gvkhosla/proof
skills/proof/SKILL.md
Create, edit, comment on, and share markdown documents via Proof's web API and local bridge. Use when asked to "proof", "share a doc", "create a proof doc", "comment on a document", "suggest edits", "review in proof", or when given a proofeditor.ai URL.
$ install --global
skillsauthnpx skillsauth add gvkhosla/compound-engineering-pi proofInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 9:05 PM27.0s1 file scanned
SKILL.md
- name:
- proof
- description:
- Create, edit, comment on, and share markdown documents via Proof's web API and local bridge. Use when asked to "proof", "share a doc", "create a proof doc", "comment on a document", "suggest edits", "review in proof", or when given a proofeditor.ai URL.
Proof - Collaborative Markdown Editor
Proof is a collaborative document editor for humans and agents. It supports two modes:
- Web API - Create and edit shared documents via HTTP (no install needed)
- Local Bridge - Drive the macOS Proof app via localhost:9847
Web API (Primary for Sharing)
Create a Shared Document
No authentication required. Returns a shareable URL with access token.
curl -X POST https://www.proofeditor.ai/share/markdown \
-H "Content-Type: application/json" \
-d '{"title":"My Doc","markdown":"# Hello\n\nContent here."}'
Response format:
{
"slug": "abc123",
"tokenUrl": "https://www.proofeditor.ai/d/abc123?token=xxx",
"accessToken": "xxx",
"ownerSecret": "yyy",
"_links": {
"state": "https://www.proofeditor.ai/api/agent/abc123/state",
"ops": "https://www.proofeditor.ai/api/agent/abc123/ops"
}
}
Use the tokenUrl as the shareable link. The _links give you the exact API paths.
Read a Shared Document
curl -s "https://www.proofeditor.ai/api/agent/{slug}/state" \
-H "x-share-token: <token>"
Edit a Shared Document
All operations go to POST https://www.proofeditor.ai/api/agent/{slug}/ops
Note: Use the /api/agent/{slug}/ops path (from _links in create response), NOT /api/documents/{slug}/ops.
Authentication for protected docs:
- Header:
x-share-token: <token>orAuthorization: Bearer <token> - Token comes from the URL parameter:
?token=xxxor theaccessTokenfrom create response
Comment on text:
{"op": "comment.add", "quote": "text to comment on", "by": "ai:<agent-name>", "text": "Your comment here"}
Reply to a comment:
{"op": "comment.reply", "markId": "<id>", "by": "ai:<agent-name>", "text": "Reply text"}
Resolve a comment:
{"op": "comment.resolve", "markId": "<id>", "by": "ai:<agent-name>"}
Suggest a replacement:
{"op": "suggestion.add", "kind": "replace", "quote": "original text", "by": "ai:<agent-name>", "content": "replacement text"}
Suggest a deletion:
{"op": "suggestion.add", "kind": "delete", "quote": "text to delete", "by": "ai:<agent-name>"}
Bulk rewrite:
{"op": "rewrite.apply", "content": "full new markdown", "by": "ai:<agent-name>"}
Known Limitations (Web API)
suggestion.addwithkind: "insert"returns Bad Request on the web ops endpoint. Usekind: "replace"with a broader quote instead, or userewrite.applyfor insertions.- Bridge-style endpoints (
/d/{slug}/bridge/*) require client version headers (x-proof-client-version,x-proof-client-build,x-proof-client-protocol) and return 426 CLIENT_UPGRADE_REQUIRED without them. Use the/api/agent/{slug}/opsendpoint instead.
Local Bridge (macOS App)
Requires Proof.app running. Bridge at http://localhost-9847.
