- 루트에 한국어 CONTRIBUTING.md 신설. 커뮤니케이션 언어, dev 브랜치 PR
규칙, 새 스킬 추가 체크리스트, Changesets 흐름, 무료/유료 API 및
k-skill-proxy 정책, proxy 코드 변경 흐름, 시크릿 정책, 홈 디렉터리
스킬 동기화 규칙, 로컬 검증, 관련 문서 링크 정리.
- README.md '문서' 표에 CONTRIBUTING.md 링크 한 줄 추가.
- 문서 전용 변경이라 .changeset/*.md 는 추가하지 않음.
Closes#202
* chore: version packages
* Merge dev into main (#197)
* fix(toss-securities): clarify session expiry and quote 403 handling
* Clarify toss empty-output session expiry
Portfolio and watchlist reads can exit successfully with empty payloads when the stored Toss session has expired. The empty-output path now verifies the session before JSON parsing and only promotes confirmed invalid auth doctor data into TossSessionExpiredError.
Constraint: Scope is limited to toss-securities issue #126 follow-up on PR #192
Rejected: Treat auth doctor execution failures as expired sessions | unsupported or failing doctor output is inconclusive without parsed session.valid=false
Confidence: high
Scope-risk: narrow
Directive: Keep empty-result session expiry classification tied to explicit auth doctor confirmation
Tested: npm run test --workspace toss-securities; npm run lint --workspace toss-securities; npm run ci; manual mock tossctl blank stdout invalid/inconclusive doctor checks
* Avoid false session-expiry labels for validation errors
The toss wrapper now treats bare validation_error text as an upstream command failure instead of a session-expired signal. Structured auth doctor JSON remains the source of truth for empty portfolio/watchlist invalid-session promotion, while known stored-session-invalid stderr still maps to TossSessionExpiredError.\n\nConstraint: PR #192 follow-up must stay scoped to issue #126 toss-securities behavior.\nRejected: Keep validation_error in the global regex | it mislabels auth doctor transport failures and quote 403 validation errors as session expiry.\nConfidence: high\nScope-risk: narrow\nDirective: Do not broaden the free-text session classifier without regressions for auth doctor and quote upstream validation failures.\nTested: npm run lint --workspace toss-securities; npm run test --workspace toss-securities; npm run ci; manual mock tossctl validation_error checks; architect verification CLEAR\nNot-tested: Live tossctl network/auth session against real Toss upstream
* Align court auction lookup with monthly site search (#196)
The court auction notice page posts a YYYYMM search key from its 조회 button and returns a month of rows. Keep day inputs as a compatibility filter over the monthly response and normalize the current nested detail payload shape.
Constraint: courtauction.go.kr has no public API and blocks bursty automated calls.
Rejected: querying every day independently | the upstream search surface is month-based and day calls return false empty results.
Confidence: high
Scope-risk: narrow
Directive: Preserve the site-observed YYYYMM notice search contract unless the PGJ143M01 XHR changes again.
Tested: npm --workspace packages/court-auction-notice-search test; npm run ci; live 서울중앙지방법원 2026-05 notice/detail smoke lookup.
Not-tested: PR CI after push.
Co-authored-by: OmX <omx@oh-my-codex.dev>
* Guide crawler skills toward reusable discovery (#195)
* chore: version packages
* Guide crawler skills toward reusable discovery
Constraint: User requested insane-search-style guidance for future crawling k-skills without unrelated implementation changes.
Rejected: Adding crawler code or a standalone template | too broad for a docs guidance change and risks dependency creep.
Confidence: high
Scope-risk: narrow
Directive: Keep site-specific access details inside individual skills after a site-agnostic discovery pass.
Tested: npm run ci
Not-tested: Live crawler behavior; documentation-only change.
* Clarify crawler skill discovery guidance
Constraint: Crawling k-skills need site-dependent recipes, but should derive them through a reusable discovery pass.
Rejected: Leaving guidance only in docs/adding-a-skill.md | AGENTS.md and CLAUDE.md also guide future agents.
Confidence: high
Scope-risk: narrow
Directive: Use site-agnostic discovery to find, then explicitly package, the target site's stable access path.
Tested: npm run ci
Not-tested: Live crawler behavior; documentation-only change.
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* Ground corporate registration guidance in official form sources
Keep the consulting skill focused on draft/checklist support while pointing users to current IROS and law.go.kr form sources for submission-ready artifacts.
Constraint: official registry forms can change outside the repository and must be re-downloaded at use time
Rejected: committing copied official HWP/HWPX/PDF forms | they would become stale and risk misleading users
Confidence: high
Scope-risk: narrow
Directive: do not treat Markdown templates as substitutes for official registry submission forms
Tested: npm test
* Ground incorporation drafting in real HWP forms
Bundle official court incorporation forms plus public startup incorporation attachments, and make rhwp-filled HWP outputs the default drafting path for the corporate-registration skill. Replace the listed-company articles reference with a startup-suitable Ministry of Justice stock-company form and record source manifests for bundled binaries.
Constraint: user requires actual sourced HWP templates, not generated placeholder binaries.
Rejected: markdown-only drafting | it cannot produce submission-shaped Korean registry forms.
Rejected: listed-company standard articles as the default reference | it is mismatched for typical startup incorporation.
Confidence: high
Scope-risk: moderate
Directive: keep bundled HWP forms source-backed, sanitized, and edited only through copied working files.
Tested: node --test scripts/skill-docs.test.js; npm run lint; k-skill-rhwp info on bundled HWP files; kordoc conversion spot checks.
Not-tested: manual opening every HWP in Hancom Office and live registry submission.
