49 commits

Author	SHA1	Message	Date
Jeffrey (Dongkyu) Kim	9f29ed5714	Merge dev into main: new skills & proxy enhancements (#72) ... * Remove client-side Seoul subway key setup Route Seoul subway arrival lookups through k-skill-proxy so the hosted proxy owns the Seoul Open Data upstream key and end users only need the proxy base URL. Add proxy route coverage, update skill/docs guidance, and align setup materials with the hosted proxy flow used for fine dust. Constraint: Must keep the proxy public, read-only, and dependency-free Constraint: Must satisfy TDD-first verification and ship on feature/#35 targeting dev Rejected: Add a separate client helper package | unnecessary extra layer for a single proxy route Rejected: Keep SEOUL_OPEN_API_KEY as an end-user requirement | defeats the issue goal Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep the Seoul subway proxy surface limited to station-arrival passthrough unless tests/docs expand the contract Tested: npm run ci; local proxy runtime on 127.0.0.1:4120 for /health and /v1/seoul-subway/arrival on 2026-03-31 with an invalid upstream key Not-tested: Live success response with a valid Seoul Open API key Related: #35 * Prevent broken Seoul subway proxy defaults before hosted rollout The Seoul subway proxy endpoint code is present locally, but the hosted public route is not live yet. This change turns the user-facing subway docs back into an explicit proxy configuration flow, replaces the misleading hosted default in setup examples, and keeps subway proxy examples on self-host/local URLs until rollout is verified. Constraint: Hosted k-skill-proxy.nomadamas.org/v1/seoul-subway/arrival is not live yet Rejected: Keep the hosted Seoul subway URL as the default path | would send default users to a 404 route Confidence: high Scope-risk: narrow Reversibility: clean Directive: Do not restore a hosted Seoul subway default until the public proxy route is deployed and smoke-verified Tested: node --test scripts/skill-docs.test.js; npm run ci; local proxy smoke on 127.0.0.1:4120 with stubbed Seoul upstream (GET /health, GET /v1/seoul-subway/arrival?stationName=강남) Not-tested: Live hosted proxy smoke after deployment * Reduce Seoul subway proxy upstream pressure with request caching The public subway arrival route already normalized caller input but still re-fetched the Seoul upstream for every identical poll. This change adds a short-TTL cache keyed from the normalized subway query, annotates JSON responses with cache metadata, and locks the repeated-read collapse with a regression that proves alias/default normalization still reuses the cached result. Constraint: The endpoint must stay public/no-auth while protecting a shared server-side SEOUL_OPEN_API_KEY from unnecessary repeated upstream hits Rejected: Add a new shared cache abstraction for proxy metadata | unnecessary for this narrow fix and would enlarge the diff Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep subway cache keys tied to normalizeSeoulSubwayQuery output so alias/default query forms continue collapsing to one upstream request Tested: node --test packages/k-skill-proxy/test/server.test.js Tested: npm run ci Tested: Local proxy runtime on 127.0.0.1:4120 with SEOUL_OPEN_API_KEY=test-seoul-key and stubbed fetch for /health plus repeated /v1/seoul-subway/arrival requests Not-tested: Live hosted proxy rollout state * Document OpenClaw support in the public compatibility list The approved scope for issue #29 was narrowed to README support messaging, so this change adds OpenClaw/ClawHub to the supported-client line and locks that wording with a regression test in the docs suite. Constraint: Issue #29 was approved as a README-only compatibility/docs change Rejected: Broader install-doc updates | out of approved scope for this issue Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep OpenClaw support wording aligned with the supported-client README line and its docs regression test Tested: Focused Node docs regression, npm run lint, npm run typecheck, npm run build, npm test Not-tested: Live OpenClaw or ClawHub install flow (issue scope was documentation-only) * Protect README client-support claims from ClawHub regressions The README already advertises OpenClaw/ClawHub, but the docs regression only matched OpenClaw. Tighten the assertion to the exact supported-client fragment so a future edit cannot silently remove ClawHub while keeping the issue verification command stable. Constraint: PR #39 already publishes a verification command keyed to the current test name Rejected: Rename the test to mention ClawHub explicitly | would drift from the published verification command Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep this regression synchronized with the README supported-client line whenever that copy changes Tested: node --test scripts/skill-docs.test.js --test-name-pattern 'README advertises OpenClaw among the supported coding agents' Tested: npm run lint Tested: npm run typecheck Tested: npm run build Tested: npm test Tested: lsp diagnostics for scripts/skill-docs.test.js (0 errors) Not-tested: N/A * Make Coupang shopper research usable without pretending scraping is stable Coupang blocks unattended shopper queries in this environment, so the new package focuses on the durable pieces we can ship honestly: official URL builders, browser-captured HTML parsers, and explicit automation probes. The docs and skill now explain the seller-API limitation, the verified anti-bot behavior, and the browser-capture fallback expected by callers. Constraint: No general shopper Open API surfaced in Coupang's official developer docs Constraint: Headless/direct retrieval is anti-bot blocked in verified local probes Rejected: Bundle a scraping bypass or hidden browser dependency | violates repo policy and would over-claim reliability Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep probe/docs behavior aligned with fresh live verification before claiming unattended Coupang access works Tested: npm run ci; live probeAutomation(query=생수) with direct fetch + Playwright-core browserFetchHtml; LSP diagnostics on changed JS/test files Not-tested: Headed/manual browser sessions with a human-authenticated Coupang context * Keep the Coupang workspace installable and its entrypoint honest Review follow-up found two contract gaps in the first issue #36 rollout: fresh installs were missing the new workspace link in package-lock, and the package README documented parser helpers that were not exported from the package entrypoint. Refreshing the lockfile and re-exporting the parsers keeps npm ci and consumer imports aligned with the published API. Constraint: npm ci must succeed from a clean checkout Rejected: Narrow the README API list to only client helpers | would hide useful parsers that the package already ships and tests Confidence: high Scope-risk: narrow Reversibility: clean Directive: When adding a new workspace, refresh package-lock and verify the package entrypoint matches README public API claims Tested: npm run ci; workspace coupang-product-search tests; LSP diagnostics on coupang-product-search JS/test files Not-tested: published npm install from registry (local pack dry-run only) * Keep Coupang anti-bot docs honest as probe results drift A same-day PR rerun showed the published mobile probe snapshot was already stale, so the follow-up locks the 403/access-denied mobile path with regression coverage and softens the docs/skill contract to describe blocked outcome classes instead of one frozen signature. The published guidance now also explains that browser results only appear when browserFetchHtml is injected, matching what a clean checkout can actually reproduce. Constraint: Coupang anti-bot responses vary by edge/challenge between reruns on the same day Rejected: Freeze one exact mobile probe snapshot | same-day reruns already diverged Confidence: high Scope-risk: narrow Reversibility: clean Directive: Refresh Coupang anti-bot docs only with same-day live probe evidence, and prefer blocked outcome classes over a single exact signature when reruns disagree Tested: npm run lint; npm run typecheck; npm test; npm run ci; live probeAutomation("생수") with direct fetch + Playwright-core browser fetch Not-tested: Non-Chrome Playwright-core executables * Keep the Coupang skill honest about clean-checkout browser probes The approved follow-up already documented that clean-checkout probeAutomation runs leave browser unset unless a browser fetcher is injected, but the skill text itself had not made that null contract explicit. This commit adds a regression test that locks the browser-null wording across the published docs surfaces and updates the skill so the stated behavior matches the package implementation and clean-checkout reality. Constraint: probeAutomation() only populates browser when browserFetchHtml is supplied by the caller Rejected: Leave the skill wording implicit and rely on README examples alone | the skill could drift away from the shipped package contract again Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the README, feature doc, and skill aligned whenever the probeAutomation browser contract changes Tested: node --test packages/coupang-product-search/test/index.test.js; npm run lint; npm run typecheck; npm test; npm run ci; live probeAutomation("생수") with direct fetch + Playwright-core browser fetch; codex exec review --uncommitted Not-tested: Alternative browser engines beyond local Google Chrome for the manual browserFetchHtml probe * Keep Coupang browser probe docs aligned with manual verification paths The approved PR #40 follow-up still had one wording gap: the skill said when browser results appear, but it did not explicitly say those populated results come from an injected manual/external browserFetchHtml path. This change locks that contract with a failing regression first, then updates the skill text to match the already-shipped README/feature-doc guidance and runtime behavior. Constraint: clean-checkout probeAutomation() must keep browser null unless browserFetchHtml is supplied Rejected: change runtime browser probe behavior | approved follow-up was docs/test only and runtime contract is already correct Confidence: high Scope-risk: narrow Reversibility: clean Directive: keep Coupang probe docs aligned with the shipped browserFetchHtml injection contract; do not imply built-in browser probing in clean checkouts Tested: node --test packages/coupang-product-search/test/index.test.js; npm run lint; npm run typecheck; npm test; npm run ci; live probeAutomation("생수") with direct fetch + Playwright-core browser fetch; lsp diagnostics on changed files; architect review approved Not-tested: alternate browser engines beyond local Google Chrome + playwright-core manual runner * Route Korean law lookups through korean-law-mcp Add a documentation-first korean-law-search skill and lock the repo docs around the rule that Korean law queries must go through korean-law-mcp rather than a new in-repo package. The change updates install/setup/security guidance, publishes the new feature doc, and adds regression tests so future edits keep the LAW_OC + korean-law-mcp contract intact. Constraint: Issue #41 requires korean-law-mcp for every Korean law lookup Constraint: Must not add a new npm or python package in this repository Rejected: Add a repo-local law package | violates the no-new-package requirement and duplicates upstream MCP work Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep Korean law lookup guidance pinned to korean-law-mcp unless issue requirements explicitly change Tested: node --test scripts/skill-docs.test.js Tested: npm install -g korean-law-mcp && korean-law list && korean-law help search_law Tested: npm run ci Tested: npx tsc --noEmit --pretty false --project /Users/jeffrey/Projects/k-skill/tsconfig.json Not-tested: live search_law/get_law_text against a real LAW_OC credential * Clarify Korean law setup modes to avoid credential confusion A review found the new korean-law-search docs treated LAW_OC as an unconditional prerequisite even though the upstream remote MCP endpoint is configured separately from the local CLI/server path. This update makes the docs and regression tests mode-specific: local CLI/MCP uses LAW_OC, while the remote endpoint stays a korean-law-mcp-only url fallback without a user-supplied credential. Constraint: Upstream korean-law-mcp uses LAW_OC on the local CLI/server path while the documented remote MCP endpoint is configured with url only Rejected: Keep LAW_OC mandatory for every korean-law-mcp mode | contradicts upstream docs and reviewer evidence Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep README/setup/skill docs and regression tests aligned on the local-vs-remote korean-law-mcp contract Tested: node --test scripts/skill-docs.test.js; npm install -g korean-law-mcp && korean-law list && korean-law help search_law; npx tsc --noEmit --pretty false --project /Users/jeffrey/Projects/k-skill/tsconfig.json; npm run ci; lsp_diagnostics scripts/skill-docs.test.js Not-tested: Live remote MCP endpoint connection against https://korean-law-mcp.fly.dev/mcp * Record issue #41 follow-up after approved verification The approved korean-law-search change was already present on feature/#41, so this follow-up records a fresh verification pass and updates the PR without introducing unnecessary code churn. Constraint: Existing branch already contained the approved implementation Rejected: Touch repo files without need | would create noise without improving behavior Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the korean-law-mcp-only + mode-specific LAW_OC contract aligned with upstream docs before changing these surfaces again Tested: node --test scripts/skill-docs.test.js; npx tsc --noEmit --pretty false --project /Users/jeffrey/Projects/k-skill/tsconfig.json; npm install -g korean-law-mcp && korean-law list && korean-law help search_law; npm run ci Not-tested: Live korean-law queries that require a real LAW_OC or remote endpoint session * Keep the Korean law feature diff merge-ready Verification uncovered trailing whitespace in the new korean-law feature guide when checking the branch diff. I added a regression to the skill docs suite and removed the whitespace so the approved documentation contract stays clean and reviewable. Constraint: Preserve the existing korean-law-mcp + mode-specific LAW_OC contract without widening scope Rejected: Leave the whitespace issue as-is | git diff --check stayed dirty on the branch Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep docs/features/korean-law-search.md free of trailing whitespace so diff hygiene stays enforced by the regression Tested: node --test scripts/skill-docs.test.js; npx tsc --noEmit --pretty false --project /Users/jeffrey/Projects/k-skill/tsconfig.json; npm install -g korean-law-mcp && korean-law list && korean-law help search_law; npm run ci; git diff --check Not-tested: Live credentialed LAW_OC search execution against the upstream API * Keep Korean law skill guidance aligned with supported lookups The approved issue #41 feature already worked, but the shipped skill text still under-described ordinance and interpretation lookups compared with the documented capability set. This follow-up tightens the skill copy and locks that contract with a doc regression so the branch stays merge-ready without changing the underlying korean-law-mcp routing rules. Constraint: Must preserve the existing korean-law-mcp-only and mode-specific LAW_OC setup contract Rejected: Leave the skill wording as-is | drift from the documented lookup surface would remain Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the skill examples and doc regression aligned whenever supported korean-law-mcp search surfaces change Tested: node --test scripts/skill-docs.test.js Not-tested: live LAW_OC-backed upstream API queries * Keep Korean law completion guidance in sync with enforced lookups The previous follow-up aligned the main skill examples, but the done-criteria text still left interpretation and ordinance routing implicit. This commit makes the completion checklist explicit and extends the doc regression so future edits cannot silently drop those lookup paths. Constraint: Must stay within the existing issue #41 korean-law-mcp-only contract Rejected: Leave the done checklist implicit | reviewers and future edits could drift from the enforced lookup set Confidence: high Scope-risk: narrow Reversibility: clean Directive: When the supported Korean-law lookup set changes, update the done checklist and regression together Tested: node --test scripts/skill-docs.test.js Not-tested: full CI before commit * Enable repeatable used-car price lookups from a rental-company source Issue #46 required surveying major Korean rental companies before implementation and then choosing the easiest stable provider. SK렌터카 다이렉트 exposes 타고BUY inventory in public Next.js page data, so the feature stays dependency-free while still supporting live repeated lookups and documented provider rationale. Constraint: Must compare major Korean rental companies before implementation Constraint: Must verify 10+ live lookups against a real provider surface Rejected: 롯데오토옥션 as v1 provider | public list contract was unstable and legacy .do flows returned inconsistent or 404 pages Rejected: 레드캡렌터카 as v1 provider | no public used-car inventory or API surface was found Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep the v1 provider read-only and inventory-snapshot-based unless a stable documented public API is confirmed Tested: npm run ci Tested: Live 10-query run against https://www.skdirect.co.kr/tb at 2026-04-02T07:22:46Z Tested: LSP diagnostics on affected files Not-tested: Seller-specific detail drilldowns or non-SK providers Related: #46 * Keep used-car-price-search releasable after merge Review feedback found that the new used-car workspace would not ship because it lacked a changeset, and the fallback install docs still omitted the runtime package. This follow-up adds regression coverage first, then restores both release and install-path coverage with the smallest possible diff. Constraint: New publishable workspaces must be wired through Changesets to reach npm release automation Constraint: Fallback install docs must list runtime packages users need when skill files are present but global packages are missing Rejected: Fix only the changeset gap | would leave the documented fallback install path incomplete Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep used-car-price-search in both the fallback global install example and a Changesets entry whenever release wiring changes Tested: node --test scripts/skill-docs.test.js; npx changeset status; live 10-query used-car run against SK direct at 2026-04-02T07:38:44.949Z; npm run ci; LSP diagnostics on used-car package files and scripts/skill-docs.test.js; architect verification Not-tested: No additional live provider permutations beyond the verified 10-query smoke run * Keep used-car verification docs resilient to live inventory churn A fresh rerun showed the SK direct inventory total continues to move during the day, so the feature doc now records the verified smoke-run timestamp without freezing a brittle exact count. The regression suite was updated first so the docs stay variability-aware and diff-clean in future follow-ups. Constraint: Live SK direct inventory totals change over time even when the parsing contract stays stable Rejected: Keep documenting a fixed total from one smoke run | it immediately drifted and made the docs stale Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the used-car live verification note timestamped and variability-aware instead of pinning an exact inventory total Tested: node --test scripts/skill-docs.test.js; git diff --check; npm run ci; npx changeset status; live 10-query run against https://www.skdirect.co.kr/tb at 2026-04-02T07:59:41.391Z; LSP diagnostics on scripts/skill-docs.test.js; architect verification Not-tested: No additional content changes outside the used-car feature doc * Keep used-car query summaries honest when results are limited The review found that query-level stats were being computed from the post-limit slice, so common searches like 아반떼 under-reported both match counts and price ranges. This change locks the regression first, then computes the full filtered set before slicing only the returned items. Constraint: PR #48 must preserve the existing API shape while fixing the review-blocking stats bug Rejected: Expanding the response with separate limited/full summary fields | unnecessary API churn for a targeted bug fix Confidence: high Scope-risk: narrow Reversibility: clean Directive: Query-level summary and matchedCount must stay derived from the full filtered set, not the display limit slice Tested: npm test --workspace used-car-price-search; npm run ci; git diff --check; npx changeset status; live SK direct smoke run on 2026-04-02T08:23:59Z; LSP diagnostics on used-car-price-search source and test files; architect verification APPROVED Not-tested: limit=0 semantics remain unchanged and still coerce to the default limit Related: PR #48 * Keep korean-law-search available during upstream outages (#45) Issue #44 adds Beopmang as the documented fallback when the primary korean-law-mcp path is unavailable, and locks the new routing into the doc regression suite so future edits do not silently revert the policy. Constraint: Existing guidance must still prefer korean-law-mcp and keep LAW_OC scoped to the local CLI/MCP path Rejected: Add a repo-local Beopmang client package | issue only requires fallback registration, not a new implementation surface Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the primary-first rule intact; Beopmang is an outage fallback, not the default path Tested: node --test scripts/skill-docs.test.js; npm run ci; korean-law list; python3 live Beopmang search smoke for 관세법 Not-tested: Live Beopmang MCP handshake from a GUI MCP client * Replace coupang scraping package with coupang-mcp server integration Drop the browser-based scraping package (packages/coupang-product-search) and switch to the uju777/coupang-mcp MCP server for all Coupang product searches. This removes the anti-bot workaround complexity and provides 8 ready-to-use tools via MCP Streamable HTTP with no API key required. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add disclaimer to used-car-price-search README Clarify that the package queries SK렌터카 타고BUY public data with no affiliation or sponsorship, and that ad/partnership inquiries are welcome. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Refactor used-car-price-search into provider-based architecture SK 타고BUY 전용 로직을 src/providers/sk-tagobuy.js로 분리하고, 공급자를 수평 확장할 수 있는 registry 구조로 전환한다. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Ship LCK analytics inside k-skill's managed release flow Adapt jerjangmin's upstream lck-analytics skill/package into a new workspace and skill pack, wire docs/install/release surfaces, and add regression fixtures/tests plus script smoke coverage so the feature is verifiable before publish. Constraint: Upstream package is not published to npm yet Constraint: Must preserve attribution to original source and author in shipped docs Rejected: Keep the upstream lck-results install wording in k-skill | conflicts with repo workspace/package naming Rejected: Ship only the npm package without the local skill scripts | issue explicitly requested the skill as well Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep Changesets as the only version-bump path for lck-analytics; do not hand-edit versions for release Tested: node --test packages/lck-analytics/test/index.test.js scripts/skill-docs.test.js Tested: npm run lint --workspace lck-analytics Tested: npm test --workspace lck-analytics Tested: live getLckSummary('2026-04-01', { team: '한화', includeStandings: true }) Tested: node lck-analytics/scripts/sync-oracle.js --csv lck-analytics/samples/oracle-lck-sample.csv --cache .tmp/lck-cache && node lck-analytics/scripts/build-match-report.js --date 2026-04-01 --team 한화 --cache .tmp/lck-cache && node lck-analytics/scripts/analyze-live-game.js --game game-1 --window packages/lck-analytics/test/fixtures/live-window-game-1.json --details packages/lck-analytics/test/fixtures/live-details-game-1.json --cache .tmp/lck-cache Tested: npm run ci Tested: npx tsc --noEmit --project /Users/jeffrey/Projects/k-skill/tsconfig.json Not-tested: Riot live feed behavior for arbitrary future game ids outside the fixture-backed smoke path * Enable policy-aware Korean spell checking from the official Nara surface Add a skill guide and Python helper that use the approved old_speller HTML flow, chunk long text conservatively, and report original/suggestion/reason deltas. The docs also record the public-site limits, Cloudflare behavior, and non-commercial usage policy so agents do not overreach the free surface. Constraint: Public site is HTML-only and may return 403 to non-browser clients Constraint: Must not add new dependencies or high-volume crawling behavior Rejected: Node fetch client | Cloudflare returned 403 in this environment Rejected: Paid API integration | no public contract or credentials were available for this task Confidence: medium Scope-risk: moderate Reversibility: clean Directive: Keep usage low-rate and non-commercial unless supplier-approved API terms are added Tested: npm run lint Tested: npm run typecheck Tested: npm test Tested: npm run build Tested: python3 scripts/korean_spell_check.py --text '아버지가방에들어가신다.' --format json Tested: python3 scripts/korean_spell_check.py --text $'아버지가방에들어가신다.\n\n아버지가방에들어가신다.' --max-chars 15 --format json Not-tested: Paid API/order flow Not-tested: High-volume commercial workloads Not-tested: Non-UTF-8 file inputs * Preserve korean spell-check layout in corrected output The Nara payload can collapse paragraph separators into normalized page text, so the helper now maps corrections back onto the original chunk before rebuilding corrected_text. The CLI also rejects non-positive --max-chars values, and regression tests cover both the layout-preservation path and invalid argument handling. Constraint: Nara result pages can normalize blank lines and sentence spacing before exposing errInfo offsets Rejected: Narrow docs away from file/Markdown proofreading | preserving original chunk separators keeps the documented workflow intact Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep multiline separator preservation tied to the original chunk whenever a suggestion only changes whitespace across collapsed boundaries Tested: python3 -m unittest scripts.test_korean_spell_check; npm run lint; npm run typecheck; npm test; npm run build; python3 scripts/korean_spell_check.py --text '아버지가방에들어가신다.' --format json; python3 scripts/korean_spell_check.py --text $'아버지가방에들어가신다.\n\n아버지가방에들어가신다.' --max-chars 15 --format json; python3 scripts/korean_spell_check.py --text $'아버지가방에들어가신다.\n\n왠지 않되요.' --format json; python3 scripts/korean_spell_check.py --text 테스트 --max-chars 0 --format json Not-tested: Live multi-page Nara payloads with separator-sensitive corrections across multiple returned pages * Preserve file-proofreading layout in Korean spell check output The spell-check helper now keeps exact blank-line runs and paragraph indentation when chunking and reassembling file-style input, while still allowing the official service's spacing corrections to flow through. Regression coverage now locks the collapsed-layout, triple-blank-line, and cross-boundary spacing cases that triggered the PR review. Constraint: Official Nara/PNU payloads can collapse layout and sometimes merge corrections across preserved paragraph boundaries Rejected: Narrow docs away from file-level proofreading | the existing feature scope explicitly supports file and Markdown checks Confidence: high Scope-risk: narrow Reversibility: clean Directive: Preserve exact layout tokens only at original newline boundaries; do not reintroduce global strip/join normalization without real file-mode verification Tested: npm run lint; npm run typecheck; npm test; npm run build; python3 scripts/korean_spell_check.py --text '아버지가방에들어가신다.' --format json; python3 scripts/korean_spell_check.py --text $'아버지가방에들어가신다.\n\n아버지가방에들어가신다.' --max-chars 15 --format json; python3 scripts/korean_spell_check.py --file <tmpfile> --format json; python3 scripts/korean_spell_check.py --text 테스트 --max-chars 0 --format json Not-tested: Live upstream behavior for extremely long leading/trailing-whitespace-only files Related: PR #60 * Keep layout-preserving chunk splits from tripping on separator-boundary fixes The follow-up layout preservation pass renamed the working unit variable, but one separator-length guard still referenced the old paragraph name. This commit finishes the refactor so exact-boundary paragraph chunks keep the preserved-separator logic reachable and the new regression coverage stays green. Constraint: Must preserve the existing feature/#47 branch and PR #60 flow while fixing the approved review follow-up Rejected: Revert the layout-preserving chunking refactor | would discard the verified file-layout fix and its regressions Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep chunk reassembly lossless; new chunking changes should continue to round-trip original separators byte-for-byte Tested: npm run lint; npm run typecheck; npm test; npm run build; python3 scripts/korean_spell_check.py --text '아버지가방에들어가신다.' --format json; python3 scripts/korean_spell_check.py --text $'아버지가방에들어가신다.\n\n아버지가방에들어가신다.' --max-chars 15 --format json; python3 scripts/korean_spell_check.py --file <tempfile-with-triple-blank-lines> --format json; python3 scripts/korean_spell_check.py --text 테스트 --max-chars 0 --format json (expected argument error) Not-tested: Live multi-page service responses beyond the local smoke cases * Preserve spell-check chunk separators when units overflow The file-layout follow-up already preserved blank runs and indentation, but the overlong-unit path still checked the wrong variable when extracting a trailing separator. That could strand separators in a standalone chunk and break exact reassembly for tight max-char limits. This commit fixes the separator extraction guard and locks the behavior with a regression that proves chunk concatenation still matches the original text when an overlong paragraph is followed by a blank-line separator. Constraint: File-mode reconstruction must preserve exact layout while chunking long input Rejected: Broader chunking rewrite | existing structure only needed the overflow guard corrected Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep split_text_into_chunks chunk concatenation identical to the original input for layout-sensitive file checks Tested: npm run lint; npm run typecheck; npm test; npm run build; python3 scripts/korean_spell_check.py --text '아버지가방에들어가신다.' --format json; python3 scripts/korean_spell_check.py --text $'아버지가방에들어가신다.\n\n아버지가방에들어가신다.' --max-chars 15 --format json; python3 scripts/korean_spell_check.py --text 테스트 --max-chars 0 --format json; manual --file smoke with triple blank lines and indentation Not-tested: Live-service failure modes such as Cloudflare/browser challenges * Prevent clean spell-check chunks from crashing mixed file runs The Nara/PNU surface can return a plain 'no issues found' HTML page without the embedded result payload when a chunk is already clean. Chunked file and markdown runs could hit that response on earlier chunks, raise a ValueError, and never reach later chunks that still needed corrections. Treat the no-issues page as an empty result set and lock the behavior with narrow regression coverage. Constraint: Upstream no-issue responses omit the JavaScript payload entirely and can split the status message across HTML whitespace Rejected: Fabricate a synthetic result page | empty-page handling already preserves the original clean chunk Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep empty-result detection aligned with the upstream no-issues message unless the service publishes a structured empty payload contract Tested: python3 -m unittest scripts.test_korean_spell_check Tested: npm run lint Tested: npm run typecheck Tested: npm test Tested: npm run build Tested: python3 scripts/korean_spell_check.py --text '아버지가방에들어가신다.' --format json Tested: python3 scripts/korean_spell_check.py --text $'아버지가방에들어가신다.\n\n아버지가방에들어가신다.' --max-chars 15 --format json Tested: python3 scripts/korean_spell_check.py --text 테스트 --max-chars 0 --format json Tested: python3 scripts/korean_spell_check.py --file <tmpfile> --format json Tested: python3 scripts/korean_spell_check.py --file <tmpfile> --max-chars 18 --format json Not-tested: Other upstream empty-result templates beyond the current no-issues HTML wording * Make Joseon Sillok lookups reproducible from the official site Add a joseon-sillok-search skill and a Python helper that scrape the official Joseon Annals search/detail pages. The helper normalizes king/year metadata, fetches detail excerpts, and locks the repository docs plus regression coverage around the shipped workflow. Constraint: v1 must stay on official public HTML surfaces only Constraint: Must avoid adding new dependencies for a simple scraping helper Constraint: Shell connectivity to sillok.history.go.kr became intermittent during final live reruns Rejected: Ship a new npm workspace | repo skill/docs pattern is enough for v1 Rejected: Add BeautifulSoup or another parser dependency | unnecessary for the bounded HTML patterns Confidence: medium Scope-risk: narrow Reversibility: clean Directive: Keep year filtering Gregorian and derived from official regnal metadata unless the upstream site exposes a better structured contract Tested: npm run ci Tested: Earlier live POST/detail probes against search/searchResultList.do and /id/kda_12512030_002 during implementation Tested: Live official article inspection for kda_12512030_002 via the public site Not-tested: Final end-to-end CLI live run after the last refactor, because the shell hit transient TCP timeouts to sillok.history.go.kr Related: #59 * Prevent sillok follow-up fixes from missing filtered results or weakening trust This follow-up addresses the blocking PR review items on the Joseon Sillok helper. The search loop now derives total pages from the first live page size so king/year filtering can reach later pages, TLS verification stays enabled on both requests and urllib paths, detail parsing accepts the live classification brackets, and repo docs stop linking to missing Korean spell-check assets on this branch. Constraint: Must preserve the existing joseon-sillok-search surface and avoid new dependencies Rejected: Keep verify=False behind an implicit fallback | still weakens authenticity for the default path Rejected: Infer pagination from the hardcoded 50-row default | misses valid later-page matches when the site serves smaller pages Confidence: high Scope-risk: narrow Reversibility: clean Directive: If the official site changes page size or pagination markup again, update the first-page pagination regression before altering search_sillok pagination math Tested: PYTHONPATH=.:scripts python3 -m unittest scripts.test_sillok_search Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: python3 scripts/sillok_search.py --query '훈민정음' --king 세종 --year 1443 --limit 1 --timeout 20 Tested: python3 - <<'PY' ... fetch_detail_page(..., article_id='kda_12512030_002', timeout=20) ... PY Not-tested: Successful live sillok.history.go.kr responses in this environment (POST and detail GET both timed out at 20s) Related: PR #62 * Make joseon-sillok-search installs work outside the repo The skill installer only ships the skill directory, so the sillok helper has to live inside that payload. This moves the authoritative helper into joseon-sillok-search/scripts/, keeps the repo-root script as a thin shim for tests and docs, and trims footer metadata from parsed article bodies so excerpts match the published examples. Constraint: skills add exposes only the installed skill payload, not repo-root helpers Rejected: Keep the helper only under scripts/ | installed skill commands fail after copy-only installs Confidence: high Scope-risk: narrow Directive: Keep the repo-root sillok wrapper thin and update the bundled helper first when behavior changes Tested: PYTHONPATH=.:scripts python3 -m unittest scripts.test_sillok_search Tested: node --test scripts/skill-docs.test.js Tested: temp installed-skill smoke run of python3 scripts/sillok_search.py --help plus footer-cleaning parse_detail_page check Tested: npm run ci Not-tested: live sillok.history.go.kr shell requests still hit connect timeouts in this environment * Restore the sillok CLI's verified stdlib transport fallback The helper already shipped a stdlib urllib opener that can reach the official search endpoint in environments where requests/urllib3 aborts. This change keeps that opener available even when requests imports successfully and falls back to it on retryable requests transport failures. Added regression coverage for opener availability and the requests-to-urllib fallback so the default CLI path matches the live verified behavior. Constraint: Official sillok detail GETs can still time out transiently in this environment Constraint: Keep TLS verification enabled and preserve the documented CLI entrypoints Rejected: Force urllib for every request | keep the existing requests fast path when it succeeds Confidence: high Scope-risk: narrow Reversibility: clean Directive: Preserve the stdlib fallback tests whenever the transport layer changes Tested: PYTHONPATH=.:scripts python3 -m unittest scripts.test_sillok_search Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: live forced-fallback probe against searchResultList.do with requests.post patched to OSError(22) Not-tested: full live CLI completion through the detail GET in this environment * Document the approved real-estate MCP skill without vendoring upstream Issue #53 is intentionally doc-only, so this change adds the real-estate-search skill, feature guide, setup/security notes, and regression coverage around the upstream real-estate-mcp integration instead of importing server code. The new docs keep the original MCP link, cover Codex/Claude registration, and spell out the self-host + Cloudflare Tunnel + launchd path for environments where no fixed hosted endpoint is available. Constraint: Must use tae0y/real-estate-mcp without copying its source into this repository Constraint: Must include the original MCP link and a stable self-host fallback when no hosted endpoint is available Rejected: Vendor the upstream MCP source | issue explicitly requires skill docs only Rejected: Assume a public hosted MCP endpoint exists | upstream docs did not publish one Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep this integration doc-only; do not add a workspace or vendored server without revisiting issue #53 constraints Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: upstream bootstrap smoke (`uv sync`, `uv run real-estate-mcp --help`, HTTP initialize on 127.0.0.1:8017) Not-tested: live property data queries with a valid DATA_GO_KR_API_KEY * Prevent misleading real-estate self-host instructions Tighten the real-estate skill docs so the launchd fallback stays operational and the Onbid bid-result tools are described with the same WIP caveat the upstream project still publishes. Constraint: Upstream Docker compose already uses restart: unless-stopped while `docker compose ... up -d` daemonizes immediately Rejected: Keep a separate server LaunchAgent with RunAtLoad + KeepAlive | launchd would restart-loop on the exiting compose command Confidence: high Scope-risk: narrow Reversibility: clean Directive: Mirror upstream capability caveats in k-skill docs and do not wrap daemonized server commands in launchd KeepAlive jobs Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: uv sync Tested: uv run real-estate-mcp --help Tested: DATA_GO_KR_API_KEY=dummy uv run real-estate-mcp --transport http --host 127.0.0.1 --port 8017 Tested: curl initialize on http://127.0.0.1:8017/mcp returned protocolVersion 2024-11-05 Not-tested: Live 거래 조회 with a real DATA_GO_KR_API_KEY * Keep install docs from reintroducing broken launchd guidance The install guide had drifted from the real-estate skill and feature docs and still implied that macOS launchd should auto-run both the server and tunnel. This narrows the guidance back to tunnel-only launchd ownership and extends regression coverage so docs/install.md cannot silently reintroduce the server-side loop wording. Constraint: Upstream docker compose already uses restart: unless-stopped Constraint: Review-round-2 scope is limited to docs and regression coverage Rejected: Leave docs/install.md under a generic launchd presence check | it missed the exact server/터널 regression Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep docs/install.md aligned with the detailed real-estate feature guide when self-host guidance changes Tested: node --test scripts/skill-docs.test.js; npm run ci; fresh-clone upstream smoke with uv sync, uv run real-estate-mcp --help, and HTTP initialize on 127.0.0.1:8017/mcp Not-tested: None * Allow Han River water-level lookups without user API keys The proxy now resolves HRFCO water-level stations via waterlevel/info and fetches the latest 10-minute measurement via waterlevel/list, exposing a public summary route plus a hosted skill/docs path. Constraint: HRFCO requires a ServiceKey and station-code-based latest lookup Rejected: Raw passthrough only | forces users to manage upstream details and misses the approved no-key UX Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep this route summary-only and public; expand rainfall/dam/bo/fldfct in separate issues Tested: npm run ci; local server smoke test with HRFCO sample key against /v1/han-river/water-level; tsc diagnostics on packages/k-skill-proxy/src/server.js and src/hrfco.js Not-tested: Hosted production proxy rollout * Expose official nearby fuel prices for location-based gas station lookups Add the first cheap-gas-nearby skill/package pair so nearby gas-price queries can resolve a user-supplied location, translate it into Opinet's KATEC search contract, and return the cheapest nearby stations with address and facility detail. The docs and setup surfaces now advertise the new skill and its Opinet API key requirement. Constraint: Nearby fuel prices must come from the official KNOC Opinet API when available Constraint: No new external dependencies were allowed for coordinate conversion or location resolution Rejected: Map-only gas price scraping | official Opinet Open API exists and is the preferred source Rejected: Require lat/lng input only | poorer UX than supporting landmark/station queries through anchor resolution Confidence: medium Scope-risk: moderate Reversibility: clean Directive: Keep `OPINET_API_KEY` as the only supported official-price credential unless the repo adopts an Opinet proxy later Tested: npm run ci; node --test packages/cheap-gas-nearby/test/index.test.js; offline fixture smoke via searchCheapGasStationsByLocationQuery('서울역', ...) Not-tested: Live Opinet API call with a real `OPINET_API_KEY` (no non-placeholder key was configured locally) Related: #54 * Explain Blue Ribbon premium gating instead of failing opaquely Blue Ribbon's nearby endpoint now returns PREMIUM_REQUIRED for public requests, so the package now upgrades that response into a stable domain error and updates user-facing docs to describe the degraded nearby state. Regression tests cover both location-query and coordinate-query entrypoints while keeping the existing happy path intact. Constraint: Must not attempt to bypass Blue Ribbon premium access controls Constraint: Package releases must use Changesets metadata Rejected: Silently return empty results on PREMIUM_REQUIRED | would hide the upstream contract change from callers Rejected: Keep generic 403 error and docs unchanged | leaves the main failure mode opaque and misleading Confidence: high Scope-risk: narrow Reversibility: clean Directive: If Blue Ribbon reopens a public nearby surface later, update the docs and replace the premium_required remap only after fresh live verification Tested: npm test --workspace blue-ribbon-nearby; npm run lint --workspace blue-ribbon-nearby; npm run ci; live node repro now returns premium_required metadata Not-tested: Official premium-authenticated nearby flow, because no approved premium credentials are available * Reduce duplicate premium-required test assertions The implementation diff was already verified, so this follow-up keeps the new regression coverage easier to read by sharing one assertion helper instead of repeating the same predicate twice. Constraint: Must preserve the verified PREMIUM_REQUIRED regression coverage exactly Rejected: Leave duplicated inline predicates in both tests | repeats the same contract and adds noise to future edits Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep location-query and coordinate-query regressions aligned when the premium_required error contract changes Tested: npm test --workspace blue-ribbon-nearby; npm run lint --workspace blue-ribbon-nearby; npm run ci Not-tested: Additional live Blue Ribbon requests beyond the previously verified premium_required repro * Document an Olive Young search skill around the upstream daiso CLI Issue #61 asked for an Olive Young lookup workflow without vendoring the upstream daiso-mcp server into k-skill, so this change adds a docs-only skill, threads it through repository docs, and locks the guidance with regression assertions. The new guidance prefers CLI-first verification (`npx daiso`) and a clone fallback (`git clone https://github.com/hmmhmmhm/daiso-mcp.git`) instead of requiring direct Claude Code MCP installation. The existing daiso-product-search skill remains untouched. Constraint: Must mention the original https://github.com/hmmhmmhm/daiso-mcp repo Constraint: Must avoid changing the existing daiso-product-search skill Constraint: Must prefer upstream CLI/package usage over direct Claude Code MCP installation Rejected: Vendor upstream Olive Young code into k-skill | contradicts the minimal-addition design request Rejected: Make Claude Code MCP setup the default path | issue explicitly asked for CLI-first usage Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the Olive Young docs aligned with upstream `daiso` CLI behavior and note public endpoint instability when live verification shows it Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: 2026-04-05 live /tmp/daiso-mcp CLI checks for health, /api/oliveyoung/stores, /api/oliveyoung/products, /api/oliveyoung/inventory Not-tested: Authenticated/private Olive Young flows or ordering/payment paths * Keep Han River docs honest until hosted rollout lands The local HRFCO proxy route already works, but the deployed public proxy still lacks /v1/han-river/water-level as of 2026-04-05. This follow-up changes the user-facing docs to require a self-hosted or deployment-verified proxy URL, keeps the intended hosted path documented as rollout-pending, and locks that caveat with a regression test. Constraint: Hosted k-skill-proxy deployment still returns 404 for /v1/han-river/water-level on 2026-04-05 Rejected: Keep advertising the hosted route as the default live path | current deployment is not live yet Confidence: high Scope-risk: narrow Reversibility: clean Directive: Restore hosted-default wording only after the public proxy route and HRFCO configuration are verified live Tested: node --test scripts/skill-docs.test.js; npm run ci; local mocked smoke via node packages/k-skill-proxy/src/server.js + GET /v1/han-river/water-level?stationName=한강대교 Not-tested: Live hosted k-skill-proxy behavior after deployment * Keep cheap gas lookups from failing on recoverable Kakao and input issues The lookup now walks ranked Kakao anchor candidates until one returns usable coordinates, and it rejects invalid limit inputs instead of silently collapsing non-empty results into an empty list. The regression suite now locks both review repros plus the null-coordinate normalization edge case that surfaced while implementing the fallback. Constraint: Kakao place panels can be partially populated or return 404 for otherwise valid search candidates Rejected: Default invalid limit/detailLimit values silently | still masks caller bugs and can look like no results nearby Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep anchor resolution tolerant of unusable Kakao panels before failing the whole lookup Tested: node --test packages/cheap-gas-nearby/test/index.test.js; npm run ci; offline fixture smoke for searchCheapGasStationsByLocationQuery('서울역', ...) Not-tested: Live Opinet/Kakao network path without a real OPINET_API_KEY * Keep Olive Young install guidance aligned with live retry behavior Issue #61's initial branch already shipped the olive-young-search skill/docs set, but the install guide did not have a regression lock for the public endpoint instability note captured during live verification. This follow-up adds that test first and updates the install quickstart so retry-or-clone fallback guidance stays in sync with the verified daiso CLI workflow. Constraint: Must keep the follow-up scoped to the approved issue #61 docs behavior Constraint: Public olive-young endpoint can intermittently return 5xx/503 during live verification Rejected: Re-open the broader feature docs set | the existing branch already covered the main feature scope Rejected: Leave the retry guidance untested in install docs | risk of future doc drift across surfaces Confidence: high Scope-risk: narrow Reversibility: clean Directive: If live olive-young verification changes again, update install docs and the regression together so retry/fallback guidance stays honest Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: cd /tmp/daiso-mcp && npx daiso health Tested: cd /tmp/daiso-mcp && npx daiso get /api/oliveyoung/stores --keyword 명동 --limit 3 --json Tested: cd /tmp/daiso-mcp && npx daiso get /api/oliveyoung/products --keyword 선크림 --size 3 --json Tested: cd /tmp/daiso-mcp && npx daiso get /api/oliveyoung/inventory --keyword 선크림 --storeKeyword 명동 --size 2 --json Not-tested: Authenticated Olive Young flows or sustained-rate retry behavior beyond the documented smoke checks * Preserve ranked Kakao anchor fallbacks after panel failures The resolver already retried later Kakao panels, but after the best panel failed it walked the remaining candidates in raw HTML order. Centralizing the full anchor ranking in parse.js keeps fallback iteration aligned with the existing scoring rules and locks the review repro with a regression test for 강남역 ordering. Constraint: Kakao place panels can 404 or omit coordinates even when later ranked candidates are usable Rejected: Re-rank only after a failed panel | duplicates scoring logic and drifts from selectAnchorCandidate Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep resolveAnchor fallback order tied to the shared anchor scoring logic rather than raw Kakao result order Tested: node --test packages/cheap-gas-nearby/test/index.test.js; npm run ci; offline fixture smoke for searchCheapGasStationsByLocationQuery('서울역', ...); lsp diagnostics on affected files Not-tested: Live Kakao/Opinet network calls with a non-placeholder OPINET_API_KEY * Clarify that Blue Ribbon coordinate lookups fail the same way The premium gate now affects both location-query and coordinate-entry nearby flows. Record that parity in the skill and docs so the live 2026-04-05 repro evidence stays aligned with the shipped public contract. Constraint: /restaurants/map remains premium-gated for public requests as of 2026-04-05 Rejected: Add more code changes without a behavior gap | would add churn after the approved fix already landed Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the docs/examples aligned with live repro evidence whenever Blue Ribbon changes nearby access behavior Tested: npm test --workspace blue-ribbon-nearby; npm run lint --workspace blue-ribbon-nearby; npm run ci; live node repro for location + coordinates premium_required contract Not-tested: New upstream success-path live nearby payloads, because public access is still premium-gated * Document a runnable Olive Young clone fallback The follow-up review found that clone-local `npx daiso` commands do not run from a built `hmmhmmhm/daiso-mcp` checkout because the generated bin file is not executable. This updates the olive-young skill and docs to use the verified `node dist/bin.js ...` path for clone fallback, and locks that behavior with regression tests while keeping the public CLI-first path unchanged.\n\nConstraint: Upstream clone checkouts can fail with `Permission denied` when invoked through clone-local `npx daiso`\nConstraint: Keep the existing daiso-product-search skill untouched\nRejected: Leave install docs unchanged | PR body and docs would keep a broken clone fallback path\nRejected: Vendor or patch upstream daiso-mcp inside k-skill | issue explicitly requires documenting upstream flow instead\nConfidence: high\nScope-risk: narrow\nReversibility: clean\nDirective: Keep clone-fallback docs and PR verification commands aligned with the actually runnable local invocation\nTested: node --test scripts/skill-docs.test.js\nTested: npm run ci\nTested: cd /tmp/daiso-mcp && npm install && npm run build && node dist/bin.js health\nTested: cd /tmp/daiso-mcp && node dist/bin.js get /api/oliveyoung/stores --keyword 명동 --limit 3 --json\nTested: cd /tmp/daiso-mcp && node dist/bin.js get /api/oliveyoung/products --keyword 선크림 --size 3 --json\nTested: cd /tmp/daiso-mcp && node dist/bin.js get /api/oliveyoung/inventory --keyword 선크림 --storeKeyword 명동 --size 2 --json\nNot-tested: Public npx endpoint stability beyond the verified smoke-test window * Record fresh verification for the approved cheap-gas follow-up The ranked Kakao fallback-order and invalid-limit fixes are already present on feature/#54, so no further code edits were necessary. This empty follow-up commit records the requested rerun verification for PR #67 before posting the implementation update.\n\nConstraint: Existing branch head already contains the approved cheap-gas-nearby follow-up\nRejected: Invent another code/doc change just to force a non-empty diff | unnecessary risk after approval\nConfidence: high\nScope-risk: narrow\nReversibility: clean\nDirective: Keep Kakao anchor fallback iteration tied to the shared ranking helper and preserve finite-number validation for limit inputs\nTested: node --test packages/cheap-gas-nearby/test/index.test.js; npm run ci; offline fixture smoke for searchCheapGasStationsByLocationQuery('서울역', ...); lsp diagnostics on affected files\nNot-tested: Live Kakao/Opinet network calls with a non-placeholder OPINET_API_KEY * Record verified delivery for approved cheap-gas-nearby rollout The approved Issue #54 implementation was already present on feature/#54 when this follow-up began, so this checkpoint records fresh verification evidence and keeps PR #67 moving without introducing extra code churn. Constraint: Existing approved fixes were already on the branch and the follow-up still required a pushed update plus implementation comment Rejected: Add additional code or docs churn | approved scope was already satisfied and green locally Confidence: high Scope-risk: narrow Reversibility: clean Directive: Preserve the Kakao fallback-order and invalid-count regression coverage unless equivalent runtime repros replace it Tested: node --test packages/cheap-gas-nearby/test/index.test.js; offline fixture smoke for searchCheapGasStationsByLocationQuery('서울역', ...); npm run ci; LSP diagnostics on affected cheap-gas-nearby files Not-tested: Live Kakao/Opinet network path without a non-placeholder OPINET_API_KEY * Keep Blue Ribbon premium-gate remapping explicitly bounded The issue #63 fix already remaps PREMIUM_REQUIRED for nearby lookups. This follow-up adds a regression that proves non-premium /restaurants/map failures still surface as generic request errors, and clarifies that boundary in the package and feature docs. Constraint: PR #68 already carries the shipped behavior change and must stay aligned with current live premium-gated upstream behavior Rejected: Broaden domain remapping to all 403 nearby errors | would hide distinct upstream failure modes Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep only PREMIUM_REQUIRED on /restaurants/map mapped to premium_required unless a new verified upstream contract is documented Tested: npm test --workspace blue-ribbon-nearby; npm run lint --workspace blue-ribbon-nearby; npm run ci; live node repro for location+coordinate nearby lookups on 2026-04-06; LSP diagnostics on src/test Not-tested: Alternative non-premium upstream status codes beyond the mocked 403 ACCESS_DENIED path * Keep Olive Young clone fallback docs runnable from a fresh clone Round 3 review found that the inline fallback shorthand skipped `cd daiso-mcp`, which made `npm install` run outside the cloned upstream repo even though the fenced examples were already correct. This tightens the two published shorthand snippets and adds regression coverage so both docs surfaces reject the broken chain in future edits. Constraint: Existing node dist/bin.js clone fallback examples were already verified and had to stay aligned Constraint: The follow-up had to stay scoped to docs/test coverage without touching the existing daiso-product-search skill Rejected: Convert the shorthand to prose only | the review specifically requested a runnable inline form or an explicit removal Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep inline clone fallback snippets synchronized with the fenced node dist/bin.js examples and require `cd daiso-mcp` before install/build Tested: node --test scripts/skill-docs.test.js; npm run ci; cd /tmp/daiso-mcp && npm install && npm run build; cd /tmp/daiso-mcp && node dist/bin.js health; cd /tmp/daiso-mcp && node dist/bin.js get /api/oliveyoung/stores --keyword 명동 --limit 3 --json; cd /tmp/daiso-mcp && node dist/bin.js get /api/oliveyoung/products --keyword 선크림 --size 3 --json; cd /tmp/daiso-mcp && node dist/bin.js get /api/oliveyoung/inventory --keyword 선크림 --storeKeyword 명동 --size 2 --json Not-tested: Public npx path in this follow-up round (previous PR verification already covered it) Related: PR #71 * Bundle korean-spell-check script inside skill directory for packageless installs The Python helper lived only in the repo-root scripts/ folder, so `skills add` never shipped it. Move the real implementation into korean-spell-check/scripts/ (mirroring joseon-sillok-search) and replace the root copy with a thin re-export wrapper so lint/test still resolve from the repo root. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Exclude .claude directory from skill validation to fix CI in worktrees Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * real-estate-search: MCP self-host → k-skill-proxy HTTP 전환 사용자가 직접 real-estate-mcp를 clone/self-host하는 대신 k-skill-proxy에 MOLIT 실거래가 API route를 추가해서 다른 스킬(한강수위, 미세먼지 등)과 동일한 패턴으로 사용 가능하게 함. - GET /v1/real-estate/region-code — 지역코드 검색 - GET /v1/real-estate/:assetType/:dealType — 9개 거래 유형 조회 - molit.js: XML 파싱, 필드 정규화, 취소거래 필터링, 요약통계 - region-lookup.js: 284개 법정동 5자리 코드 토큰 매칭 - SKILL.md/docs를 HTTP proxy 기반으로 전면 재작성 - DATA_GO_KR_API_KEY를 사용자 필수항목에서 프록시 운영자 전용으로 이동 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * cheap-gas-nearby: proxy 경유로 전환 + 프로덕션 배포 구조 문서화 - cheap-gas-nearby: OPINET_API_KEY 없이 k-skill-proxy 경유로 동작하도록 변경 - fetchAroundStations/fetchDetailById에 proxy fallback 추가 - SKILL.md, feature doc에서 사용자 API key 요구 제거 - AGENTS.md, CLAUDE.md: proxy 개발/배포 워크플로우 문서화 - docs/features/k-skill-proxy.md: opinet route 추가, 프로덕션 자동 배포 구조 설명 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * blue-ribbon-nearby: proxy 경유로 전환 + 프리미엄 세션 프록시 라우트 Blue Ribbon /restaurants/map이 프리미엄 전용으로 전환되어, k-skill-proxy에 BLUE_RIBBON_SESSION_ID 기반 프록시 라우트를 추가하고 blue-ribbon-nearby 패키지가 기본적으로 프록시를 경유하도록 변경. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-06 17:44:23 +09:00
Jeffrey (Dongkyu) Kim	51464d1806	Release: coupang, korean-law, subway proxy improvements (#43) ... * Remove client-side Seoul subway key setup Route Seoul subway arrival lookups through k-skill-proxy so the hosted proxy owns the Seoul Open Data upstream key and end users only need the proxy base URL. Add proxy route coverage, update skill/docs guidance, and align setup materials with the hosted proxy flow used for fine dust. Constraint: Must keep the proxy public, read-only, and dependency-free Constraint: Must satisfy TDD-first verification and ship on feature/#35 targeting dev Rejected: Add a separate client helper package | unnecessary extra layer for a single proxy route Rejected: Keep SEOUL_OPEN_API_KEY as an end-user requirement | defeats the issue goal Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep the Seoul subway proxy surface limited to station-arrival passthrough unless tests/docs expand the contract Tested: npm run ci; local proxy runtime on 127.0.0.1:4120 for /health and /v1/seoul-subway/arrival on 2026-03-31 with an invalid upstream key Not-tested: Live success response with a valid Seoul Open API key Related: #35 * Prevent broken Seoul subway proxy defaults before hosted rollout The Seoul subway proxy endpoint code is present locally, but the hosted public route is not live yet. This change turns the user-facing subway docs back into an explicit proxy configuration flow, replaces the misleading hosted default in setup examples, and keeps subway proxy examples on self-host/local URLs until rollout is verified. Constraint: Hosted k-skill-proxy.nomadamas.org/v1/seoul-subway/arrival is not live yet Rejected: Keep the hosted Seoul subway URL as the default path | would send default users to a 404 route Confidence: high Scope-risk: narrow Reversibility: clean Directive: Do not restore a hosted Seoul subway default until the public proxy route is deployed and smoke-verified Tested: node --test scripts/skill-docs.test.js; npm run ci; local proxy smoke on 127.0.0.1:4120 with stubbed Seoul upstream (GET /health, GET /v1/seoul-subway/arrival?stationName=강남) Not-tested: Live hosted proxy smoke after deployment * Reduce Seoul subway proxy upstream pressure with request caching The public subway arrival route already normalized caller input but still re-fetched the Seoul upstream for every identical poll. This change adds a short-TTL cache keyed from the normalized subway query, annotates JSON responses with cache metadata, and locks the repeated-read collapse with a regression that proves alias/default normalization still reuses the cached result. Constraint: The endpoint must stay public/no-auth while protecting a shared server-side SEOUL_OPEN_API_KEY from unnecessary repeated upstream hits Rejected: Add a new shared cache abstraction for proxy metadata | unnecessary for this narrow fix and would enlarge the diff Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep subway cache keys tied to normalizeSeoulSubwayQuery output so alias/default query forms continue collapsing to one upstream request Tested: node --test packages/k-skill-proxy/test/server.test.js Tested: npm run ci Tested: Local proxy runtime on 127.0.0.1:4120 with SEOUL_OPEN_API_KEY=test-seoul-key and stubbed fetch for /health plus repeated /v1/seoul-subway/arrival requests Not-tested: Live hosted proxy rollout state * Document OpenClaw support in the public compatibility list The approved scope for issue #29 was narrowed to README support messaging, so this change adds OpenClaw/ClawHub to the supported-client line and locks that wording with a regression test in the docs suite. Constraint: Issue #29 was approved as a README-only compatibility/docs change Rejected: Broader install-doc updates | out of approved scope for this issue Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep OpenClaw support wording aligned with the supported-client README line and its docs regression test Tested: Focused Node docs regression, npm run lint, npm run typecheck, npm run build, npm test Not-tested: Live OpenClaw or ClawHub install flow (issue scope was documentation-only) * Protect README client-support claims from ClawHub regressions The README already advertises OpenClaw/ClawHub, but the docs regression only matched OpenClaw. Tighten the assertion to the exact supported-client fragment so a future edit cannot silently remove ClawHub while keeping the issue verification command stable. Constraint: PR #39 already publishes a verification command keyed to the current test name Rejected: Rename the test to mention ClawHub explicitly | would drift from the published verification command Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep this regression synchronized with the README supported-client line whenever that copy changes Tested: node --test scripts/skill-docs.test.js --test-name-pattern 'README advertises OpenClaw among the supported coding agents' Tested: npm run lint Tested: npm run typecheck Tested: npm run build Tested: npm test Tested: lsp diagnostics for scripts/skill-docs.test.js (0 errors) Not-tested: N/A * Make Coupang shopper research usable without pretending scraping is stable Coupang blocks unattended shopper queries in this environment, so the new package focuses on the durable pieces we can ship honestly: official URL builders, browser-captured HTML parsers, and explicit automation probes. The docs and skill now explain the seller-API limitation, the verified anti-bot behavior, and the browser-capture fallback expected by callers. Constraint: No general shopper Open API surfaced in Coupang's official developer docs Constraint: Headless/direct retrieval is anti-bot blocked in verified local probes Rejected: Bundle a scraping bypass or hidden browser dependency | violates repo policy and would over-claim reliability Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep probe/docs behavior aligned with fresh live verification before claiming unattended Coupang access works Tested: npm run ci; live probeAutomation(query=생수) with direct fetch + Playwright-core browserFetchHtml; LSP diagnostics on changed JS/test files Not-tested: Headed/manual browser sessions with a human-authenticated Coupang context * Keep the Coupang workspace installable and its entrypoint honest Review follow-up found two contract gaps in the first issue #36 rollout: fresh installs were missing the new workspace link in package-lock, and the package README documented parser helpers that were not exported from the package entrypoint. Refreshing the lockfile and re-exporting the parsers keeps npm ci and consumer imports aligned with the published API. Constraint: npm ci must succeed from a clean checkout Rejected: Narrow the README API list to only client helpers | would hide useful parsers that the package already ships and tests Confidence: high Scope-risk: narrow Reversibility: clean Directive: When adding a new workspace, refresh package-lock and verify the package entrypoint matches README public API claims Tested: npm run ci; workspace coupang-product-search tests; LSP diagnostics on coupang-product-search JS/test files Not-tested: published npm install from registry (local pack dry-run only) * Keep Coupang anti-bot docs honest as probe results drift A same-day PR rerun showed the published mobile probe snapshot was already stale, so the follow-up locks the 403/access-denied mobile path with regression coverage and softens the docs/skill contract to describe blocked outcome classes instead of one frozen signature. The published guidance now also explains that browser results only appear when browserFetchHtml is injected, matching what a clean checkout can actually reproduce. Constraint: Coupang anti-bot responses vary by edge/challenge between reruns on the same day Rejected: Freeze one exact mobile probe snapshot | same-day reruns already diverged Confidence: high Scope-risk: narrow Reversibility: clean Directive: Refresh Coupang anti-bot docs only with same-day live probe evidence, and prefer blocked outcome classes over a single exact signature when reruns disagree Tested: npm run lint; npm run typecheck; npm test; npm run ci; live probeAutomation("생수") with direct fetch + Playwright-core browser fetch Not-tested: Non-Chrome Playwright-core executables * Keep the Coupang skill honest about clean-checkout browser probes The approved follow-up already documented that clean-checkout probeAutomation runs leave browser unset unless a browser fetcher is injected, but the skill text itself had not made that null contract explicit. This commit adds a regression test that locks the browser-null wording across the published docs surfaces and updates the skill so the stated behavior matches the package implementation and clean-checkout reality. Constraint: probeAutomation() only populates browser when browserFetchHtml is supplied by the caller Rejected: Leave the skill wording implicit and rely on README examples alone | the skill could drift away from the shipped package contract again Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the README, feature doc, and skill aligned whenever the probeAutomation browser contract changes Tested: node --test packages/coupang-product-search/test/index.test.js; npm run lint; npm run typecheck; npm test; npm run ci; live probeAutomation("생수") with direct fetch + Playwright-core browser fetch; codex exec review --uncommitted Not-tested: Alternative browser engines beyond local Google Chrome for the manual browserFetchHtml probe * Keep Coupang browser probe docs aligned with manual verification paths The approved PR #40 follow-up still had one wording gap: the skill said when browser results appear, but it did not explicitly say those populated results come from an injected manual/external browserFetchHtml path. This change locks that contract with a failing regression first, then updates the skill text to match the already-shipped README/feature-doc guidance and runtime behavior. Constraint: clean-checkout probeAutomation() must keep browser null unless browserFetchHtml is supplied Rejected: change runtime browser probe behavior | approved follow-up was docs/test only and runtime contract is already correct Confidence: high Scope-risk: narrow Reversibility: clean Directive: keep Coupang probe docs aligned with the shipped browserFetchHtml injection contract; do not imply built-in browser probing in clean checkouts Tested: node --test packages/coupang-product-search/test/index.test.js; npm run lint; npm run typecheck; npm test; npm run ci; live probeAutomation("생수") with direct fetch + Playwright-core browser fetch; lsp diagnostics on changed files; architect review approved Not-tested: alternate browser engines beyond local Google Chrome + playwright-core manual runner * Route Korean law lookups through korean-law-mcp Add a documentation-first korean-law-search skill and lock the repo docs around the rule that Korean law queries must go through korean-law-mcp rather than a new in-repo package. The change updates install/setup/security guidance, publishes the new feature doc, and adds regression tests so future edits keep the LAW_OC + korean-law-mcp contract intact. Constraint: Issue #41 requires korean-law-mcp for every Korean law lookup Constraint: Must not add a new npm or python package in this repository Rejected: Add a repo-local law package | violates the no-new-package requirement and duplicates upstream MCP work Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep Korean law lookup guidance pinned to korean-law-mcp unless issue requirements explicitly change Tested: node --test scripts/skill-docs.test.js Tested: npm install -g korean-law-mcp && korean-law list && korean-law help search_law Tested: npm run ci Tested: npx tsc --noEmit --pretty false --project /Users/jeffrey/Projects/k-skill/tsconfig.json Not-tested: live search_law/get_law_text against a real LAW_OC credential * Clarify Korean law setup modes to avoid credential confusion A review found the new korean-law-search docs treated LAW_OC as an unconditional prerequisite even though the upstream remote MCP endpoint is configured separately from the local CLI/server path. This update makes the docs and regression tests mode-specific: local CLI/MCP uses LAW_OC, while the remote endpoint stays a korean-law-mcp-only url fallback without a user-supplied credential. Constraint: Upstream korean-law-mcp uses LAW_OC on the local CLI/server path while the documented remote MCP endpoint is configured with url only Rejected: Keep LAW_OC mandatory for every korean-law-mcp mode | contradicts upstream docs and reviewer evidence Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep README/setup/skill docs and regression tests aligned on the local-vs-remote korean-law-mcp contract Tested: node --test scripts/skill-docs.test.js; npm install -g korean-law-mcp && korean-law list && korean-law help search_law; npx tsc --noEmit --pretty false --project /Users/jeffrey/Projects/k-skill/tsconfig.json; npm run ci; lsp_diagnostics scripts/skill-docs.test.js Not-tested: Live remote MCP endpoint connection against https://korean-law-mcp.fly.dev/mcp * Record issue #41 follow-up after approved verification The approved korean-law-search change was already present on feature/#41, so this follow-up records a fresh verification pass and updates the PR without introducing unnecessary code churn. Constraint: Existing branch already contained the approved implementation Rejected: Touch repo files without need | would create noise without improving behavior Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the korean-law-mcp-only + mode-specific LAW_OC contract aligned with upstream docs before changing these surfaces again Tested: node --test scripts/skill-docs.test.js; npx tsc --noEmit --pretty false --project /Users/jeffrey/Projects/k-skill/tsconfig.json; npm install -g korean-law-mcp && korean-law list && korean-law help search_law; npm run ci Not-tested: Live korean-law queries that require a real LAW_OC or remote endpoint session * Keep the Korean law feature diff merge-ready Verification uncovered trailing whitespace in the new korean-law feature guide when checking the branch diff. I added a regression to the skill docs suite and removed the whitespace so the approved documentation contract stays clean and reviewable. Constraint: Preserve the existing korean-law-mcp + mode-specific LAW_OC contract without widening scope Rejected: Leave the whitespace issue as-is | git diff --check stayed dirty on the branch Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep docs/features/korean-law-search.md free of trailing whitespace so diff hygiene stays enforced by the regression Tested: node --test scripts/skill-docs.test.js; npx tsc --noEmit --pretty false --project /Users/jeffrey/Projects/k-skill/tsconfig.json; npm install -g korean-law-mcp && korean-law list && korean-law help search_law; npm run ci; git diff --check Not-tested: Live credentialed LAW_OC search execution against the upstream API * Keep Korean law skill guidance aligned with supported lookups The approved issue #41 feature already worked, but the shipped skill text still under-described ordinance and interpretation lookups compared with the documented capability set. This follow-up tightens the skill copy and locks that contract with a doc regression so the branch stays merge-ready without changing the underlying korean-law-mcp routing rules. Constraint: Must preserve the existing korean-law-mcp-only and mode-specific LAW_OC setup contract Rejected: Leave the skill wording as-is | drift from the documented lookup surface would remain Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the skill examples and doc regression aligned whenever supported korean-law-mcp search surfaces change Tested: node --test scripts/skill-docs.test.js Not-tested: live LAW_OC-backed upstream API queries * Keep Korean law completion guidance in sync with enforced lookups The previous follow-up aligned the main skill examples, but the done-criteria text still left interpretation and ordinance routing implicit. This commit makes the completion checklist explicit and extends the doc regression so future edits cannot silently drop those lookup paths. Constraint: Must stay within the existing issue #41 korean-law-mcp-only contract Rejected: Leave the done checklist implicit | reviewers and future edits could drift from the enforced lookup set Confidence: high Scope-risk: narrow Reversibility: clean Directive: When the supported Korean-law lookup set changes, update the done checklist and regression together Tested: node --test scripts/skill-docs.test.js Not-tested: full CI before commit * Enable repeatable used-car price lookups from a rental-company source Issue #46 required surveying major Korean rental companies before implementation and then choosing the easiest stable provider. SK렌터카 다이렉트 exposes 타고BUY inventory in public Next.js page data, so the feature stays dependency-free while still supporting live repeated lookups and documented provider rationale. Constraint: Must compare major Korean rental companies before implementation Constraint: Must verify 10+ live lookups against a real provider surface Rejected: 롯데오토옥션 as v1 provider | public list contract was unstable and legacy .do flows returned inconsistent or 404 pages Rejected: 레드캡렌터카 as v1 provider | no public used-car inventory or API surface was found Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep the v1 provider read-only and inventory-snapshot-based unless a stable documented public API is confirmed Tested: npm run ci Tested: Live 10-query run against https://www.skdirect.co.kr/tb at 2026-04-02T07:22:46Z Tested: LSP diagnostics on affected files Not-tested: Seller-specific detail drilldowns or non-SK providers Related: #46 * Keep used-car-price-search releasable after merge Review feedback found that the new used-car workspace would not ship because it lacked a changeset, and the fallback install docs still omitted the runtime package. This follow-up adds regression coverage first, then restores both release and install-path coverage with the smallest possible diff. Constraint: New publishable workspaces must be wired through Changesets to reach npm release automation Constraint: Fallback install docs must list runtime packages users need when skill files are present but global packages are missing Rejected: Fix only the changeset gap | would leave the documented fallback install path incomplete Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep used-car-price-search in both the fallback global install example and a Changesets entry whenever release wiring changes Tested: node --test scripts/skill-docs.test.js; npx changeset status; live 10-query used-car run against SK direct at 2026-04-02T07:38:44.949Z; npm run ci; LSP diagnostics on used-car package files and scripts/skill-docs.test.js; architect verification Not-tested: No additional live provider permutations beyond the verified 10-query smoke run * Keep used-car verification docs resilient to live inventory churn A fresh rerun showed the SK direct inventory total continues to move during the day, so the feature doc now records the verified smoke-run timestamp without freezing a brittle exact count. The regression suite was updated first so the docs stay variability-aware and diff-clean in future follow-ups. Constraint: Live SK direct inventory totals change over time even when the parsing contract stays stable Rejected: Keep documenting a fixed total from one smoke run | it immediately drifted and made the docs stale Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the used-car live verification note timestamped and variability-aware instead of pinning an exact inventory total Tested: node --test scripts/skill-docs.test.js; git diff --check; npm run ci; npx changeset status; live 10-query run against https://www.skdirect.co.kr/tb at 2026-04-02T07:59:41.391Z; LSP diagnostics on scripts/skill-docs.test.js; architect verification Not-tested: No additional content changes outside the used-car feature doc * Keep used-car query summaries honest when results are limited The review found that query-level stats were being computed from the post-limit slice, so common searches like 아반떼 under-reported both match counts and price ranges. This change locks the regression first, then computes the full filtered set before slicing only the returned items. Constraint: PR #48 must preserve the existing API shape while fixing the review-blocking stats bug Rejected: Expanding the response with separate limited/full summary fields | unnecessary API churn for a targeted bug fix Confidence: high Scope-risk: narrow Reversibility: clean Directive: Query-level summary and matchedCount must stay derived from the full filtered set, not the display limit slice Tested: npm test --workspace used-car-price-search; npm run ci; git diff --check; npx changeset status; live SK direct smoke run on 2026-04-02T08:23:59Z; LSP diagnostics on used-car-price-search source and test files; architect verification APPROVED Not-tested: limit=0 semantics remain unchanged and still coerce to the default limit Related: PR #48 * Keep korean-law-search available during upstream outages (#45) Issue #44 adds Beopmang as the documented fallback when the primary korean-law-mcp path is unavailable, and locks the new routing into the doc regression suite so future edits do not silently revert the policy. Constraint: Existing guidance must still prefer korean-law-mcp and keep LAW_OC scoped to the local CLI/MCP path Rejected: Add a repo-local Beopmang client package | issue only requires fallback registration, not a new implementation surface Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the primary-first rule intact; Beopmang is an outage fallback, not the default path Tested: node --test scripts/skill-docs.test.js; npm run ci; korean-law list; python3 live Beopmang search smoke for 관세법 Not-tested: Live Beopmang MCP handshake from a GUI MCP client * Replace coupang scraping package with coupang-mcp server integration Drop the browser-based scraping package (packages/coupang-product-search) and switch to the uju777/coupang-mcp MCP server for all Coupang product searches. This removes the anti-bot workaround complexity and provides 8 ready-to-use tools via MCP Streamable HTTP with no API key required. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add disclaimer to used-car-price-search README Clarify that the package queries SK렌터카 타고BUY public data with no affiliation or sponsorship, and that ad/partnership inquiries are welcome. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Refactor used-car-price-search into provider-based architecture SK 타고BUY 전용 로직을 src/providers/sk-tagobuy.js로 분리하고, 공급자를 수평 확장할 수 있는 registry 구조로 전환한다. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-02 23:59:38 +09:00
Jeffrey (Dongkyu) Kim	da8eca15c2	Align Changesets release flow with generated package changelogs ... The release workflow uses changesets/action to build the Version Packages PR, and that action reads each changed package's CHANGELOG.md after running changeset version. The repo had changelog generation disabled, so versioning succeeded but the action crashed with ENOENT when it tried to read missing package changelogs. This enables the default Changesets changelog generator so release PRs can be assembled without manual stub files, while keeping GitHub Releases disabled for npm publishes. The release docs now match that behavior. Constraint: Keep createGithubReleases false because npm package GitHub releases are still out of scope Rejected: Add empty CHANGELOG.md files to each package | quick hotfix but leaves PR notes weak and requires manual upkeep for new packages Confidence: high Scope-risk: narrow Reversibility: clean Directive: If changelog generation is disabled again, replace changesets/action PR generation or restore package changelog files before merging Tested: npm run version-packages in local verification after enabling changelog generation Tested: npm run ci Not-tested: Live GitHub Actions release run on main after merge	2026-03-30 22:27:07 +09:00
Jeffrey (Dongkyu) Kim	ef2c69b81c	Replace sops+age encryption with plain dotenv and agent-native credential resolution ... Agent environments (OpenClaw, Claude Code, Codex) assume users delegate credentials to the agent. sops+age added setup friction without real security benefit since the agent decrypts on every call anyway. New model: skills declare required env var names; how they are supplied is up to the agent (own vault, shell env, or ~/.config/k-skill/secrets.env as the default fallback with 0600 permissions). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-30 22:12:04 +09:00
Jeffrey (Dongkyu) Kim	249b56e2b1	Keep npm release automation from crashing before publish ... Recent main-branch release workflow runs were failing before the Version Packages PR could be created because changesets/action tried to read per-package CHANGELOG.md files that do not exist in this repo. The repo deliberately keeps `.changeset/config.json` on `changelog: false`, so disable `createGithubReleases` to match that model and stop the action from expecting generated changelog files. Constraint: Repository package releases intentionally run with `.changeset/config.json` set to `changelog: false` Constraint: Existing GitHub Actions runs on 2026-03-25, 2026-03-26, and 2026-03-28 failed with ENOENT on missing package CHANGELOG.md files Rejected: Add per-package CHANGELOG.md generation | unnecessary extra release surface for a repo that intentionally skips changelog files Confidence: high Scope-risk: narrow Reversibility: clean Directive: If you later enable Changesets changelog generation, revisit `createGithubReleases` together with package CHANGELOG.md expectations Tested: npm run ci; npx changeset status; gh run view failed release logs for runs 23547709848, 23602324893, 23687336625 Not-tested: Live post-fix GitHub Actions release run on main	2026-03-30 21:58:06 +09:00
Jeffrey (Dongkyu) Kim	3c4be51975	Avoid per-package bootstrap work for new npm package releases ... Switch the npm release workflow to use the repository NPM_TOKEN so first publishes and subsequent Changesets releases can run from GitHub Actions without package-by-package trusted publisher setup. Add the missing kakao-bar-nearby changeset so every current public workspace package is in the release plan once this lands on main. Constraint: npm trusted publisher setup requires each package to already exist on the registry Constraint: This repository is expected to add more public npm packages over time Rejected: Per-package trusted publishers only | too much first-publish operational overhead for each new package Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep NPM_TOKEN scoped to package publish/write needs and preserve Changesets as the single source of release intent Tested: npm run ci; npx changeset status; npm view checks for current public workspace package publish state Not-tested: Live GitHub Actions publish against npm registry with the newly stored token	2026-03-30 21:35:56 +09:00
Jeffrey (Dongkyu) Kim	2700e426a9	Add a safe Toss Securities lookup surface without trading mutations ... Wrap the upstream tossinvest-cli binary behind a small read-only Node package, add the matching skill/docs wiring, and lock the behavior with regression tests plus publish/release metadata so the new workspace stays release-ready. Constraint: Issue #25 required using JungHoonGhae/tossinvest-cli rather than reimplementing Toss APIs directly Constraint: The public package surface must stay read-only and avoid wrapping trading mutations Rejected: Direct HTTP client against unofficial Toss endpoints | issue explicitly required the upstream CLI and would widen maintenance risk Rejected: Skill docs only with no package wrapper | repo convention is to ship reusable package + docs + release wiring together Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep toss-securities limited to read-only tossctl commands unless a future issue explicitly approves trading flows and adds stronger safeguards Tested: npm run ci; brew tap JungHoonGhae/tossinvest-cli && brew install tossctl && tossctl version; node smoke calling packages/toss-securities/src/index.js getQuote('TSLA'); lsp diagnostics on affected files Not-tested: Authenticated account/portfolio/order-history commands against a real Toss session	2026-03-30 11:25:43 +09:00
Jeffrey (Dongkyu) Kim	011aa0e90a	Keep the K League feature branch mergeable after dev advanced ... Merged dev into feature/#23 and resolved the overlapping root workspace packaging and skill-doc coverage so the branch now carries both the new kakao-bar-nearby work from dev and the kleague-results work from this PR without dropping either surface. Constraint: Root pack/test wiring must cover every publishable workspace Rejected: Keep only the PR-side root script/docs updates | would discard newer dev branch coverage for kakao-bar-nearby Confidence: high Scope-risk: moderate Reversibility: clean Directive: When adding a new workspace package, update root pack:dry-run coverage and skill-doc regressions in the same change to reduce future merge churn Tested: npm run ci Tested: node --input-type=module live smoke for getKLeagueSummary('2026-03-22', { leagueId: 'K리그1', team: 'FC서울', includeStandings: true }) Tested: node --input-type=module live smoke for getMatchResults('2026-03-22', { leagueId: 'K리그2' }) Not-tested: Remote GitHub Actions rerun after pushing the merge-resolution commit	2026-03-29 17:27:06 +09:00
Jeffrey (Dongkyu) Kim	51402dbd29	Keep Kakao smoke docs aligned with verified live output ... The station-anchor fixes changed the documented sadang smoke snapshot, so this follow-up pins both published examples to the current 2026-03-29 live result and adds regression coverage to stop the docs from drifting again. Constraint: Release/package docs must stay aligned with shipped live-smoke evidence Rejected: Update only the markdown snapshots | would leave no regression guard against future drift Confidence: high Scope-risk: narrow Reversibility: clean Directive: When live Kakao smoke outputs change, update both the feature doc and package README together and keep the shared doc-regression assertion in sync Tested: node --test packages/kakao-bar-nearby/test/index.test.js; node --test scripts/skill-docs.test.js; npm ci; npm run ci; live searchNearbyBarsByLocationQuery('사당', { limit: 3, panelLimit: 8 }) on 2026-03-29 Not-tested: Fresh-worktree clone after this doc-only follow-up	2026-03-29 17:05:17 +09:00
Jeffrey (Dongkyu) Kim	83d5f26b39	Add an official K League results client and skill ... The K League site already exposes JSON schedule and standings endpoints, so this change wraps those official surfaces in a reusable workspace package and wires the new skill/docs flow into the repo. The implementation keeps the fetch/parse boundary small, locks normalization with fixtures and regression tests, and documents the publish follow-up needed for the new npm package. Korean-language request headers are pinned so live payloads keep the expected team names and result labels. Constraint: Must use official K League surfaces instead of adding scraping or third-party dependencies Rejected: HTML scraping from schedule pages | official JSON endpoints already provide schedule and standings data Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep the accept-language header pinned to Korean unless team alias normalization is expanded for English payloads Tested: npm run ci; live getKLeagueSummary('2026-03-22', { leagueId: 'K리그1', team: 'FC서울', includeStandings: true }); live getMatchResults('2026-03-22', { leagueId: 'K리그2' }) Not-tested: Live in-progress/postponed match statuses beyond the fixture-covered finished-game path	2026-03-29 15:57:15 +09:00
Jeffrey (Dongkyu) Kim	25b1d3b328	Let agents find open nearby bars from Korean map data ... Kakao Map mobile search results and place panels provide enough public data to turn station/neighborhood queries into nearby bar summaries with live open status, menu hints, seating hints, and phone numbers. This adds a reusable workspace package plus docs/skill wiring, while keeping the flow keyless and grounded in TDD + live smoke verification. Constraint: Must avoid paid/authenticated Kakao APIs and new dependencies Constraint: Nearby bar results must use current live panel/open-hour data Rejected: Kakao Local REST API | requires app key/setup and breaks the no-auth posture Rejected: Naver Map scraping | public responses were more rate-limited in testing Confidence: medium Scope-risk: moderate Reversibility: clean Directive: If Kakao changes panel3/search HTML contracts, verify headers and anchor-selection heuristics before expanding fallback logic Tested: node --test packages/kakao-bar-nearby/test/index.test.js Tested: node --test scripts/skill-docs.test.js Tested: lsp diagnostics on affected files (0 errors) Tested: live smoke searchNearbyBarsByLocationQuery('사당') on 2026-03-29 Tested: npm run ci Not-tested: Precise distance calculation when Kakao station panels omit coordinates	2026-03-29 15:34:31 +09:00
Jeffrey (Dongkyu) Kim	8b36634e28	Stop guessing districts and require exact station retries for ambiguous fine-dust lookups ... The fine-dust proxy now resolves natural-language region hints through city-level station lists and only returns a report when a single station can be justified. When the hint is ambiguous, the proxy returns a small candidate list so callers can retry with an exact station name instead of silently guessing. The skill guidance was updated to match that runtime contract: region hint first, then retry with stationName when candidate_stations are returned. Coordinate-centric guidance was removed from the primary skill surface so the default path stays lightweight and consistent with the live proxy behavior. Constraint: The current AirKorea key can access city-level and station-level measurement APIs but station-info lookups may still return 403 Constraint: Free-API proxy responses must stay safe to expose publicly, so ambiguous locations should not be auto-guessed Rejected: Auto-pick the first city-level station for unmatched district hints | hides ambiguity and returns misleading air-quality data Rejected: Keep coordinate-first language in the primary skill | no coordinate source exists in the default user flow Confidence: high Scope-risk: moderate Reversibility: clean Directive: Preserve the ambiguous_location contract; if you improve matching later, prefer evidence-backed narrowing over silent fallback guesses Tested: node --test scripts/skill-docs.test.js; npm run test --workspace k-skill-proxy; python3 -m unittest discover -s scripts -p test_fine_dust.py; live curl for ambiguous regionHint=광주 광산구 and exact stationName=우산동(광주) Not-tested: Broader region alias quality outside the manually checked examples	2026-03-28 23:28:12 +09:00
Jeffrey (Dongkyu) Kim	a3ef6ffac6	Make the fine-dust proxy easier to consume than the upstream APIs ... The fine-dust lane now treats the public proxy as the default surface, keeps a simple summarized report endpoint, and also exposes a narrow AirKorea passthrough shape so callers can reuse upstream query patterns without carrying service keys on the client side. The skill instructions were trimmed down so the default path is obvious, region-name guidance stays visible, and detailed implementation notes move into feature docs instead of bloating the primary skill surface. Constraint: Free-API proxy endpoints are intentionally public and must avoid embedding upstream secrets in the repo Constraint: AirKorea station-info access can return 403 even when measurement access succeeds, so the report path needs a measurement-only fallback Rejected: Keep proxy auth via shared token | contradicts the intended public free-API proxy policy Rejected: Force all callers onto the summary endpoint only | passthrough compatibility is useful for direct HTTP consumers Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep the proxy allowlist narrow; if new upstream routes are exposed, document them explicitly rather than turning this into a generic open proxy Tested: node --test scripts/skill-docs.test.js; npm run test --workspace k-skill-proxy; python3 -m unittest discover -s scripts -p test_fine_dust.py; live curls against /health, /v1/fine-dust/report, and /B552584/ArpltnInforInqireSvc/getMsrstnAcctoRltmMesureDnsty Not-tested: Fresh reboot validation of PM2/cloudflared persistence after the latest code-only changes	2026-03-28 17:14:18 +09:00
Jeffrey (Dongkyu) Kim	a9a59e3655	Keep PR #21 mergeable against the updated dev branch ... Merged the latest dev branch into feature/#17 and resolved the overlapping install/test updates by preserving both the fine-dust additions from this branch and the newer Daiso workspace coverage from dev. Constraint: Base branch dev advanced after PR #21 was opened Rejected: Rebase and rewrite the feature branch history | a merge update restores mergeability with less risk Confidence: high Scope-risk: narrow Reversibility: clean Directive: When install docs or regression suites diverge across branches, keep both shipped skill entries and broaden shared assertions instead of dropping one side Tested: npm run ci Not-tested: Remote push / GitHub UI mergeability refresh	2026-03-28 09:25:20 +09:00
Jeffrey (Dongkyu) Kim	9ef274c3b7	Honor documented fine-dust fallback semantics ... The fine-dust helper still broke the documented station-name path when the station lookup API returned no rows, and it guessed a KHAI label from PM10 whenever the upstream API omitted khaiGrade. This change locks both behaviors with regressions, resolves station selection to a direct measurement lookup when only the station name is usable, and reports 정보없음 when the source omits the KHAI field. The docs now match the implemented fallback and missing-field behavior. Constraint: Keep the fix compatible with existing fetch_station_payload callers and PR #21 scope Rejected: Recompute KHAI from other pollutant fields | official formula/data inputs are not implemented in this helper Rejected: Fail hard when station lookup is empty despite --station-name | contradicts the documented direct station-name fallback Confidence: high Scope-risk: narrow Reversibility: clean Directive: Do not synthesize 통합대기등급 from PM10/PM2.5 surrogates unless the official KHAI formula and inputs are implemented end-to-end Tested: python3 scripts/test_fine_dust.py; npm run ci; python3 scripts/fine_dust.py report --station-file scripts/fixtures/fine-dust-stations.json --measurement-file scripts/fixtures/fine-dust-measurements.json --lat 37.5665 --lon 126.9780; python3 scripts/fine_dust.py report --station-file scripts/fixtures/fine-dust-stations.json --measurement-file scripts/fixtures/fine-dust-measurements.json --region-hint '서울 강남구'; python3 scripts/fine_dust.py --help; env -u AIR_KOREA_OPEN_API_KEY python3 scripts/fine_dust.py report --lat 37.5665 --lon 126.9780; python3 -m py_compile scripts/fine_dust.py scripts/test_fine_dust.py Not-tested: Live Air Korea API responses with a real service key	2026-03-27 22:58:01 +09:00
Jeffrey (Dongkyu) Kim	1e13cc10e1	Keep PR #19 CI stable without user Python site-packages ... The validate job was failing because the KTX helper regression suite imported optional runtime dependencies directly from the module top level. GitHub Actions does not inherit the local user site-packages that made those imports succeed on the workstation, so the test suite died before it could exercise the helper logic. This change makes the helper import-safe in minimal environments by deferring requests usage, providing lightweight fallbacks for optional Korail/Crypto imports during unit tests, and surfacing an explicit install command when the real runtime dependencies are actually needed. The docs now list pycryptodome alongside korail2, and the regression suite forces PYTHONNOUSERSITE=1 so CI keeps exercising the dependency-light path instead of accidentally relying on a developer machine. Constraint: PR #19 must keep npm run ci green on GitHub Actions without assuming user-level Python packages Constraint: The KTX helper still needs the real korail2 and pycryptodome packages for live reservation flows Rejected: Installing ad-hoc Python packages in the CI workflow | hides the import-safety regression instead of fixing the helper/test contract Rejected: Removing the Python regression suite from skill-docs coverage | would lose the guard on the train_id reservation flow Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the KTX helper importable under PYTHONNOUSERSITE=1 and document every required runtime package in both the skill and install docs Tested: PYTHONNOUSERSITE=1 python3 -m unittest discover -s scripts -p test_ktx_booking.py Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Not-tested: GitHub Actions validate rerun after push	2026-03-27 22:51:33 +09:00
Jeffrey (Dongkyu) Kim	1453448947	Honor Air Korea's TM-coordinate contract for nearby station lookup ... PR #21 review found the live location path was sending raw WGS84 latitude/longitude into getNearbyMsrstnList. This updates the helper to convert WGS84 inputs into Air Korea's central-origin TM coordinates without adding a new dependency, adds regression coverage for the live request path plus fallback behavior, and aligns the published skill/docs examples with tmX/tmY usage. Constraint: Air Korea nearby-station lookup requires TM coordinates and this repo should not add new runtime dependencies for a helper script Rejected: Add pyproj/proj4 as a dependency | unnecessary dependency footprint for a deterministic coordinate transform Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep getNearbyMsrstnList on TM inputs only; if the upstream coordinate contract changes, verify against the official Air Korea docs before editing request params again Tested: npm run ci; python3 scripts/fine_dust.py report --station-file scripts/fixtures/fine-dust-stations.json --measurement-file scripts/fixtures/fine-dust-measurements.json --lat 37.5665 --lon 126.9780; python3 scripts/fine_dust.py report --station-file scripts/fixtures/fine-dust-stations.json --measurement-file scripts/fixtures/fine-dust-measurements.json --region-hint '서울 강남구'; python3 scripts/fine_dust.py --help; env -u AIR_KOREA_OPEN_API_KEY python3 scripts/fine_dust.py report --lat 37.5665 --lon 126.9780; python3 -m py_compile scripts/fine_dust.py scripts/test_fine_dust.py Not-tested: Live Air Korea API call with a real service key on this branch	2026-03-27 22:28:24 +09:00
Jeffrey (Dongkyu) Kim	326a707cb6	Keep PR #19 mergeable while preserving both npm package releases ... Merged origin/dev into feature/#15 and resolved the shared docs, package script, and skill regression conflicts so the Daiso work and the Blue Ribbon work can ship together. The resolution keeps both publishable workspaces in the dry-run packaging check and aligns install/source docs plus regression coverage with the combined branch state. Constraint: PR #19 targets dev and GitHub marked it CONFLICTING against origin/dev Constraint: Release and packaging changes must continue to pass npm run ci after conflict resolution Rejected: Dropping the Blue Ribbon additions during merge resolution | would lose newer dev branch work Rejected: Keeping only one workspace in pack:dry-run | would leave the other publishable package unverified Confidence: high Scope-risk: moderate Reversibility: clean Directive: If another publishable workspace is added, extend both package.json pack:dry-run and scripts/skill-docs.test.js together Tested: npm install; npm run ci Not-tested: GitHub mergeability refresh after push	2026-03-27 22:19:48 +09:00