Required headers:
X-Agent-Id: claude(identity for presence)Content-Type: application/jsonX-Window-Id: <uuid>(when multiple docs open)
Key Endpoints
| Method | Endpoint | Purpose |
|--------|----------|---------|
| GET | /windows | List open documents |
| GET | /state | Read markdown, cursor, word count |
| GET | /marks | List all suggestions and comments |
| POST | /marks/suggest-replace | {"quote":"old","by":"ai:<agent-name>","content":"new"} |
| POST | /marks/suggest-insert | {"quote":"after this","by":"ai:<agent-name>","content":"insert"} |
| POST | /marks/suggest-delete | {"quote":"delete this","by":"ai:<agent-name>"} |
| POST | /marks/comment | {"quote":"text","by":"ai:<agent-name>","text":"comment"} |
| POST | /marks/reply | {"markId":"<id>","by":"ai:<agent-name>","text":"reply"} |
| POST | /marks/resolve | {"markId":"<id>","by":"ai:<agent-name>"} |
| POST | /marks/accept | {"markId":"<id>"} |
| POST | /marks/reject | {"markId":"<id>"} |
| POST | /rewrite | {"content":"full markdown","by":"ai:<agent-name>"} |
| POST | /presence | {"status":"reading","summary":"..."} |
| GET | /events/pending | Poll for user actions |
Presence Statuses
thinking, reading, idle, acting, waiting, completed
Workflow: Review a Shared Document
When given a Proof URL like https://www.proofeditor.ai/d/abc123?token=xxx:
- Extract the slug (
abc123) and token from the URL - Read the document state via the API
- Add comments or suggest edits using the ops endpoint
- The author sees changes in real-time
# Read
curl -s "https://www.proofeditor.ai/api/agent/abc123/state" \
-H "x-share-token: xxx"
# Comment
curl -X POST "https://www.proofeditor.ai/api/agent/abc123/ops" \
-H "Content-Type: application/json" \
-H "x-share-token: xxx" \
-d '{"op":"comment.add","quote":"text","by":"ai:compound","text":"comment"}'
# Suggest edit
curl -X POST "https://www.proofeditor.ai/api/agent/abc123/ops" \
-H "Content-Type: application/json" \
-H "x-share-token: xxx" \
-d '{"op":"suggestion.add","kind":"replace","quote":"old","by":"ai:compound","content":"new"}'
Workflow: Create and Share a New Document
# 1. Create
RESPONSE=$(curl -s -X POST https://www.proofeditor.ai/share/markdown \
-H "Content-Type: application/json" \
-d '{"title":"My Doc","markdown":"# Title\n\nContent here."}')
# 2. Extract URL and token
URL=$(echo "$RESPONSE" | jq -r '.tokenUrl')
SLUG=$(echo "$RESPONSE" | jq -r '.slug')
TOKEN=$(echo "$RESPONSE" | jq -r '.accessToken')
# 3. Share the URL
echo "$URL"
# 4. Make edits using the ops endpoint
curl -X POST "https://www.proofeditor.ai/api/agent/$SLUG/ops" \
-H "Content-Type: application/json" \
-H "x-share-token: $TOKEN" \
-d '{"op":"comment.add","quote":"Content here","by":"ai:compound","text":"Added a note"}'
Safety
- Use
/statecontent as source of truth before editing - Prefer suggest-replace over full rewrite for small changes
- Don't span table cells in a single replace
- Always include
byfield for attribution tracking
Related Skills
gvkhosla/triage
tools
VerifiedTrustedCommunity
Triage and categorize findings for the CLI todo system
35SKILL.mdUpdated Apr 22, 2026
gvkhosla/testing-reviewer
development
VerifiedTrustedCommunity
Always-on code-review persona. Reviews code for test coverage gaps, weak assertions, brittle implementation-coupled tests, and missing edge case coverage. Spawned by the ce:review-beta skill as part of a reviewer ensemble.
35SKILL.mdUpdated Apr 22, 2026
gvkhosla/test-xcode
tools
VerifiedTrustedCommunity
Build and test iOS apps on simulator using XcodeBuildMCP
35SKILL.mdUpdated Apr 22, 2026
gvkhosla/test-browser
testing
VerifiedTrustedCommunity
Run browser tests on pages affected by current PR or branch
35SKILL.mdUpdated Apr 22, 2026