grtninja/repo-c-shim-contract-checks
skill-candidates/repo-c-shim-contract-checks/SKILL.md
Enforce REPO_B shim runtime contract expectations in <PRIVATE_REPO_C>. Use when changing shim-facing adapters, telemetry dependencies, integration tests, or fail-closed behavior tied to REPO_B_SIDECAR_URL and mock-shim fixtures.
$ install --global
skillsauthnpx skillsauth add grtninja/skill-arbiter repo-c-shim-contract-checksInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 2:41 PM214.6s3 files scanned
SKILL.md
- name:
- repo-c-shim-contract-checks
- description:
- Enforce REPO_B shim runtime contract expectations in <PRIVATE_REPO_C>. Use when changing shim-facing adapters, telemetry dependencies, integration tests, or fail-closed behavior tied to REPO_B_SIDECAR_URL and mock-shim fixtures.
Repo C Shim Contract Checks
Use this skill for shim endpoint contract safety.
Contract Requirements
- Runtime features requiring telemetry must fail closed when shim is unavailable.
REPO_B_SIDECAR_URLconfig path remains explicit.- CI-facing integration tests use mock shim fixtures, not real hardware.
- Do not mask core import failures with
pytest.importorskip(). - Audio and RAG routes tied to shim-backed services must keep closed-fallback behavior when sidecar signals are missing.
- Maintain stable payload contracts for
GET /health,/telemetry,/audio, and/ragendpoints when fail-closed gates engage.
Validation Commands
Run from <PRIVATE_REPO_C> root:
ruff check .
pytest -q
For focused shim contract review:
python - <<'PY'
from pathlib import Path
import re
patterns = [
'REPO_B_SIDECAR_URL',
'importorskip',
'requires_real_sidecar',
'/health',
'/telemetry',
'/audio',
'/rag',
]
roots = ['AGENTS.md', 'tests', 'src', 'repo-c', 'repo_c_trace', 'ranking_engine']
for root in roots:
p = Path(root)
if not p.exists():
continue
for file in p.rglob('*'):
if not file.is_file():
continue
if file.suffix.lower() not in {'.py', '.md', '.yml', '.yaml', '.json'}:
continue
text = file.read_text(encoding='utf-8', errors='ignore')
for pattern in patterns:
if re.search(pattern, text):
break
else:
continue
print(file)
PY
curl -s http://127.0.0.1:9000/health
curl -s http://127.0.0.1:9000/telemetry
curl -s http://127.0.0.1:9000/api/rag/status
Scope Boundary
Use this skill only for the repo-c-shim-contract-checks lane and workflow defined in this file and its references.
Do not use this skill for unrelated lanes; route those through $skill-hub and the most specific matching skill.
Reference
references/shim-contract.md
Loopback
If this lane is unresolved, blocked, or ambiguous:
- Capture the failing endpoint and test evidence.
- Route back through
$skill-hubfor chain recalculation. - Resume only after the updated chain returns a deterministic next step.
Related Skills
grtninja/white-hat
tools
VerifiedTrustedCommunity
Run a defender-first security sweep on code, configs, prompts, model/tooling surfaces, or third-party contribution lanes. Use when a request involves safe bug, leak, zero-day-class, exploit, or hack hunting for protection, when contributing to outside repositories and you want a focused security pass, or when touching auth, secrets, permissions, network exposure, prompt/tool boundaries, data flow, or update/build surfaces. This skill is defensive only and must never be used for weaponization or unauthorized access.
2SKILL.mdUpdated Apr 22, 2026
grtninja/vrm-sandbox-startup-acceptance
development
VerifiedTrustedCommunity
Validate and repair VRM Sandbox startup acceptance with shim-first local model authority, frontend/backend bring-up, and avatar-runtime launch proof. Use when launch behavior, chat handoff, voice fallback, or runtime bridge acceptance must be verified end to end.
2SKILL.mdUpdated Apr 22, 2026
grtninja/voice-catalog-runtime-alignment
documentation
VerifiedTrustedCommunity
Align documented voice-command catalogs, endpoint action allowances, and live runtime handlers so operator-visible voice surfaces match what the stack can actually execute. Use when voice command docs, parser matrices, endpoint permissions, or runtime action routing drift apart.
2SKILL.mdUpdated Apr 22, 2026
grtninja/skillhub-trend-radar
development
VerifiedTrustedCommunity
Track SkillHub trend and topic drift, maintain a bounded rewrite watchlist, and surface emerging gaps worth turning into repo-owned skills. Use when the marketplace query set shows new families or when the current shortlist has gone stale.
2SKILL.mdUpdated Apr 22, 2026