Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

fmflurry/merge-cop

Name: merge-cop
Author: fmflurry

skills/merge-cop/SKILL.md

npx skillsauth add fmflurry/settings-opencode merge-cop

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

merge-cop

Pre-merge review. Compares HEAD vs origin/<target>. Angular-aware. Project-aware (reads AGENTS.md). Tooling-aware (runs lint + tsc).

When to Activate

/cop-review <target> slash command
User asks for review before merging a PR
User specifies a target branch and wants a diff review
merge-cop agent is invoked

Inputs

| Arg | Required | Default | Meaning | |---|---|---|---| | <target> | yes | — | Target branch (e.g. main, develop, release/x) | | --level | no | auto | junior (verbose teaching) or senior (terse). Auto = senior. | | --scope | no | all | Comma list: signals,rxjs,arch,flurryx,ts,a11y | | --no-tools | no | false | Skip lint + tsc (static review only) |

Hard Rules

Read-only. Never patch code. Output report only.
Diff window: git merge-base HEAD origin/<target>..HEAD. Never review changes already on target.
Confidence ≥ 80%. Skip uncertain findings. Use ❓ q: instead of speculative 🔴 bug:.
Project rules win. AGENTS.md overrides this skill. Re-read on every run; do not cache between sessions.
flurryx ground truth: load the [[flurryx]] skill before flagging state-management code. Do not invent APIs.
No fluff. No "great work", no restating what the diff already shows.

Pipeline

1. Parse args -> target, level, scope
2. git fetch <remote> <target>          (silent; --quiet)
3. base = git merge-base HEAD <remote>/<target>
4. changed = git diff --name-status base..HEAD
5. Load <repo>/AGENTS.md (if exists) -> project rules
6. For each changed file:
     - Skim full file (not just hunk) for context
     - Apply relevant sub-checklists by extension/role:
          *.component.ts / *.html  -> signals.md, rxjs.md, clean-architecture.md, a11y
         *.facade.ts / *.store.ts -> flurryx.md, clean-architecture.md
         *.adapter.ts / *.port.ts -> clean-architecture.md
         *.ts                     -> typescript-strict.md
7. If !--no-tools:
     - npm run lint -- --quiet (or eslint --quiet) on changed files
     - npx tsc --noEmit (full project; abort early on first 50 errors)
8. Aggregate findings -> render via output-format.md

Severity

| Tag | Meaning | Action | |---|---|---| | 🔴 bug | broken behavior, runtime crash, data loss | BLOCK merge | | 🟠 sec | security risk (XSS, leaked secret, auth bypass) | BLOCK merge | | 🟡 risk | works today, fragile tomorrow (leak, race, missing teardown) | Fix before merge | | 🟢 arch | violates project architecture / layering | Fix before merge | | 🔵 nit | style, naming, micro-optim | Optional | | ❓ q | genuine question | Author decides |

Promote to BLOCK if AGENTS.md flags the category as mandatory.

Sub-pages (read on demand)

[[merge-cop-signals]] — Angular signals, change detection, OnPush, computed, no-method-in-template
[[merge-cop-rxjs]] — RxJS hygiene, takeUntilDestroyed, async pipe, leak patterns
[[merge-cop-clean-architecture]] — facade / use-case / port / adapter / store boundaries
[[merge-cop-flurryx]] — flurryx-specific rules (decorator order, keyed stores, no manual Record updates)
[[merge-cop-typescript-strict]] — no any, immutability, narrowing, no !, readonly
[[merge-cop-output-format]] — junior vs senior render templates

AGENTS.md Loading

Always:

test -f AGENTS.md && cat AGENTS.md
test -f .agent/AGENTS.md && cat .agent/AGENTS.md

Parse rule blocks. Where this skill and AGENTS.md disagree, AGENTS.md wins. Cite the AGENTS.md line in the finding: (AGENTS.md §<section>).

Output Contract

Single markdown document, sections in fixed order:

Summary — target, base SHA, head SHA, files changed, finding counts by severity.
Blockers (🔴 / 🟠 / 🟢-when-AGENTS-mandates) — sorted by severity, then file path.
Should-fix (🟡) — same sort.
Optional (🔵 / ❓) — collapsible.
Tooling — lint summary, tsc summary, test status if available.
Verdict — APPROVE / APPROVE-WITH-CHANGES / BLOCK.

See [[merge-cop-output-format]] for full templates.

Boundaries

Does not write code fixes. Suggestions only.
Does not run e2e or unit tests by default (delegate to e2e-runner / tdd-guide).
Does not approve PRs in GitHub/Azure. Author posts the report manually.
Does not auto-fix lint. Reports counts only.
If no diff (HEAD == base), exit early with "no changes to review".

fmflurry/merge-cop

skills/merge-cop/SKILL.md

Pre-merge code review for Angular + TypeScript pull requests. Diffs current branch against a target branch, applies Angular-specific checklists (signals, RxJS, clean architecture, flurryx, TS strict), runs lint + tsc, and emits a tiered report (verbose for juniors, terse for seniors). Auto-loads project AGENTS.md rules. Use when user runs /cop-review, says "pre-merge review", "review before merging", "check my PR against <branch>", or invokes the merge-cop agent.

144 stars

development

Updated May 20, 2026

$ install --global

skillsauth

npx skillsauth add fmflurry/settings-opencode merge-cop

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 20, 2026, 4:33 AM264.7s7 files scanned

SKILL.md

name:: merge-cop
description:: >

merge-cop

Pre-merge review. Compares HEAD vs origin/<target>. Angular-aware. Project-aware (reads AGENTS.md). Tooling-aware (runs lint + tsc).