Co-authored-by: OmX <omx@oh-my-codex.dev>
* Streamline corporate registration forms workflow
Prioritize saved HWP forms for ordinary stock-company promoter incorporations, make required court-registry receipts and director identity certificates explicit, and remove the redundant markdown articles template so the skill stays HWP-first.
Constraint: 법원등기소 기준 체크리스트 must include fee receipts, director seal/signature certificates, and resident-record documents.
Rejected: Keeping a separate markdown articles template | duplicated the stored HWP articles workflow and encouraged non-HWP drafting.
Confidence: high
Scope-risk: narrow
Directive: Keep corporate-registration-consulting focused on stored HWP form copies and explicit issued-document checklists.
Tested: node --test --test-name-pattern 'corporate-registration-consulting' scripts/skill-docs.test.js; node --check scripts/skill-docs.test.js; ./scripts/validate-skills.sh; git diff --check
Not-tested: Full npm run ci was not run because this is a skill documentation/template refactor, not release or package automation.
---------
Co-authored-by: galvaomica <galvaomica@galvaomicaui-MacBookAir.local>
Co-authored-by: OmX <omx@oh-my-codex.dev>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* chore: version packages (#198)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* feat(realtyprice): add address parsing and sido code mapping
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(realtyprice): use string sido codes for consistency with upstream API
* feat(realtyprice): add response normalization and buildResponse
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(realtyprice): add upstream cascade fetch functions with timeout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(realtyprice): add lookupGongsijiga orchestrator with region matching
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(realtyprice): add simple in-memory cache with TTL
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(proxy): register GET /realtyprice route with caching
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat: add gongsijiga-search SKILL.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* chore: add changeset for gongsijiga-search
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(realtyprice): align with actual realtyprice.kr API response format
- Response wraps data in model.list (not bjdList/gsiList)
- Field names are code/name (not bjd_cd/bjd_nm)
- bun2 empty → send "0000" (not empty string)
- eupmyeondong matching: try full string match first (API returns
combined "면 리" names like "청계면 청천리")
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(gongsijiga-search): align /realtyprice route with v1 API convention
- Change route from /realtyprice to /v1/realtyprice for consistency with other proxy endpoints.
- Add realtypriceConfigured flag to /health upstreams.
- Normalize address cache key by collapsing multiple whitespaces.
- Update SKILL.md and README.md to reflect the new v1 path.
* feat(gongsijiga-search): add Sejong special-city support
- parseAddress: allow 3-token minimum for Sejong (no sigungu) and set sigungu to empty string.
- lookupGongsijiga: skip sigungu lookup for Sejong (sidoCode 29), use fixed sggCode 36110.
- Add Sejong parseAddress and lookupGongsijiga test cases.
- Update SKILL.md with Sejong address format examples.
* refactor(gongsijiga-search): split realtyprice.kr lookup into standalone package
realtyprice.kr is a fully public endpoint that needs no API key, so per
the new k-skill-proxy inclusion rule (proxy is for keyed upstreams only)
the helper now ships as `gongsijiga-search` and is invoked directly from
the user's machine.
- new workspace package packages/gongsijiga-search/ following the
blue-ribbon-nearby/coupang-product-search convention (publishConfig,
files, repository, keywords)
- remove /v1/realtyprice route, realtyprice.js, realtyprice.test.js, and
the realtypriceConfigured health flag from k-skill-proxy
- document the inclusion rule in AGENTS.md and CLAUDE.md so future skills
default to direct calls when no key is required
- advertise the new skill in README.md, docs/install.md, and add
docs/features/gongsijiga-search.md
- drop the hardcoded toss-securities lockfile version assertion that
pinned a workspace version (would block changesets version-packages)
and document the anti-pattern in AGENTS.md / CLAUDE.md
- changesets: refresh the proxy refactor message and add a patch
changeset so the new gongsijiga-search package gets published
---------
Co-authored-by: Jeffrey (Dongkyu) Kim <vkehfdl1@gmail.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: galvaomica <galvaomica@galvaomicaui-MacBookAir.local>
Co-authored-by: OmX <omx@oh-my-codex.dev>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* Add korean-transit-route skill
* Apply review fixes to korean-transit-route skill
- Add Done when and Failure modes sections to align with SKILL.md template
- Fix Python geocode example to use with-statement for urlopen
- Add korean-transit-route to README.md skill table and feature list
- Add docs/features/korean-transit-route.md guide
---------
Co-authored-by: Jeffrey (Dongkyu) Kim <vkehfdl1@gmail.com>
Prioritize saved HWP forms for ordinary stock-company promoter incorporations, make required court-registry receipts and director identity certificates explicit, and remove the redundant markdown articles template so the skill stays HWP-first.
Constraint: 법원등기소 기준 체크리스트 must include fee receipts, director seal/signature certificates, and resident-record documents.
Rejected: Keeping a separate markdown articles template | duplicated the stored HWP articles workflow and encouraged non-HWP drafting.
Confidence: high
Scope-risk: narrow
Directive: Keep corporate-registration-consulting focused on stored HWP form copies and explicit issued-document checklists.
Tested: node --test --test-name-pattern 'corporate-registration-consulting' scripts/skill-docs.test.js; node --check scripts/skill-docs.test.js; ./scripts/validate-skills.sh; git diff --check
Not-tested: Full npm run ci was not run because this is a skill documentation/template refactor, not release or package automation.
Bundle official court incorporation forms plus public startup incorporation attachments, and make rhwp-filled HWP outputs the default drafting path for the corporate-registration skill. Replace the listed-company articles reference with a startup-suitable Ministry of Justice stock-company form and record source manifests for bundled binaries.
Constraint: user requires actual sourced HWP templates, not generated placeholder binaries.
Rejected: markdown-only drafting | it cannot produce submission-shaped Korean registry forms.
Rejected: listed-company standard articles as the default reference | it is mismatched for typical startup incorporation.
Confidence: high
Scope-risk: moderate
Directive: keep bundled HWP forms source-backed, sanitized, and edited only through copied working files.
Tested: node --test scripts/skill-docs.test.js; npm run lint; k-skill-rhwp info on bundled HWP files; kordoc conversion spot checks.
Not-tested: manual opening every HWP in Hancom Office and live registry submission.
Co-authored-by: OmX <omx@oh-my-codex.dev>
Keep the consulting skill focused on draft/checklist support while pointing users to current IROS and law.go.kr form sources for submission-ready artifacts.
Constraint: official registry forms can change outside the repository and must be re-downloaded at use time
Rejected: committing copied official HWP/HWPX/PDF forms | they would become stale and risk misleading users
Confidence: high
Scope-risk: narrow
Directive: do not treat Markdown templates as substitutes for official registry submission forms
Tested: npm test
* chore: version packages
* Guide crawler skills toward reusable discovery
Constraint: User requested insane-search-style guidance for future crawling k-skills without unrelated implementation changes.
Rejected: Adding crawler code or a standalone template | too broad for a docs guidance change and risks dependency creep.
Confidence: high
Scope-risk: narrow
Directive: Keep site-specific access details inside individual skills after a site-agnostic discovery pass.
Tested: npm run ci
Not-tested: Live crawler behavior; documentation-only change.
* Clarify crawler skill discovery guidance
Constraint: Crawling k-skills need site-dependent recipes, but should derive them through a reusable discovery pass.
Rejected: Leaving guidance only in docs/adding-a-skill.md | AGENTS.md and CLAUDE.md also guide future agents.
Confidence: high
Scope-risk: narrow
Directive: Use site-agnostic discovery to find, then explicitly package, the target site's stable access path.
Tested: npm run ci
Not-tested: Live crawler behavior; documentation-only change.
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Kept PR session-expiry behavior while accepting dev's explicit inconclusive-auth documentation and regression coverage.
Constraint: PR #192 targets dev and was DIRTY due to README/test conflicts after origin/dev advanced.
Rejected: Dropping dev regression cases | would reintroduce false session-expiry risk documented on dev.
Confidence: high
Scope-risk: narrow
Directive: Preserve empty-output session checks as inconclusive unless auth doctor confirms session.valid === false.
Tested: npm test --workspace packages/toss-securities; git diff --check
Co-authored-by: OmX <omx@oh-my-codex.dev>
The court auction notice page posts a YYYYMM search key from its 조회 button and returns a month of rows. Keep day inputs as a compatibility filter over the monthly response and normalize the current nested detail payload shape.
Constraint: courtauction.go.kr has no public API and blocks bursty automated calls.
Rejected: querying every day independently | the upstream search surface is month-based and day calls return false empty results.
Confidence: high
Scope-risk: narrow
Directive: Preserve the site-observed YYYYMM notice search contract unless the PGJ143M01 XHR changes again.
Tested: npm --workspace packages/court-auction-notice-search test; npm run ci; live 서울중앙지방법원 2026-05 notice/detail smoke lookup.
Not-tested: PR CI after push.
Co-authored-by: OmX <omx@oh-my-codex.dev>
* Protect explicit Korail train-type replay
Issue #171 added explicit train-type selection for non-KTX Korail routes. The merged implementation already wires search and reserve through TRAIN_TYPE_MAP; this follow-up locks that behavior with command-level and parser regression coverage, removes stale test import noise, and aligns the skill shortlist wording with the broader train_type output.
Constraint: The ktx-booking skill keeps ktx as the default train type for backward compatibility.
Rejected: Encode train type into train_id in this follow-up | larger selector schema change already marked as non-blocking UX follow-up.
Confidence: high
Scope-risk: narrow
Directive: Do not hardcode command_search or command_reserve back to TrainType.KTX; keep parser choices derived from TRAIN_TYPE_MAP.
Tested: python3 scripts/ktx_booking.py search --help
Tested: python3 scripts/ktx_booking.py reserve --help
Tested: PYTHONPATH=scripts python3 -m unittest scripts.test_ktx_booking
Tested: python3 -m py_compile scripts/ktx_booking.py scripts/test_ktx_booking.py
Tested: PYTHONNOUSERSITE=1 PYTHONPATH=scripts python3 -S -c 'import ktx_booking; print(ktx_booking._KORAIL_IMPORT_ERROR); print(ktx_booking.TRAIN_TYPE_MAP["itx-cheongchun"])'
Tested: PYTHONNOUSERSITE=1 PYTHONPATH=scripts python3 -m unittest discover -s scripts -p 'test_ktx_booking.py'
Tested: python3 -S scripts/ktx_booking.py search --help; python3 -S scripts/ktx_booking.py reserve --help
Tested: npm run lint
Tested: npm run typecheck
Tested: npm test
Not-tested: Live Korail search/reserve requiring credentials and external availability
* Guard KTX search default during train-type regression
Issue #171 locked explicit train-type choices for Korail search and reserve flows. The follow-up review found reserve default coverage but no direct search default assertion, so this adds the narrow parser regression without changing runtime behavior.\n\nConstraint: Issue #171 requires search and reserve train-type behavior to stay regression-covered.\nRejected: Broaden command-level tests for every train type | parser choices already loop over TRAIN_TYPE_MAP and command forwarding is covered for the non-KTX regression route.\nConfidence: high\nScope-risk: narrow\nTested: PYTHONPATH=scripts python3 -m unittest scripts.test_ktx_booking\nTested: python3 -m py_compile scripts/ktx_booking.py scripts/test_ktx_booking.py\nTested: npm run lint\nTested: npm run typecheck\nTested: npm test\nNot-tested: live Korail search/reserve requiring credentials and external service availability
* Tighten KTX train-type regression tests
The Issue #171 follow-up already locked the train-type CLI behavior. This pass addresses the remaining review cleanup in the modified test file by narrowing the normalized train_id before reuse and tidying formatting without changing behavior.
Constraint: Keep the PR scoped to ktx-booking regression coverage and documentation
Rejected: Encode train_type into train_id in this follow-up | broader selector migration is outside the approved regression scope
Confidence: high
Scope-risk: narrow
Tested: PYTHONPATH=scripts python3 -m unittest scripts.test_ktx_booking
Tested: python3 -m py_compile scripts/ktx_booking.py scripts/test_ktx_booking.py
Tested: pyright scripts/test_ktx_booking.py
Tested: npm run lint
Tested: npm run typecheck
Tested: npm test
Not-tested: live Korail search/reserve requiring credentials and external service availability
* fix(toss-securities): clarify session expiry and quote 403 handling
* Clarify toss empty-output session expiry
Portfolio and watchlist reads can exit successfully with empty payloads when the stored Toss session has expired. The empty-output path now verifies the session before JSON parsing and only promotes confirmed invalid auth doctor data into TossSessionExpiredError.
Constraint: Scope is limited to toss-securities issue #126 follow-up on PR #192
Rejected: Treat auth doctor execution failures as expired sessions | unsupported or failing doctor output is inconclusive without parsed session.valid=false
Confidence: high
Scope-risk: narrow
Directive: Keep empty-result session expiry classification tied to explicit auth doctor confirmation
Tested: npm run test --workspace toss-securities; npm run lint --workspace toss-securities; npm run ci; manual mock tossctl blank stdout invalid/inconclusive doctor checks
* Avoid false session-expiry labels for validation errors
The toss wrapper now treats bare validation_error text as an upstream command failure instead of a session-expired signal. Structured auth doctor JSON remains the source of truth for empty portfolio/watchlist invalid-session promotion, while known stored-session-invalid stderr still maps to TossSessionExpiredError.\n\nConstraint: PR #192 follow-up must stay scoped to issue #126 toss-securities behavior.\nRejected: Keep validation_error in the global regex | it mislabels auth doctor transport failures and quote 403 validation errors as session expiry.\nConfidence: high\nScope-risk: narrow\nDirective: Do not broaden the free-text session classifier without regressions for auth doctor and quote upstream validation failures.\nTested: npm run lint --workspace toss-securities; npm run test --workspace toss-securities; npm run ci; manual mock tossctl validation_error checks; architect verification CLEAR\nNot-tested: Live tossctl network/auth session against real Toss upstream
* Preserve toss empty-response auth-doctor contract
The prior review identified the empty portfolio/watchlist promotion rule as an upstream-contract dependency worth making explicit. Add regression coverage for the non-invalid auth doctor path and document that only parsed JSON with session.valid false promotes empty results to TossSessionExpiredError.
Constraint: Scope is issue #126 / toss-securities only; public-restroom-nearby changes are excluded.
Rejected: Treat any auth doctor output as session-expiry evidence | false positives would relabel valid empty portfolio/watchlist responses.
Confidence: high
Scope-risk: narrow
Directive: Do not broaden empty-response promotion unless tossctl provides a stronger authenticated-empty-result contract.
Tested: npm run lint --workspace toss-securities
Tested: npm run test --workspace toss-securities (15/15)
Tested: npm run ci
Tested: Manual mock tossctl empty portfolio with session.valid true preserved []
Tested: Architect verification CLEAR
Not-tested: Live Toss Securities account session behavior.
---------
Co-authored-by: galvaomica <galvaomica@galvaomicaui-MacBookAir.local>
The toss wrapper now treats bare validation_error text as an upstream command failure instead of a session-expired signal. Structured auth doctor JSON remains the source of truth for empty portfolio/watchlist invalid-session promotion, while known stored-session-invalid stderr still maps to TossSessionExpiredError.\n\nConstraint: PR #192 follow-up must stay scoped to issue #126 toss-securities behavior.\nRejected: Keep validation_error in the global regex | it mislabels auth doctor transport failures and quote 403 validation errors as session expiry.\nConfidence: high\nScope-risk: narrow\nDirective: Do not broaden the free-text session classifier without regressions for auth doctor and quote upstream validation failures.\nTested: npm run lint --workspace toss-securities; npm run test --workspace toss-securities; npm run ci; manual mock tossctl validation_error checks; architect verification CLEAR\nNot-tested: Live tossctl network/auth session against real Toss upstream
Portfolio and watchlist reads can exit successfully with empty payloads when the stored Toss session has expired. The empty-output path now verifies the session before JSON parsing and only promotes confirmed invalid auth doctor data into TossSessionExpiredError.
Constraint: Scope is limited to toss-securities issue #126 follow-up on PR #192
Rejected: Treat auth doctor execution failures as expired sessions | unsupported or failing doctor output is inconclusive without parsed session.valid=false
Confidence: high
Scope-risk: narrow
Directive: Keep empty-result session expiry classification tied to explicit auth doctor confirmation
Tested: npm run test --workspace toss-securities; npm run lint --workspace toss-securities; npm run ci; manual mock tossctl blank stdout invalid/inconclusive doctor checks
The fallback TrainType class only defined ALL/KTX, but TRAIN_TYPE_MAP
references ITX_SAEMAEUL, MUGUNGHWA, NURIRO, TONGGUEN, ITX_CHEONGCHUN,
and AIRPORT at import time, so the module crashed with AttributeError
in environments where korail2 is missing. This bypassed the controlled
guidance from ensure_runtime_dependencies() and broke even `--help`.
Mirror upstream korail2.TrainType numeric IDs in the fallback so the
import-time TRAIN_TYPE_MAP construction succeeds and the helper can
surface its install message. Add regression tests that exercise the
missing-korail2 path via subprocess to lock the behavior in.
Addresses round 2 review on #172.
Implement Workflow A (매각공고 → 사건/물건 펼치기) and Workflow B
(사건번호 직조회) MVP for the official 대법원경매정보 site
courtauction.go.kr. The package exposes searchSaleNotices,
getSaleNoticeDetail, getCaseByCaseNumber, and getCourtCodes plus a
court-auction-notice-search CLI mirror. Direct HTTP transport is the
default with a Playwright fallback (rebrowser-playwright /
playwright-core, dynamic import) for blocked/5xx situations.
Anti-bot guardrails: minimum 2s + jitter between calls, 10-call
session budget, immediate BLOCKED throw on data.ipcheck === false, and
no automatic retry to avoid extending the site's IP block. Fixtures
were captured from live courtauction.go.kr endpoints during discovery
and live smoke tests verify each public API end-to-end.
Workflow C (자유 조건검색), Workflow D (일별/월별 캘린더), 매각물건
사진/PDF, and 동산 경매는 follow-up issues로 분리됨.
Promoted upstream jangbu skills now preflight every Claude and agents top-level destination before the installer mutates home skill directories. This keeps unrelated user-authored skills from causing a mixed partial discovery state, while preserving the existing managed-marker overwrite path and the explicit override escape hatch.
The installer also prints the namespace re-sync warning next to the upstream runtime install command so users know to restore wrapper-managed top-level skills after running upstream's Claude-only installer.
Constraint: Upstream skill contents must be checked out before collision preflight can validate promoted SKILL.md files.
Rejected: Roll back cache checkout on collision | cache writes are outside the advertised home skill discovery namespace and are needed to inspect pinned upstream content.
Confidence: high
Scope-risk: narrow
Directive: Keep promoted-skill collision checks before install_wrapper_payload and sync_dir calls for home skill roots.
Tested: bash -n korean-jangbu-for/scripts/install.sh
Tested: node --test scripts/skill-docs.test.js --test-name-pattern='korean-jangbu-for'
Tested: temp HOME real pinned upstream install and .agents jangbu-tax collision preflight smoke
Tested: npm run ci
The last PR review found only a readability nit in the merge/dedupe comparator. The comparator body is now indented consistently with adjacent sort callbacks, and a narrow regression locks the requested style expectation for this review follow-up.
Constraint: Existing PR #180 follow-up requested TDD even for the approved readability-only change
Rejected: Introduce a formatter dependency | outside the small approved follow-up scope
Confidence: high
Scope-risk: narrow
Reversibility: clean
Tested: npm test --workspace public-restroom-nearby
Tested: KAKAO_REST_API_KEY=env-test KAKAO_REST_APIKEY=env-alt npm test --workspace public-restroom-nearby
Tested: npm run lint --workspace public-restroom-nearby
Tested: npm run ci
Tested: mocked searchNearbyPublicRestroomsByCoordinates smoke run
Not-tested: live Kakao API calls
The promoted upstream subskills need to be discoverable without making home installs destructive or incomplete. The wrapper installer now copies its support payload into both home skill roots, allows installed-wrapper reruns, and refuses to overwrite unrelated top-level jangbu-* skills unless explicitly overridden.
Constraint: PR #181 review requires top-level subskill discovery under both Claude and agents roots.
Constraint: Home installs must remain re-runnable without a source checkout.
Rejected: Continue using generic sync_dir for promoted skills | it silently deletes unrelated user-authored skills.
Confidence: high
Scope-risk: narrow
Directive: Do not bypass the promoted-skill ownership check without preserving unrelated home skill directories.
Tested: node --test scripts/skill-docs.test.js --test-name-pattern='korean-jangbu-for'
Tested: bash -n korean-jangbu-for/scripts/install.sh
Tested: bash korean-jangbu-for/scripts/install.sh plus installed ~/.claude and ~/.agents wrapper reruns
Tested: bash ~/.claude/skills/korean-jangbu-for/upstream/scripts/install.sh and verify.sh with Python 3.11 shim
Tested: npm run ci
Tested: Architect verification APPROVED
Not-tested: Live CODEF collection requiring user BYOK credentials and external authentication
Kakao coord2address correction is optional display enrichment, so API failures should not abort CSV-backed restroom results. The correction loop now records a normalized warning and leaves the original CSV item intact, matching the fail-open behavior used by other Kakao enrichment layers.
Constraint: PR #180 review follow-up required TDD and warning metadata in meta.kakaoErrors
Rejected: Let coord2address failures bubble | optional display correction should not take down core CSV results
Confidence: high
Scope-risk: narrow
Tested: npm test --workspace public-restroom-nearby; KAKAO_REST_API_KEY=env-test KAKAO_REST_APIKEY=env-alt npm test --workspace public-restroom-nearby; npm run lint --workspace public-restroom-nearby; npm run ci; mocked coord2address 429 smoke run
The wrapper advertised upstream /jangbu-* routing for both Claude and agent-compatible installs, but only nested the pinned upstream checkout. The installer now registers the upstream subskills at top level in both home skill roots while appending the wrapper attribution and accounting disclaimer policy to direct subskill use.
Constraint: PR review required top-level discovery for ~/.claude/skills and ~/.agents/skills
Constraint: korean-jangbu-for responses must retain original link, @kimlawtech (SpeciAI), Apache-2.0, and accounting/tax disclaimer
Rejected: Copy raw upstream subskills unchanged | direct /jangbu-* use would bypass mandatory wrapper response policy
Confidence: high
Scope-risk: narrow
Tested: node --test scripts/skill-docs.test.js --test-name-pattern='korean-jangbu-for'
Tested: bash korean-jangbu-for/scripts/install.sh plus top-level Claude/agents subskill marker checks
Tested: upstream runtime install and verify with Python 3.11 shim
Tested: npm run ci
Kakao CSV display correction now defaults to the requested visible limit instead of the whole normalized CSV set, while explicit csvCorrectionLimit can still widen the window. Optional Kakao keyword/category enrichment failures are isolated as metadata so CSV results remain usable when Kakao rate-limits or fails.
Constraint: PR #180 review identified quota and reliability blockers in the Kakao enrichment path
Rejected: Keep Promise.all fail-fast semantics | optional enrichment must not mask official CSV results
Rejected: Correct every CSV row by default | broad CSV responses can exceed latency and quota expectations
Confidence: high
Scope-risk: narrow
Directive: Keep official CSV as the primary source; Kakao enrichment failures should stay non-fatal unless a future explicit strict mode is added
Tested: KAKAO_REST_API_KEY=env-test npm test --workspace public-restroom-nearby
Tested: KAKAO_REST_API_KEY=env-test KAKAO_REST_APIKEY=env-alt npm test --workspace public-restroom-nearby
Tested: npm run lint --workspace public-restroom-nearby
Tested: npm run ci
Tested: mocked smoke run confirmed 1 returned CSV item, 1 coord2address call, and 3 Kakao layer warnings
Not-tested: live Kakao API behavior with a real API key
Issue #173 needs a k-skill entry point centered on kimlawtech/korean-jangbu-for while preserving upstream attribution and accounting/tax disclaimers. Add a thin wrapper with pinned upstream install, bundled Apache license/disclaimer/notice, docs, and regression coverage for the required original link and @kimlawtech (SpeciAI) mention.\n\nConstraint: Upstream implementation remains in kimlawtech/korean-jangbu-for and is installed by pinned SHA instead of vendoring runtime payload into k-skill\nConstraint: Generated accounting/tax outputs are reference drafts, not official audits or tax filings\nRejected: Reimplement ledger automation locally | would duplicate upstream and widen maintenance scope\nConfidence: high\nScope-risk: narrow\nDirective: Keep responses for this skill citing https://github.com/kimlawtech/korean-jangbu-for and @kimlawtech (SpeciAI); do not remove tax/accounting disclaimers\nTested: node --test scripts/skill-docs.test.js --test-name-pattern='korean-jangbu-for'\nTested: bash korean-jangbu-for/scripts/install.sh\nTested: bash ~/.claude/skills/korean-jangbu-for/upstream/scripts/install.sh with Python 3.11 PATH shim\nTested: bash ~/.claude/skills/korean-jangbu-for/upstream/scripts/verify.sh\nTested: npm run ci\nNot-tested: CODEF live collection flow; requires user BYOK credentials and external auth
The public-restroom lookup now keeps the official CSV as the authoritative first layer while enriching sparse areas with Kakao Local keyword and gas-station searches when a REST API key is configured. All returned POIs are normalized onto local haversine distance calculations so Kakao's unreliable distance field cannot affect ordering, and map links encode names before coordinates.\n\nThe CSV path can optionally use Kakao coord2address to correct display names and addresses for known source-data coordinate mismatches without changing the default no-key behavior.\n\nConstraint: Kakao REST API requires caller-provided REST API key via option or KAKAO_REST_API_KEY\nConstraint: Existing no-key CSV-only behavior must continue to work\nRejected: Replace CSV with Kakao-only search | loses official open-time metadata and source priority\nRejected: Trust Kakao distance field | issue evidence shows user-origin mismatch\nConfidence: high\nScope-risk: moderate\nDirective: Keep CSV sourceLayer priority ahead of Kakao dedupe unless official data is explicitly deprecated\nTested: npm test --workspace public-restroom-nearby\nTested: npm run lint --workspace public-restroom-nearby\nTested: npm run ci\nNot-tested: Live Kakao REST API call with a production key
Date-driven LCK lookups should fail fast for impossible user input instead of silently returning an empty match list. The parser now validates month/day bounds with explicit leap-year handling, and the tests lock both direct normalization and schedule normalization behavior.
Constraint: PR #55 review requested a regression for 2026-02-31 before implementation
Rejected: Rely on Date parsing round-trip | explicit bounds avoid timezone and overflow normalization surprises
Confidence: high
Scope-risk: narrow
Directive: Keep date validation before schedule filtering so invalid user dates cannot become misleading no-match responses
Tested: node --test packages/lck-analytics/test/index.test.js scripts/skill-docs.test.js
Tested: npm run lint --workspace lck-analytics
Tested: npm test --workspace lck-analytics
Tested: npm run ci
Tested: getMatchResults('2026-02-31') rejection smoke
Tested: getLckSummary('2026-04-01', { team: '한화', includeStandings: true }) live smoke
Tested: lck-analytics script smokes for sync-oracle, build-match-report, and analyze-live-game
The cleanup helper now streams local logs, reports which evidence sources were merged, and keeps README table coverage tied to the central skill-name fixture so the documented cleanup signal stays trustworthy for large local histories and mixed imported counts.
Constraint: Follow-up addresses PR #178 review comments without changing the non-destructive recommendation model.
Rejected: Filtering imported usage JSON by --days inside the helper | imported counts are already aggregated and lack per-record timestamps.
Confidence: high
Scope-risk: narrow
Directive: Keep --usage-json documented as pre-windowed unless the input schema gains timestamped per-record events.
Tested: PYTHONPATH=scripts python3 -m unittest scripts.test_k_skill_cleaner
Tested: node --test scripts/skill-docs.test.js
Tested: npm run lint
Tested: npm run typecheck && npm test
Tested: npm run ci
The standalone helper is advertised from inside the k-skill-cleaner directory, so --skills-root . now resolves that self-skill directory to its parent skills root before scanning siblings. A subprocess regression locks the installed-skill layout that previously returned skill_count 0.\n\nConstraint: Preserve the documented standalone command without requiring users to switch to --skills-root ..\nRejected: Documentation-only fix | would make the advertised command more brittle and leave existing users with empty reports\nConfidence: high\nScope-risk: narrow\nDirective: Keep standalone helper invocation from inside k-skill-cleaner covered when changing root detection\nTested: PYTHONPATH=scripts python3 -m unittest scripts.test_k_skill_cleaner\nTested: Standalone temp-layout smoke from inside k-skill-cleaner with --skills-root .\nTested: npm run lint && npm run typecheck && npm test && npm run ci
The cleanup helper is now shipped inside the k-skill-cleaner skill payload while the repo-root script remains as a compatibility wrapper. The CLI also enforces the interview-selected usage window with --days/--since and reports the effective cutoff so recommendations match the documented contract.\n\nConstraint: Selective skill installs only receive files under the skill directory.\nRejected: Remove k-skill-cleaner from selective install docs | the feature is intended to be installable standalone.\nConfidence: high\nScope-risk: narrow\nDirective: Keep the skill-local helper as the canonical implementation; the root script should stay a thin wrapper.\nTested: PYTHONPATH=scripts python3 -m unittest scripts.test_k_skill_cleaner\nTested: node --test scripts/skill-docs.test.js\nTested: CLI smoke via k-skill-cleaner/scripts/k_skill_cleaner.py with --days 90\nTested: npm run lint\nTested: npm run typecheck && npm test\nTested: npm run ci\nTested: Architect verification APPROVED\nNot-tested: Live agent transcript schemas beyond fixture-style local log samples
Add a conservative k-skill-cleaner workflow that interviews users, scans best-effort agent trigger logs, and reports deletion or review candidates without mutating skill directories automatically.
Constraint: Trigger-count storage differs by coding agent and may be absent or rotated locally
Rejected: Auto-delete low-usage skills | cleanup recommendations need explicit user approval because log signals are incomplete
Confidence: high
Scope-risk: narrow
Directive: Keep deletion behavior recommendation-only unless a future issue explicitly approves mutation with stronger safeguards
Tested: PYTHONPATH=scripts python3 -m unittest scripts.test_k_skill_cleaner; helper CLI smoke; npm run lint; npm run typecheck && npm test; npm run ci; architect verification
Not-tested: Live exports from OpenClaw/ClawHub or Hermes Agent because no stable public local trigger-count schema is assumed
The IROS docs now make the corp-number happy path produce the company-name list that pinned upstream iros_download.py opens after payment, and route the customer workbook excel_path into the same private workdir boundary as other sensitive inputs and outputs.
Constraint: Live IROS login/payment smoke requires user credentials, certificate/authentication, and card payment authority
Rejected: Rely on upstream data/ defaults | leaves real customer workbook and company list paths inside the cloned repository
Confidence: high
Scope-risk: narrow
Tested: node --test --test-name-pattern='iros-registry-automation' scripts/skill-docs.test.js
Tested: ./scripts/validate-skills.sh
Tested: npm run lint && npm run typecheck && npm test
Tested: npm run ci
Tested: cloned pinned upstream SHA and verified companies_list, excel_path, and configured paths resolve under private temp workdir
Not-tested: Live IROS login/payment smoke; requires user credentials/authentication/payment authority
The IROS skill delegates sensitive browser automation to an upstream Playwright implementation, so the execution guide now checks out a reviewed SHA and keeps real inputs and generated files in a private workdir instead of the clone. Regression coverage locks the pin and privacy-path contract to prevent future docs drift.\n\nConstraint: PR #177 review required an enforceable upstream execution boundary before merge\nConstraint: Live IROS login and payment smoke requires user credentials and card authority\nRejected: Continue documenting mutable upstream HEAD | unsafe for authenticated legal-document/payment-adjacent flows\nConfidence: high\nScope-risk: narrow\nDirective: Do not update iros-registry-automation/scripts/upstream.pin without reviewing the new upstream diff and updating the documented checkout SHA\nTested: node --test --test-name-pattern='iros-registry-automation' scripts/skill-docs.test.js\nTested: ./scripts/validate-skills.sh\nTested: npm run lint && npm run typecheck && npm test\nTested: npm run ci\nTested: cloned upstream, checked out pinned SHA, rewired config.json to a private temp workdir, and verified selected paths stay under that workdir\nNot-tested: Live IROS login/payment smoke; requires user credentials, certificate/authentication, and payment authority
Issue #175 needs a 등기부등본 skill grounded in the challengekim reference implementation while preserving user control over IROS login, authentication, and payment. Add a docs-first skill with regression coverage that locks the upstream credit, safety boundaries, and repository documentation wiring.
Constraint: Original author link must be mentioned in documentation.\nConstraint: IROS login, certificate authentication, and card payment must remain user-controlled.\nRejected: Add a packaged automation wrapper | no dependency or executable implementation was required and credential/payment flows are high-risk.\nConfidence: high\nScope-risk: narrow\nDirective: Do not remove the challengekim upstream credit or weaken the manual login/payment boundary without a new review.\nTested: node --test --test-name-pattern='iros-registry-automation' scripts/skill-docs.test.js; ./scripts/validate-skills.sh; npm run ci\nNot-tested: Live IROS smoke with real login/payment, intentionally not run without user credentials and payment authority
The new reserve train-type argument is consumed by direct command_reserve
calls as well as the CLI parser, so the existing unit helpers need to
model the parser default and assert non-KTX replay behavior explicitly.
