --allow-repo owner/repo | Run the broker loop in the foreground. start is preferred for humans; daemon is invoked by launchd. |
| first-tree github scan run-once --allow-repo owner/repo | Run one poll cycle, wait for drain, then exit. Useful for debugging the daemon pipeline. |
| first-tree github scan cleanup | Remove stale workspaces and expired claims. Only run if doctor suggests it. |
Hook / internal entry points (do not invoke directly)
These exist for compatibility or to be called by other code. Never
invoke them manually from a shell or from an agent action — they are
listed here only so you recognize what they are when you encounter them
in ps, config files, or log lines.
| Command | Why it exists |
| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| first-tree github scan statusline | Claude Code statusline hook. Claude Code should be pointed at the pre-bundled dist/github-scan-statusline.js directly for sub-30 ms cold start (see the Statusline section below). The CLI shim exists for parity. |
| first-tree github scan status-manager | Internal helper used by the github-scan runner to manage per-session status entries. Runners call it programmatically; no direct human or agent use. |
| first-tree github scan poll-inbox | Legacy alias for poll. Kept so existing scripts keep working; new callers should use poll. |
For full options on any command, run first-tree github scan <command> --help.
Any command that starts the daemon now requires an explicit --allow-repo
scope. Use exact repos (owner/repo) and/or owner globs (owner/*).
Recommended Invocation
npx -p first-tree first-tree github scan <command>
This always runs the latest published version.
For the statusline hook (called many times per Claude Code session), use the pre-bundled minimal entry point for sub-30 ms cold starts:
node /path/to/first-tree/dist/github-scan-statusline.js
first-tree github scan install does not wire this up into Claude Code for
you. Configure the statusline hook manually after install if you want the
live inbox summary in your session UI.
Environment
GITHUB_SCAN_DIR— override the default store root (~/.first-tree/github-scan/)GITHUB_SCAN_HOME— override the default daemon private state dir (~/.first-tree/github-scan/runner/)
Typical Flows
First-time setup on a fresh machine:
npx -p first-tree first-tree github scan install --allow-repo owner/repo
npx -p first-tree first-tree github scan start --allow-repo owner/repo
npx -p first-tree first-tree github scan status
If the daemon did not come up during install, run:
npx -p first-tree first-tree github scan start --allow-repo owner/repo
Something looks wrong:
npx -p first-tree first-tree github scan doctor
npx -p first-tree first-tree github scan status
npx -p first-tree first-tree github scan cleanup # only if doctor suggests it
Peek at activity without starting a daemon:
npx -p first-tree first-tree github scan poll
npx -p first-tree first-tree github scan watch
Related Skills
first-tree— entry-point skill: methodology, references, routing. Load this first.first-tree-onboarding— load if the task is first-time setup, repo binding, or daemon enablement.first-tree-sync/first-tree-write— load if a notification or daemon diagnosis turns into tree-maintenance work.
Related Skills
agent-team-foundation/first-tree
tools
VerifiedTrustedCommunity
Canonical whitepaper and routing skill for First Tree. Explains what belongs in a Context Tree, how source or workspace roots, tree repos, and bindings relate, and how the current `first-tree tree` and `first-tree github scan` surfaces fit together. Use when you need shared First Tree concepts, need to choose between onboarding, sync, write, or GitHub notification workflows, or need the high-level CLI map before acting.
44SKILL.mdUpdated Apr 25, 2026
agent-team-foundation/first-tree-onboarding
tools
VerifiedTrustedCommunity
One-shot onboarding command for First Tree. Drives a repo or workspace from "no first-tree" all the way to "tree bound, real content drafted, daemon running, agent templates confirmed" — end to end, in one skill invocation. Trigger this skill when the user invokes `/first-tree-onboarding`, says "onboard this repo to first-tree", "set up first-tree here", "complete first-tree onboarding", or runs first-tree against an unbound repo or workspace. Also trigger when re-running on an already-bound repo to refresh skills, draft missing content, or reverify the daemon. Use this skill instead of running `first-tree tree init` from raw memory; it owns role-by-role branching, the initial-content drafting phase the CLI does NOT do, and the final doctor checks.
39SKILL.mdUpdated May 2, 2026
agent-team-foundation/first-tree-sync
development
VerifiedTrustedCommunity
Audit and repair drift between merged code and the Context Tree in both directions — tree→code (does code still support tree facts?) and code→tree (does the tree register everything code now contains?). Use when the tree may be stale, wrong, outdated, or missing coverage for recent code changes; after a large merge; before release; on a freshly onboarded tree; or when a GitHub notification was routed `route=sync`. Sync owns broad drift discovery, structural skeleton repair, and substantive write hand-off across one tree. Use `first-tree-write` instead when the user already gave you a specific PR / doc / note to write into the tree.
33SKILL.mdUpdated May 2, 2026
agent-team-foundation/github-scan
tools
VerifiedTrustedCommunity
Operate the `first-tree github scan` CLI — the GitHub notification daemon and inbox runtime. Use whenever you need to run, start, stop, inspect, poll, or debug github-scan; view or respond to GitHub-triggered work from the terminal; or wire up the github-scan statusline hook.
32SKILL.mdUpdated May 7, 2026