grtninja/repo-b-avatarcore-ops
skill-candidates/repo-b-avatarcore-ops/SKILL.md
Run and validate <PRIVATE_REPO_B> AvatarCore proxy, provider routing, and Unreal bridge lifecycle surfaces.
$ install --global
skillsauthnpx skillsauth add grtninja/skill-arbiter repo-b-avatarcore-opsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 2:33 PM350.7s3 files scanned
SKILL.md
- name:
- repo-b-avatarcore-ops
- description:
- Run and validate <PRIVATE_REPO_B> AvatarCore proxy, provider routing, and Unreal bridge lifecycle surfaces.
Repo B AvatarCore Operations
Use this skill for AvatarCore proxy and bridge-related changes in <PRIVATE_REPO_B>, including endpoint contract edits, provider configuration, and startup smoke checks.
Workflow
- Read
docs/AGENTS.mdand repository boundary docs. - Confirm local startup path works:
python -m uvicorn avatarcore_proxy.main:app --host 127.0.0.1 --port 8000 --reload
- Set router-profile environment when validating provider profile routing:
AVATARCORE_ROUTER_MODEorMESHGPT_ROUTER_MODE
- Run deterministic contract smoke tests:
avatarcore_proxy/tests/test_integration_smoke.pyavatarcore_proxy/tests/test_proxy_smoke.py(if present)avatarcore_proxy/tests/test_config_loader.py(if provider/env override edits occurred)avatarcore_proxy/tests/test_provider_profile_butter_passer.py(required for router-profile edits)
- Validate HTTP contract surface and bridge session lifecycle.
- Capture evidence for any changed provider-routing or policy-flow behavior.
Canonical Commands
From <PRIVATE_REPO_B> root:
python -m pytest avatarcore_proxy/tests/test_integration_smoke.py avatarcore_proxy/tests/test_proxy_smoke.py avatarcore_proxy/tests/test_config_loader.py
Contract smoke checks:
curl -s http://127.0.0.1:8000/health
curl -s -X POST http://127.0.0.1:8000/v1/avatarcore/query -H 'content-type: application/json' -d '{"character":"Penny","user_input":"Ping"}'
curl -s -X POST http://127.0.0.1:8000/v1/avatarcore/bridge/session -H 'content-type: application/json' -d '{"agent_mode":"smoke"}'
curl -s http://127.0.0.1:8000/v1/avatarcore/bridge/<session_id>/heartbeat -X POST -H 'content-type: application/json' -d '{"status":"ok"}'
curl -s -X DELETE http://127.0.0.1:8000/v1/avatarcore/bridge/<session_id>
Environment override diagnostic:
$env:AVATARCORE_CONFIG__PROVIDERS__LLM__ORDER__0="ollama"
python -m pytest avatarcore_proxy/tests/test_config_loader.py
Router-profile diagnostic:
$env:AVATARCORE_ROUTER_MODE="gaming"
python -m pytest avatarcore_proxy/tests/test_provider_profile_butter_passer.py
Guardrails
- Keep
/v1/avatarcore/bridge/*and/v1/avatarcore/*payload contracts stable unless a migration is explicitly approved. - Keep sanitized metadata and policy-gate behavior explicit and deterministic.
- Fail on contract shape drift in changed endpoints, including status codes and required keys.
- Provider profile decisions must record network profile in runtime state and avoid hidden fallback behavior.
Scope Boundary
Use this skill only for the repo-b-avatarcore-ops lane and workflow defined in this file and its references.
Do not use this for unrelated lanes; route those through $skill-hub and the most specific matching skill.
Reference
references/avatarcore-checklist.md
Loopback
If this lane is unresolved, blocked, or ambiguous:
- Capture the failing endpoint and test evidence.
- Route back through
$skill-hubfor chain recalculation. - Resume only after the updated chain returns a deterministic next step.
Related Skills
grtninja/white-hat
tools
VerifiedTrustedCommunity
Run a defender-first security sweep on code, configs, prompts, model/tooling surfaces, or third-party contribution lanes. Use when a request involves safe bug, leak, zero-day-class, exploit, or hack hunting for protection, when contributing to outside repositories and you want a focused security pass, or when touching auth, secrets, permissions, network exposure, prompt/tool boundaries, data flow, or update/build surfaces. This skill is defensive only and must never be used for weaponization or unauthorized access.
2SKILL.mdUpdated Apr 22, 2026
grtninja/vrm-sandbox-startup-acceptance
development
VerifiedTrustedCommunity
Validate and repair VRM Sandbox startup acceptance with shim-first local model authority, frontend/backend bring-up, and avatar-runtime launch proof. Use when launch behavior, chat handoff, voice fallback, or runtime bridge acceptance must be verified end to end.
2SKILL.mdUpdated Apr 22, 2026
grtninja/voice-catalog-runtime-alignment
documentation
VerifiedTrustedCommunity
Align documented voice-command catalogs, endpoint action allowances, and live runtime handlers so operator-visible voice surfaces match what the stack can actually execute. Use when voice command docs, parser matrices, endpoint permissions, or runtime action routing drift apart.
2SKILL.mdUpdated Apr 22, 2026
grtninja/skillhub-trend-radar
development
VerifiedTrustedCommunity
Track SkillHub trend and topic drift, maintain a bounded rewrite watchlist, and surface emerging gaps worth turning into repo-owned skills. Use when the marketplace query set shows new families or when the current shortlist has gone stale.
2SKILL.mdUpdated Apr 22, 2026