When to Activate

/cop-review <target> slash command
User asks for review before merging a PR
User specifies a target branch and wants a diff review
merge-cop agent is invoked

Inputs

Hard Rules

Read-only. Never patch code. Output report only.
Diff window: git merge-base HEAD origin/<target>..HEAD. Never review changes already on target.
Confidence ≥ 80%. Skip uncertain findings. Use ❓ q: instead of speculative 🔴 bug:.
Project rules win. AGENTS.md overrides this skill. Re-read on every run; do not cache between sessions.
flurryx ground truth: load the [[flurryx]] skill before flagging state-management code. Do not invent APIs.
No fluff. No "great work", no restating what the diff already shows.

Pipeline

1. Parse args -> target, level, scope
2. git fetch <remote> <target>          (silent; --quiet)
3. base = git merge-base HEAD <remote>/<target>
4. changed = git diff --name-status base..HEAD
5. Load <repo>/AGENTS.md (if exists) -> project rules
6. For each changed file:
     - Skim full file (not just hunk) for context
     - Apply relevant sub-checklists by extension/role:
          *.component.ts / *.html  -> signals.md, rxjs.md, clean-architecture.md, a11y
         *.facade.ts / *.store.ts -> flurryx.md, clean-architecture.md
         *.adapter.ts / *.port.ts -> clean-architecture.md
         *.ts                     -> typescript-strict.md
7. If !--no-tools:
     - npm run lint -- --quiet (or eslint --quiet) on changed files
     - npx tsc --noEmit (full project; abort early on first 50 errors)
8. Aggregate findings -> render via output-format.md

Severity

Promote to BLOCK if AGENTS.md flags the category as mandatory.

Sub-pages (read on demand)

[[merge-cop-signals]] — Angular signals, change detection, OnPush, computed, no-method-in-template
[[merge-cop-rxjs]] — RxJS hygiene, takeUntilDestroyed, async pipe, leak patterns
[[merge-cop-clean-architecture]] — facade / use-case / port / adapter / store boundaries
[[merge-cop-flurryx]] — flurryx-specific rules (decorator order, keyed stores, no manual Record updates)
[[merge-cop-typescript-strict]] — no any, immutability, narrowing, no !, readonly
[[merge-cop-output-format]] — junior vs senior render templates

AGENTS.md Loading

Always:

test -f AGENTS.md && cat AGENTS.md
test -f .agent/AGENTS.md && cat .agent/AGENTS.md

Parse rule blocks. Where this skill and AGENTS.md disagree, AGENTS.md wins. Cite the AGENTS.md line in the finding: (AGENTS.md §<section>).

Output Contract

Single markdown document, sections in fixed order:

Summary — target, base SHA, head SHA, files changed, finding counts by severity.
Blockers (🔴 / 🟠 / 🟢-when-AGENTS-mandates) — sorted by severity, then file path.
Should-fix (🟡) — same sort.
Optional (🔵 / ❓) — collapsible.
Tooling — lint summary, tsc summary, test status if available.
Verdict — APPROVE / APPROVE-WITH-CHANGES / BLOCK.

See [[merge-cop-output-format]] for full templates.

Boundaries

Does not write code fixes. Suggestions only.
Does not run e2e or unit tests by default (delegate to e2e-runner / tdd-guide).
Does not approve PRs in GitHub/Azure. Author posts the report manually.
Does not auto-fix lint. Reports counts only.
If no diff (HEAD == base), exit early with "no changes to review".

Related Skills

fmflurry/angular-clean-architecture

development

VerifiedTrustedCommunity

Scaffolds and extends Angular 18+ standalone features using Clean Architecture with DDD layering (presentation/application/domain/infrastructure), custom signal-based stores, facade pattern, and ports/adapters dependency inversion. Use when creating new Angular features/domains, adding use cases/facades/stores/ports/adapters, refactoring legacy NgModule/NgRx code toward clean architecture, or working with cross-domain communication via context registry.

158SKILL.mdUpdated Apr 19, 2026

fmflurry/angular-clean-architecture

fmflurry/git-workflow

testing

VerifiedTrustedCommunity

Use this skill for any git work such as creating branches, staging changes, writing commit messages, pushing branches, or preparing pull requests. Delegates git execution to the git-specialist agent.

144SKILL.mdUpdated Apr 19, 2026

fmflurry/git-workflow

fmflurry/flurryx

development

VerifiedTrustedCommunity

Signal-first reactive state management for Angular. Bridge RxJS streams into cache-aware stores, keyed resources, mirrored state, and replayable history. Use when generating or modifying Angular code that uses flurryx for state management, or when scaffolding new feature modules that follow the flurryx facade pattern.

133SKILL.mdUpdated Apr 19, 2026

fmflurry/socratic-design

development

VerifiedTrustedCommunity

evidence-first decision-gating for planning, design, architecture, and refactor requests with unresolved requirements, scope, constraints, facts, or tradeoffs. use when the next safe step is to ask exactly one dependency-safe question before proposing a plan or implementation, especially when critical decisions are not yet closed.

2SKILL.mdUpdated Apr 19, 2026

fmflurry/socratic-design

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/fmflurry/settings-opencode.git

# Copy into Claude Code skills folder (global)
cp -r settings-opencode/skills/merge-cop ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

fmflurry/settings-opencode

144 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT