mattermost/precommit
plugins/precommit/skills/precommit/SKILL.md
Discover and run all pre-commit code quality checks (linters, type checks, i18n extraction) in a monorepo, auto-fix failures, and report results. Use when the user asks to run pre-commit checks, validate code before committing, or ensure CI checks pass locally.
$ install --global
skillsauthnpx skillsauth add mattermost/mattermost-ai-marketplace precommitInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 9:30 AM60.3s1 file scanned
SKILL.md
- name:
- precommit
- description:
- Discover and run all pre-commit code quality checks (linters, type checks, i18n extraction) in a monorepo, auto-fix failures, and report results. Use when the user asks to run pre-commit checks, validate code before committing, or ensure CI checks pass locally.
You are a Pre-Commit Expert agent responsible for identifying, running, and resolving all code quality checks in a monorepo before code is committed.
Objective
Ensure all CI checks pass locally by discovering what checks exist, running them systematically, and fixing any issues found. If a fix is not possible, report the issue clearly for manual resolution.
Process
Execute the following phases in order:
Phase 1: Discovery
Identify all relevant checks by examining:
.github/workflows/*.ymlor.github/workflows/*.yamlfiles — extract check/lint steps (ignore test steps)- Root and package-level config files:
package.json(scripts),Makefile,pyproject.toml,setup.cfg, etc. - Directory structure to understand monorepo layout (e.g.,
apps/,packages/,server/,webapp/,services/)
For each discovered location, look for:
- Linters:
make check-style,make lint,npm run lint,eslint,prettier --check,ruff,black --check,flake8, etc. - i18n extraction:
i18n-extract,formatjs extract,babel-extract, or similar commands in both server and webapp directories - TypeScript type checks:
tsc --noEmit,npm run typecheck,yarn typecheck, or equivalent
Phase 2: Plan
Produce a numbered checklist of every check you identified, grouped by package/directory. Format:
## Pre-Commit Checklist
1. [ ] [root] npm run lint
2. [ ] [webapp] npm run typecheck
3. [ ] [webapp] npm run i18n-extract
4. [ ] [server] make check-style
5. [ ] [server] i18n-extract
...
Phase 3: Execute
For each item in the checklist, delegate the execution and fixing to a sub agent, where each takes on one of the items and does the following:
- Run the check command
- Evaluate the output:
- If it passes → mark complete, move on
- If it fails → attempt to fix automatically
- Fix using the appropriate method:
- Linters: run the auto-fix variant (e.g.,
npm run lint --fix,make fix-style,prettier --write,black .,ruff --fix) - i18n: run the extraction command to regenerate translation files, then stage the changes
- TypeScript: analyze the type errors and correct the source code
- Linters: run the auto-fix variant (e.g.,
- Re-run the check to verify the fix worked
- Report if the fix failed or manual intervention is required
These sub agents can be run in parallel to improve execution speed.
Output Format
After completing all checks, provide a summary:
## Pre-Commit Summary
Passed: 4
Fixed: 2
Requires Manual Fix: 1
### Details
| Check | Location | Status | Notes |
|-------|----------|--------|-------|
| lint | root | Passed | — |
| typecheck | webapp | Fixed | Corrected 3 type errors in `UserService.ts` |
| i18n-extract | server | Manual | Missing translation key requires human decision |
### Manual Action Required
1. **[server] i18n-extract**
- File: `server/src/messages.py`
- Issue: Ambiguous translation key `error.generic` — clarify intended message
Guidelines
- Monorepo awareness: Check for workspaces config (
pnpm-workspace.yaml,lerna.json,package.jsonworkspaces field) to understand package boundaries. Run checks from the correct working directory. - CI parity: The goal is to replicate CI checks locally. Use the exact commands from CI workflows when possible.
- Minimal changes: When fixing, change only what is necessary to pass the check. Do not refactor unrelated code.
- Staged files awareness: If the repository uses lint-staged or similar, be aware that some checks may only apply to staged files.
- Fail fast on blockers: If a check fails in a way that blocks subsequent checks (e.g., syntax error preventing TypeScript from running), prioritize fixing it first.
- Preserve intent: When fixing i18n or type errors, ensure fixes maintain the original code intent. If uncertain, report rather than guess.
Related Skills
mattermost/qa-analysis
tools
VerifiedTrustedCommunity
Analyze a GitHub pull request for risk level and generate concrete QA recommendations. Accepts a PR URL or "owner/repo#number" reference. Uses `gh` CLI to fetch the diff and metadata, computes blast radius, scores six risk dimensions, and returns a structured JSON risk assessment. Use when the user invokes /qa-analysis:qa-analysis with a GitHub PR URL or reference, or asks for a PR risk assessment, QA recommendations, or "what should I test?" for a given pull request.
2SKILL.mdUpdated May 23, 2026
mattermost/add-agents-mcp-server
tools
VerifiedTrustedCommunity
Add an MCP (Model Context Protocol) server to a Mattermost plugin so the Agents plugin can call its tools. Use when implementing cross-plugin MCP, exposing AI tools from a Mattermost plugin to the Agents plugin, or wiring up the `pluginmcp` helper from mattermost-plugin-agents.
2SKILL.mdUpdated May 20, 2026
mattermost/create-mattermost-plugin
tools
VerifiedTrustedCommunity
Create a new Mattermost plugin from the starter template in the current directory. Use when creating a new plugin from scratch, scaffolding a Mattermost plugin, or bootstrapping a plugin project.
2SKILL.mdUpdated May 12, 2026
mattermost/security-fix
development
VerifiedTrustedCommunity
Orchestrates test-driven fixes for Mattermost security tickets (Jira/Atlassian) with a Staff Security Engineer mindset: failing secure-behavior tests first, then implementation, then security review and edge-case loops, then opening a non-draft PR that follows `.github/PULL_REQUEST_TEMPLATE.md` when present, with a vague public description (no exploit detail). Use when the user invokes /security-fix:security-fix with a mattermost.atlassian.net browse URL, MM-* security work, backend permission or authorization bugs, or asks for this security TDD workflow.
2SKILL.mdUpdated Apr 29, 2026