Add opt-in common skills installer#10121
Merged
Merged
Conversation
Contributor
|
I'm starting a first review of this pull request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
![oz-for-oss[bot]](https://avatars.githubusercontent.com/in/3450139?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Overview
This PR moves shared agent skills out of the Warp repo and adds bootstrap/run integration that installs or refreshes them from the pinned common-skills lock.
Concerns
- The local common-skills source path bypasses the documented ref override, so a caller can request one ref and silently install/stamp another.
Verdict
Found: 0 critical, 1 important, 0 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
Co-Authored-By: Oz <oz-agent@warp.dev>
zachlloyd
force-pushed
the
zach/bootstrap-common-skills-updater
branch
from
901ca39 to
3df1e8c
Compare
zachlloyd
changed the title
Co-Authored-By: Oz <oz-agent@warp.dev>
# Conflicts: # script/macos/bootstrap
Co-Authored-By: Oz <oz-agent@warp.dev>
Co-Authored-By: Oz <oz-agent@warp.dev>
captainsafia
reviewed
May 8, 2026
Contributor
captainsafia
left a comment
captainsafia
left a comment
There was a problem hiding this comment.
We may want to update https://github.com/warpdotdev/warp/blob/master/WARP.md#platform-setup to let agents know to bootstrap with support for installing the custom skills.
| @@ -0,0 +1,2 @@ | |||
| repo=https://github.com/warpdotdev/common-skills/ | |||
Contributor
There was a problem hiding this comment.
Is this a custom lock file format or one that the npx skills command uses?
In either case, we'll probably want to figure out a way to hook this up to our dependency update flows.
Replace the custom common-skills lock with the project skills-lock.json managed by npx skills. Restore checked-in skills through script/run and bootstrap using the standard lock, and document the local and Oz cloud environment flows in a tech spec. Co-Authored-By: Oz <oz-agent@warp.dev>
captainsafia
approved these changes
May 9, 2026
Contributor
|
I'm starting a first review of this pull request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
Contributor
There was a problem hiding this comment.
Overview
This PR replaces the custom common-skills lock/update flow with a standard skills-lock.json restore path and wires it into bootstrap and script/run.
Concerns
- Windows bootstrap invocations that include -y/--yes now fail because the Bash wrapper still forwards those args while the PowerShell script only declares Help and InstallCommonSkills switches.
Security
- The automatic restore path executes skills@latest from npm on fresh or stale checkouts, so the installer code is not pinned by the checked-in lock.
Verdict
Found: 0 critical, 2 important, 0 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
| ;; | ||
| -y|--yes) | ||
| export WARP_SKIP_SUDO_PROMPT=1 | ||
| PLATFORM_ARGS+=("${arg}") |
Contributor
There was a problem hiding this comment.
-y/--yes is still forwarded through PLATFORM_ARGS, but script/windows/bootstrap.ps1 now has a strict param block that only accepts -Help and -InstallCommonSkills; ./script/bootstrap -y on Windows will fail before bootstrap starts. Keep this env-only for Windows or add matching PowerShell passthrough.
| install_from_lock() { | ||
| ( | ||
| cd "${REPO_ROOT}" | ||
| npx --yes skills@latest experimental_install |
Contributor
There was a problem hiding this comment.
skills@latest runs unpinned npm code whenever a fresh or stale checkout invokes the automatic restore path; skills-lock.json pins skill contents, not the installer. Pin the CLI version or execute a checked-in package-lock-backed tool before making this path automatic.
