mirrors/k-skill

Fork 0

mirror of https://github.com/NomaDamas/k-skill.git synced 2026-06-24 02:04:11 +00:00

Commit graph

Author	SHA1	Message	Date
Jeffrey (Dongkyu) Kim	ef2c69b81c	Replace sops+age encryption with plain dotenv and agent-native credential resolution Agent environments (OpenClaw, Claude Code, Codex) assume users delegate credentials to the agent. sops+age added setup friction without real security benefit since the agent decrypts on every call anyway. New model: skills declare required env var names; how they are supplied is up to the agent (own vault, shell env, or ~/.config/k-skill/secrets.env as the default fallback with 0600 permissions). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-30 22:12:04 +09:00
Jeffrey (Dongkyu) Kim	720964cf49	Prepare k-skill for packaged releases and broader skill discovery This snapshots the current repository updates as a coherent release-prep baseline: workspace/package scaffolding, release automation docs and workflows, refreshed skill/setup documentation, roadmap expansion, and the README thumbnail polish. Constraint: Node packages in this repo must use npm workspaces and Changesets for releases Constraint: Python release automation stays scaffold-only until a real package exists Rejected: Split the current work into multiple commits \| user asked to commit the current changes together Confidence: medium Scope-risk: moderate Reversibility: clean Directive: Keep release docs, workflows, and package metadata aligned when adding future packages Tested: npm run ci Not-tested: GitHub Actions execution on remote after push	2026-03-25 23:57:53 +09:00
Jeffrey (Dongkyu) Kim	363a739b18	Remove the account requirement from k-skill secret handling Credential-bearing skills now point to a shared cross-platform setup based on sops plus age instead of a hosted password manager. The repo also gains a default setup skill and a small verification script so users can bring one encrypted secrets file to every relevant skill. Constraint: The secret workflow must work on macOS, Linux, and Windows without mandatory vendor signup Rejected: Keep 1Password CLI as the default \| it requires account creation and sign-in Rejected: Plaintext .env as the default \| too easy to leak in a repo and too easy for tools to read at rest Confidence: high Scope-risk: moderate Reversibility: clean Directive: If a future skill needs stronger isolation than exec-env provides, expose a capability wrapper instead of injecting the raw secret Tested: bash scripts/validate-skills.sh Tested: npx --yes skills add . --list Tested: bash scripts/check-setup.sh (expected failure without sops/age installed) Not-tested: End-to-end sops encryption and exec-env flow on a machine with sops and age installed	2026-03-25 00:55:26 +09:00

Author

SHA1

Message

Date

Jeffrey (Dongkyu) Kim

ef2c69b81c

Replace sops+age encryption with plain dotenv and agent-native credential resolution

Agent environments (OpenClaw, Claude Code, Codex) assume users delegate
credentials to the agent. sops+age added setup friction without real
security benefit since the agent decrypts on every call anyway.

New model: skills declare required env var names; how they are supplied
is up to the agent (own vault, shell env, or ~/.config/k-skill/secrets.env
as the default fallback with 0600 permissions).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-30 22:12:04 +09:00

Jeffrey (Dongkyu) Kim

720964cf49

Prepare k-skill for packaged releases and broader skill discovery

This snapshots the current repository updates as a coherent release-prep
baseline: workspace/package scaffolding, release automation docs and
workflows, refreshed skill/setup documentation, roadmap expansion, and
the README thumbnail polish.

Constraint: Node packages in this repo must use npm workspaces and Changesets for releases
Constraint: Python release automation stays scaffold-only until a real package exists
Rejected: Split the current work into multiple commits | user asked to commit the current changes together
Confidence: medium
Scope-risk: moderate
Reversibility: clean
Directive: Keep release docs, workflows, and package metadata aligned when adding future packages
Tested: npm run ci
Not-tested: GitHub Actions execution on remote after push

2026-03-25 23:57:53 +09:00

Jeffrey (Dongkyu) Kim

363a739b18

Remove the account requirement from k-skill secret handling

Credential-bearing skills now point to a shared cross-platform setup based on sops plus age instead of a hosted password manager. The repo also gains a default setup skill and a small verification script so users can bring one encrypted secrets file to every relevant skill.

Constraint: The secret workflow must work on macOS, Linux, and Windows without mandatory vendor signup
Rejected: Keep 1Password CLI as the default | it requires account creation and sign-in
Rejected: Plaintext .env as the default | too easy to leak in a repo and too easy for tools to read at rest
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: If a future skill needs stronger isolation than exec-env provides, expose a capability wrapper instead of injecting the raw secret
Tested: bash scripts/validate-skills.sh
Tested: npx --yes skills add . --list
Tested: bash scripts/check-setup.sh (expected failure without sops/age installed)
Not-tested: End-to-end sops encryption and exec-env flow on a machine with sops and age installed

2026-03-25 00:55:26 +09:00

3 commits