Constraint: PR #172 is now retargeted to dev and must be mergeable without weakening the train_id stability tests
Confidence: high
Scope-risk: narrow
Tested: python3 -m py_compile scripts/ktx_booking.py scripts/test_ktx_booking.py
Tested: PYTHONPATH=.:scripts python3 -m unittest scripts.test_ktx_booking
Tested: npm run lint
The CLI hardcoded TrainType.KTX in command_search and command_reserve,
which silently excluded ITX-청춘, ITX-새마을, 무궁화호, etc. Routes
served only by non-KTX trains (e.g. 남춘천→용산 via ITX-청춘) returned
zero results with no error.
Add an explicit --train-type flag (default: ktx) so the skill keeps
its KTX-first identity but lets users opt into other Korail train
types when needed:
ktx, itx-saemaeul, mugunghwa, nuriro, tonggeun,
itx-cheongchun, airport, all
Default stays as ktx — fully backward compatible. SKILL.md updated
with usage examples for both search and reserve.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Merged origin/dev into feature/#168 and resolved the README table conflict by preserving dev's skill-name column while keeping the corporate-registration-consulting row. The README docs regression mapping now includes the new skill so future table checks cover it.
Constraint: PR #169 must remain reviewable after updating from dev without merging the PR itself
Rejected: Keep the old four-column README row | it would drop dev's issue #165 skill-name column contract
Confidence: high
Scope-risk: narrow
Tested: node --test --test-name-pattern='corporate-registration-consulting' scripts/skill-docs.test.js
Tested: node --test --test-name-pattern='README skill table' scripts/skill-docs.test.js
Tested: npx --yes k-skill-rhwp create-blank <tmp>/blank.hwp and info <tmp>/blank.hwp
Tested: npm run ci
Tighten the Korean corporate registration skill after round-3 review by keeping filled HWP examples outside the repository, turning the investigation-report conclusion into a user/expert-confirmed placeholder, and locking human-only final action prohibitions with regression coverage.
Constraint: Legal-document workflow must avoid collecting or committing filled PII artifacts
Constraint: Agent may prepare drafts and checklists only, not final legal/tax conclusions or filings
Rejected: Add out/ to .gitignore | safer to teach non-repo private output for sensitive generated forms
Confidence: high
Scope-risk: narrow
Tested: node --test --test-name-pattern='corporate-registration-consulting' scripts/skill-docs.test.js
Tested: npx --yes k-skill-rhwp create-blank <tmp>/blank.hwp && npx --yes k-skill-rhwp info <tmp>/blank.hwp
Tested: npm run ci
Round-two review showed that the new consulting skill still needed explicit stop gates for non-standard incorporation paths and tighter documentation regression locks. The follow-up keeps the user-facing flow beginner-friendly while routing materially different legal/tax structures to official or professional review before draft generation.
Constraint: Legal-document skill must remain reference-only and avoid implying filing, tax, or governance determinations for non-standard cases
Rejected: Keep broad regex alternations for human-only boundaries | they allowed prior safety requirements to regress while tests still passed
Confidence: high
Scope-risk: narrow
Directive: Do not collapse the separate safety-boundary assertions back into alternations without a stronger replacement
Tested: node --test --test-name-pattern='corporate-registration-consulting' scripts/skill-docs.test.js
Tested: npx --yes k-skill-rhwp create-blank <tmp>/blank.hwp && npx --yes k-skill-rhwp info <tmp>/blank.hwp
Tested: npm run ci
The review follow-up closes legal-document safety gaps before merge by locking the expected guidance in the docs regression test and updating the skill surfaces that users and agents rely on. The representative-director clause now avoids board-resolution wording for the common two-director/no-board case, registration-license tax points to the direct 지방세법 제28조 anchor, and PII plus human-only filing boundaries are repeated where filled document workflows can expose sensitive data.
Constraint: PR review requested TDD coverage for legal/tax safety wording and privacy guidance
Rejected: Keep a single generic disclaimer only | document templates also need local warnings where filled artifacts are produced
Confidence: high
Scope-risk: narrow
Directive: Do not remove the repeated privacy and human-only boundaries unless every user-facing generation surface keeps equivalent guidance
Tested: node --test --test-name-pattern='corporate-registration-consulting' scripts/skill-docs.test.js
Tested: npx --yes k-skill-rhwp create-blank <tmp>/blank.hwp && npx --yes k-skill-rhwp info <tmp>/blank.hwp
Tested: npm run ci
Add a reference-only corporate registration consulting skill for first-time Korean incorporation workflows. The skill keeps user decisions explicit, provides conservative articles/document templates, and routes HWP automation through existing rhwp/kordoc surfaces instead of introducing new machinery.
Constraint: Issue #168 requires legal-disclaimer wording, tax pitfall guidance, rhwp-based form support, TDD, and PR delivery to dev.
Rejected: Add a new package or external automation dependency | existing skill docs and rhwp tooling are enough for this documentation/template workflow.
Confidence: high
Scope-risk: narrow
Directive: Do not present generated registration documents as legal or tax advice; keep official-source verification and professional review caveats visible.
Tested: node --test --test-name-pattern='corporate-registration-consulting' scripts/skill-docs.test.js; npx --yes k-skill-rhwp create-blank/info smoke; npm run ci
Not-tested: Live court registry submission or live tax payment, intentionally outside reference-skill scope