Avoid forwarding -y/--yes to the Windows bootstrap wrapper, and pin the npx skills CLI used by automatic common-skills restores. Update the tech spec and WARP.md to document the pinned installer/update flow. Co-Authored-By: Oz <oz-agent@warp.dev>
3 tasks
cephalonaut
pushed a commit
that referenced
this pull request
May 12, 2026
## Description Replaces the custom common-skills lock file with the standard project lock generated by `npx skills`, and wires local setup to restore checked-in common skills from that lock. This PR: - Removes `.agents/common-skills.lock` and the custom common-skills lock/update workflow. - Adds `skills-lock.json`, the standard `npx skills` project lock for skills sourced from `warpdotdev/common-skills`. - Keeps the copied `.agents/skills/*` files checked in so local and cloud agents can discover repo-local skills directly from the checkout. - Reworks `script/install_common_skills` to restore from `skills-lock.json` via `npx --yes skills@1.5.6 experimental_install`. - Stores the local install stamp under `.git/warp/common-skills-lock.hash` so normal restores do not dirty the worktree. - Updates `script/run` to check the lock before building and restore skills only when the lock hash changed. - Keeps `./script/bootstrap --install-common-skills` and `.\script\windows\bootstrap.ps1 -InstallCommonSkills` as explicit bootstrap paths that delegate to the same installer. - Adds `specs/common-skills-installation/TECH.md` with separate Mermaid diagrams for the local install/update flow and the Oz Claude cloud-agent environment setup flow. Pretty cool loom of what's coming on orchestration for anyone interested :) https://www.loom.com/share/87212dc5a6824573861794e32cf9902d ## Flow ### Local agent install/update flow 1. `warpdotdev/warp` checks in both `skills-lock.json` and `.agents/skills/*`. 2. `script/run` calls `script/install_common_skills --if-needed --non-interactive --quiet` before launching the local build. 3. The installer hashes `skills-lock.json` and compares it with `.git/warp/common-skills-lock.hash`. 4. If the hash matches, it skips restore and continues the build. 5. If the hash is missing or stale, it runs `npx --yes skills@1.5.6 experimental_install`, restores `.agents/skills/*` with the pinned `skills@1.5.6` CLI, writes the new local stamp, and then continues. 6. To intentionally update common skills, run `npx --yes skills@1.5.6 update -p -y` and commit the resulting `skills-lock.json` and `.agents/skills/*` changes together. ### Oz Claude cloud-agent environment setup flow 1. Oz provisions or reuses a cloud environment and clones/syncs `warpdotdev/warp`. 2. Environment setup should invoke `./script/install_common_skills --if-needed` after checkout sync and before starting the Claude agent. 3. Fresh environments restore from `skills-lock.json`; reused environments skip when the cloud-local stamp matches. 4. The Claude agent starts with repo-local checked-in skills discoverable, and runs may still pass explicit skill specs such as `warpdotdev/warp:create-pr`. The Oz environment hook itself lives outside this repo; this PR makes the repository checkout self-sufficient and idempotent when that hook invokes the installer. ## Linked Issue - [ ] The linked issue is labeled `ready-to-spec` or `ready-to-implement`. - [ ] Where appropriate, screenshots or a short video of the implementation are included below (especially for user-visible or UI changes). ## Screenshots / Videos Not applicable; script/docs/skills change. ## Testing - `bash -n script/install_common_skills script/run script/bootstrap` - PowerShell parse check for `script/windows/bootstrap.ps1` - `./script/install_common_skills --if-needed --quiet` using pinned `skills@1.5.6` - second `./script/install_common_skills --if-needed --quiet` skip-path check - `git diff --check` - Earlier branch validation: `cargo check --manifest-path Cargo.toml` - Earlier branch validation: `cargo fmt --all --manifest-path Cargo.toml` - Earlier branch validation: `cargo clippy --manifest-path Cargo.toml --workspace --all-targets --all-features --tests -- -D warnings` ## Agent Mode - [x] Warp Agent Mode - This PR was created via Warp's AI Agent Mode Co-Authored-By: Oz <oz-agent@warp.dev> --------- Co-authored-by: Oz <oz-agent@warp.dev>
cephalonaut
pushed a commit
that referenced
this pull request
May 12, 2026
## Description Replaces the custom common-skills lock file with the standard project lock generated by `npx skills`, and wires local setup to restore checked-in common skills from that lock. This PR: - Removes `.agents/common-skills.lock` and the custom common-skills lock/update workflow. - Adds `skills-lock.json`, the standard `npx skills` project lock for skills sourced from `warpdotdev/common-skills`. - Keeps the copied `.agents/skills/*` files checked in so local and cloud agents can discover repo-local skills directly from the checkout. - Reworks `script/install_common_skills` to restore from `skills-lock.json` via `npx --yes skills@1.5.6 experimental_install`. - Stores the local install stamp under `.git/warp/common-skills-lock.hash` so normal restores do not dirty the worktree. - Updates `script/run` to check the lock before building and restore skills only when the lock hash changed. - Keeps `./script/bootstrap --install-common-skills` and `.\script\windows\bootstrap.ps1 -InstallCommonSkills` as explicit bootstrap paths that delegate to the same installer. - Adds `specs/common-skills-installation/TECH.md` with separate Mermaid diagrams for the local install/update flow and the Oz Claude cloud-agent environment setup flow. Pretty cool loom of what's coming on orchestration for anyone interested :) https://www.loom.com/share/87212dc5a6824573861794e32cf9902d ## Flow ### Local agent install/update flow 1. `warpdotdev/warp` checks in both `skills-lock.json` and `.agents/skills/*`. 2. `script/run` calls `script/install_common_skills --if-needed --non-interactive --quiet` before launching the local build. 3. The installer hashes `skills-lock.json` and compares it with `.git/warp/common-skills-lock.hash`. 4. If the hash matches, it skips restore and continues the build. 5. If the hash is missing or stale, it runs `npx --yes skills@1.5.6 experimental_install`, restores `.agents/skills/*` with the pinned `skills@1.5.6` CLI, writes the new local stamp, and then continues. 6. To intentionally update common skills, run `npx --yes skills@1.5.6 update -p -y` and commit the resulting `skills-lock.json` and `.agents/skills/*` changes together. ### Oz Claude cloud-agent environment setup flow 1. Oz provisions or reuses a cloud environment and clones/syncs `warpdotdev/warp`. 2. Environment setup should invoke `./script/install_common_skills --if-needed` after checkout sync and before starting the Claude agent. 3. Fresh environments restore from `skills-lock.json`; reused environments skip when the cloud-local stamp matches. 4. The Claude agent starts with repo-local checked-in skills discoverable, and runs may still pass explicit skill specs such as `warpdotdev/warp:create-pr`. The Oz environment hook itself lives outside this repo; this PR makes the repository checkout self-sufficient and idempotent when that hook invokes the installer. ## Linked Issue - [ ] The linked issue is labeled `ready-to-spec` or `ready-to-implement`. - [ ] Where appropriate, screenshots or a short video of the implementation are included below (especially for user-visible or UI changes). ## Screenshots / Videos Not applicable; script/docs/skills change. ## Testing - `bash -n script/install_common_skills script/run script/bootstrap` - PowerShell parse check for `script/windows/bootstrap.ps1` - `./script/install_common_skills --if-needed --quiet` using pinned `skills@1.5.6` - second `./script/install_common_skills --if-needed --quiet` skip-path check - `git diff --check` - Earlier branch validation: `cargo check --manifest-path Cargo.toml` - Earlier branch validation: `cargo fmt --all --manifest-path Cargo.toml` - Earlier branch validation: `cargo clippy --manifest-path Cargo.toml --workspace --all-targets --all-features --tests -- -D warnings` ## Agent Mode - [x] Warp Agent Mode - This PR was created via Warp's AI Agent Mode Co-Authored-By: Oz <oz-agent@warp.dev> --------- Co-authored-by: Oz <oz-agent@warp.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Replaces the custom common-skills lock file with the standard project lock generated by
npx skills, and wires local setup to restore checked-in common skills from that lock.This PR:
.agents/common-skills.lockand the custom common-skills lock/update workflow.skills-lock.json, the standardnpx skillsproject lock for skills sourced fromwarpdotdev/common-skills..agents/skills/*files checked in so local and cloud agents can discover repo-local skills directly from the checkout.script/install_common_skillsto restore fromskills-lock.jsonvianpx --yes skills@1.5.6 experimental_install..git/warp/common-skills-lock.hashso normal restores do not dirty the worktree.script/runto check the lock before building and restore skills only when the lock hash changed../script/bootstrap --install-common-skillsand.\script\windows\bootstrap.ps1 -InstallCommonSkillsas explicit bootstrap paths that delegate to the same installer.specs/common-skills-installation/TECH.mdwith separate Mermaid diagrams for the local install/update flow and the Oz Claude cloud-agent environment setup flow.Pretty cool loom of what's coming on orchestration for anyone interested :)
https://www.loom.com/share/87212dc5a6824573861794e32cf9902d
Flow
Local agent install/update flow
warpdotdev/warpchecks in bothskills-lock.jsonand.agents/skills/*.script/runcallsscript/install_common_skills --if-needed --non-interactive --quietbefore launching the local build.skills-lock.jsonand compares it with.git/warp/common-skills-lock.hash.npx --yes skills@1.5.6 experimental_install, restores.agents/skills/*with the pinnedskills@1.5.6CLI, writes the new local stamp, and then continues.npx --yes skills@1.5.6 update -p -yand commit the resultingskills-lock.jsonand.agents/skills/*changes together.Oz Claude cloud-agent environment setup flow
warpdotdev/warp../script/install_common_skills --if-neededafter checkout sync and before starting the Claude agent.skills-lock.json; reused environments skip when the cloud-local stamp matches.warpdotdev/warp:create-pr.The Oz environment hook itself lives outside this repo; this PR makes the repository checkout self-sufficient and idempotent when that hook invokes the installer.
Linked Issue
ready-to-specorready-to-implement.Screenshots / Videos
Not applicable; script/docs/skills change.
Testing
bash -n script/install_common_skills script/run script/bootstrapscript/windows/bootstrap.ps1./script/install_common_skills --if-needed --quietusing pinnedskills@1.5.6./script/install_common_skills --if-needed --quietskip-path checkgit diff --checkcargo check --manifest-path Cargo.tomlcargo fmt --all --manifest-path Cargo.tomlcargo clippy --manifest-path Cargo.toml --workspace --all-targets --all-features --tests -- -D warningsAgent Mode
Co-Authored-By: Oz oz-agent@warp.dev