Jeffrey (Dongkyu) Kim	8c86d54b1f	Add local air-quality lookup so k-skill covers location-based dust checks ... Issue #17 approved an Air Korea two-API flow with a region fallback, so this change adds a new fine-dust skill, wires it into the repo docs/setup surfaces, and includes a runnable helper plus fixtures/tests for repeatable verification. Constraint: Must use the approved official Air Korea APIs and secure secret registration flow Rejected: Use an unofficial air-quality API | issue follow-up explicitly approved the Air Korea two-API flow Rejected: Require coordinates only | issue discussion required a practical fallback when precise location is unavailable Confidence: high Scope-risk: moderate Directive: Keep the helper and docs aligned with Air Korea endpoint names and fallback order if the official API contract changes Tested: npm run ci; python3 scripts/fine_dust.py report --station-file scripts/fixtures/fine-dust-stations.json --measurement-file scripts/fixtures/fine-dust-measurements.json --lat 37.5665 --lon 126.9780; python3 scripts/fine_dust.py report --station-file scripts/fixtures/fine-dust-stations.json --measurement-file scripts/fixtures/fine-dust-measurements.json --region-hint '서울 강남구'; python3 scripts/fine_dust.py --help; missing-secret error path without AIR_KOREA_OPEN_API_KEY Not-tested: Live Air Korea API calls with a real AIR_KOREA_OPEN_API_KEY	2026-03-27 22:06:19 +09:00
Jeffrey (Dongkyu) Kim	6d04a3b402	Keep Daiso online-stock lookups aligned with live product ids ... Live smoke on 2026-03-27 exposed two real SearchGoods mismatches: some rows require a separate online/master product identifier for online stock requests, and some live rows use alias keys or placeholder ids that the original fixtures did not cover. This change locks those behaviors with regression tests, normalizes onldPdNo/alias fields from live payloads, falls back from placeholder identifiers like 0 to pdNo, and threads the normalized identifier through the end-to-end availability helper. The public docs now note that product candidates can carry onldPdNo for online-stock follow-ups. Constraint: Daiso Mall SearchGoods currently mixes legacy and live field names in the same public surface Constraint: Online stock requests must keep working for both identity and non-identity pdNo/onldPdNo pairs Rejected: Require callers to read raw MASTER_PD_NO/MAPP_BOX_PD_NO fields | leaks transport details into the public API Rejected: Treat placeholder ids like 0 as valid online product ids | breaks live stock lookups for otherwise valid candidates Confidence: high Scope-risk: narrow Directive: Keep the live-smoke-backed alias and placeholder-id regression cases when updating Daiso payload fixtures Tested: node --test scripts/skill-docs.test.js Tested: node --test packages/daiso-product-search/test/index.test.js Tested: npm test Tested: npm run ci Tested: live smoke against official Daiso Mall endpoints on 2026-03-27 Not-tested: Other Daiso search terms beyond VT 리들샷 100	2026-03-27 19:31:24 +09:00
Jeffrey (Dongkyu) Kim	51b4111572	Restore advertised landmark routing for Blue Ribbon nearby searches ... Add explicit COEX landmark alias expansion so documented landmark inputs resolve to the official 삼성동/대치동 zone, back it with regression tests, and align the user-facing docs with the actual runtime behavior. Constraint: Blue Ribbon only exposes official zone names, not landmark aliases Rejected: Remove landmark examples from docs | weaker UX than the intended nearby flow Confidence: high Scope-risk: narrow Directive: Keep documented landmark examples synced with alias coverage or official zone names before advertising them Tested: node --test packages/blue-ribbon-nearby/test/index.test.js Tested: npm run ci Tested: live smoke searchNearbyByLocationQuery('광화문', { distanceMeters: 1000, limit: 5 }) Tested: live smoke searchNearbyByLocationQuery('코엑스', { distanceMeters: 1000, limit: 5 }) Not-tested: broader landmark alias catalog beyond documented examples	2026-03-27 19:15:21 +09:00
Jeffrey (Dongkyu) Kim	2352856826	Enable official Daiso store stock lookups before visiting a branch ... Added a new Daiso skill and reusable workspace package around the official Daiso Mall store search, product search, and pickup-stock surfaces. The implementation stays stock-first because the official surface clearly exposes store inventory but I could not verify any official aisle/location endpoint for in-store placement. Constraint: Must rely on official Daiso Mall surfaces before considering scraping Constraint: Tests-first implementation and full repo CI must stay green Rejected: Playwright-first scraping flow | official SearchGoods and selStrPkupStck endpoints were sufficient Confidence: high Scope-risk: moderate Reversibility: clean Directive: If Daiso exposes an official in-store location endpoint later, extend this package instead of inferring shelf locations Tested: node --test scripts/skill-docs.test.js Tested: node --test packages/daiso-product-search/test/index.test.js Tested: npm test Tested: npm run ci Tested: live smoke for searchStores/searchProducts/getStorePickupStock/lookupStoreProductAvailability against Daiso Mall on 2026-03-27 Not-tested: Logged-in-only variants beyond anonymous official search/store/stock surfaces	2026-03-27 18:53:53 +09:00
Jeffrey (Dongkyu) Kim	4121e086eb	Make nearby Blue Ribbon searches reusable and location-first ... Issue #16 adds a new location-first Blue Ribbon skill, documents that 맛집 requests should route here by default, and ships a reusable npm workspace client over the official Blue Ribbon zone/search surfaces. The package now parses official zone links, matches user-provided location text or coordinates, and queries the nearby JSON endpoint while filtering to certified ribbon venues only. Repo docs, install guidance, release metadata, and regression coverage were updated together so the new skill can ship cleanly. Constraint: Must ask the user for current location before nearby search Constraint: Blue Ribbon nearby calls require browser-like headers and official zone/search parameters Rejected: Auto-detect user geolocation | violates the issue requirement to ask first Rejected: Generic web search scraping without a reusable package | weaker reuse and less aligned with official Blue Ribbon surfaces Confidence: high Scope-risk: moderate Reversibility: clean Directive: Keep certified-ribbon filtering pinned to RIBBON_ONE/TWO/THREE unless the official Blue Ribbon contract changes Tested: npm run ci; live smoke with searchNearbyByLocationQuery('광화문', { distanceMeters: 1000, limit: 5 }) Not-tested: Ambiguous location strings that require conversational disambiguation beyond current zone heuristics	2026-03-27 18:20:05 +09:00
Jeffrey (Dongkyu) Kim	04653f761f	Prevent KTX reserve retries from drifting to the wrong train ... Reserve used to replay search results and trust a fresh ordinal index, which could silently target a different train when sold-out entries disappeared or ordering changed. This change emits a stable train_id from search output, requires reserve to match the exact train identity on replay, and updates docs/tests to lock the safer CLI contract. Constraint: Korail search results can reorder between search and reserve while the helper still needs to replay the live lookup Rejected: Keep --train-index as the reserve selector | still allows silent wrong-train bookings when the result set shifts Confidence: high Scope-risk: narrow Reversibility: clean Directive: If upstream train identity fields change, update the train_id payload and the docs/tests together before changing reserve selection again Tested: python3 -m py_compile scripts/ktx_booking.py; python3 -m unittest discover -s scripts -p test_ktx_booking.py; node --test scripts/skill-docs.test.js; npm run ci; live search/reservations/reserve/cancel/reservations with sops-managed Korail credentials Not-tested: Forced live stale-train_id failure against a disappearing train between search and reserve	2026-03-27 11:09:14 +09:00
Jeffrey (Dongkyu) Kim	1a74a74734	Keep the KTX helper docs aligned with the live CLI contract ... The feature branch already restored the patched Korail helper, so this follow-up stays narrow: lock the documented helper flags in regression tests and teach both KTX docs surfaces about the search and waiting-list toggles the live CLI already supports. Constraint: Follow-up had to stay compatible with the shipped scripts/ktx_booking.py parser and existing PR scope Rejected: Expand README into a full command matrix | duplicates the dedicated KTX docs and skill guide Confidence: high Scope-risk: narrow Directive: When the helper CLI changes, update both KTX docs surfaces and the regression assertions in the same change Tested: node --test scripts/skill-docs.test.js Tested: python3 -m py_compile scripts/ktx_booking.py Tested: npm run ci Tested: live python3 scripts/ktx_booking.py search/reservations/reserve/cancel via sops-managed Korail credentials Not-tested: 예약대기 success path on a sold-out train	2026-03-27 10:46:19 +09:00
Jeffrey (Dongkyu) Kim	3f59d1518b	Restore live KTX booking flow against Korail's new anti-bot checks ... Korail's current mobile endpoints reject the published raw korail2 examples with MACRO ERROR, so this change adds a repo-local helper that patches Dynapath token/Sid/version behavior and reroutes KTX docs/tests to the helper-based flow. Constraint: Must keep credentials in sops-managed secrets and prove the flow with a real reservation Rejected: Fork and publish a patched korail2 package | broader release surface than this repo needs Confidence: high Scope-risk: moderate Directive: Re-check the helper constants and private korail2 hooks whenever Korail changes its mobile anti-bot flow Tested: python3 -m py_compile scripts/ktx_booking.py Tested: npm run ci Tested: Live search via scripts/ktx_booking.py search 서울 부산 20260328 000000 --include-no-seats --include-waiting-list Tested: Live reserve/cancel via scripts/ktx_booking.py reserve/cancel/reservations on March 28, 2026 KTX #001 Not-tested: Final payment completion after reservation	2026-03-27 10:33:16 +09:00
Jeffrey (Dongkyu) Kim	21f036e942	Document the verified public tracking outputs explicitly ... Add aligned CJ and 우체국 sample public-output blocks to both delivery-tracking docs and extend the docs regression so those examples stay synchronized with the normalized non-PII contract. The new examples are dated live smoke-test captures, giving reviewers and users a concrete expected result without relying on raw carrier fields. Constraint: feature/#4 already matched dev, so the follow-up needed a small reviewable change to reopen PR work on the same branch Constraint: Keep verification offline in CI and avoid new runtime dependencies Rejected: Add live carrier calls to CI | external endpoints are flaky and would make the docs regression nondeterministic Confidence: high Scope-risk: narrow Reversibility: clean Directive: Refresh both dated sample-output blocks together if the smoke-test invoices ever change their public tracking history Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: python3 /tmp/cj_verify.py Tested: python3 /tmp/epost_verify.py Tested: npx --yes skills add . --list Tested: git diff --check Not-tested: Automated live carrier verification in CI	2026-03-27 02:44:48 +09:00
Jeffrey (Dongkyu) Kim	fed0973979	Pin the delivery examples to exact schema mappings ... The current delivery-tracking follow-up already describes a shared normalized schema, but the regression test still allowed drift in the actual field expressions. This change upgrades the docs regression to exact key/value allowlists and aligns the 우체국 feature example with named summary groups so the published examples stay in sync. Constraint: Follow-up had to stay docs-first on feature/#4 / PR #12 Constraint: The published CJ and 우체국 examples must remain privacy-safe while sharing one exact schema contract Rejected: Keep key-only checks in the regression suite | still allows silent expression drift in published examples Rejected: Refactor the docs examples into separate reusable scripts | too broad for this bounded follow-up Confidence: high Scope-risk: narrow Reversibility: clean Directive: If the delivery examples change again, update both the printed object mappings and the exact allowlist regression in the same diff Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Not-tested: Live carrier requests were not needed for this schema-lock follow-up because behavior remained documentation-only and prior live verification already covered the transport paths	2026-03-27 02:06:27 +09:00
Jeffrey (Dongkyu) Kim	448b008522	Clarify the shared delivery output contract in published docs ... The approved issue-4 follow-up was already on the branch, so this pass tightened the regression suite first and then made the shared schema explicit in both delivery-tracking docs. The docs now name the normalized keys directly and state that recent_events is capped at the latest three entries, matching the verified CJ and 우체국 examples. Constraint: Keep the published examples aligned with the verified carrier flows and the existing normalized output contract Rejected: Broader refactor of the delivery-tracking examples | unnecessary for this follow-up and would widen review scope Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the docs and regression test aligned whenever the normalized tracking schema changes Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: npx --yes skills add . --list Tested: Live CJ official flow for 1234567890 Tested: Live 우체국 flow for 1234567890123	2026-03-27 01:29:32 +09:00
Jeffrey (Dongkyu) Kim	65e203a005	Normalize published delivery outputs to one shared contract ... The delivery-tracking docs promised one carrier-agnostic result shape, but the CJ and 우체국 examples had drifted into different schemas. This updates both published examples and the regression suite to emit the same normalized fields, include recent_events, and sanitize ePost TEL fragments observed during live verification. Constraint: Issue #4 follow-up must keep published examples non-PII and aligned with the documented common-format contract Rejected: Preserve carrier-specific fields in the published examples | contradicts the carrier-adapter normalization promise and review feedback Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep CJ and ePost published examples on the same normalized schema and strip contact fragments from documented ePost locations Tested: node --test scripts/skill-docs.test.js; npm run ci; npx --yes skills add . --list; live CJ verification for 1234567890; live ePost verification for 1234567890123; architect verification Not-tested: Shared runtime adapter implementation outside the published docs/examples	2026-03-27 01:29:32 +09:00
Jeffrey (Dongkyu) Kim	5b104d27e2	Protect published tracking examples from leaking carrier contact data ... The CJ official response can embed staff name and phone data in crgNm, so the published skill and feature examples now emit only normalized summary fields. The root docs regression suite also locks the safe output shape so raw CJ event payloads do not creep back into the docs.\n\nConstraint: Official CJ tracking responses may include personal contact data in crgNm\nRejected: Keep a message field with ad-hoc redaction | deleting the field is safer for published examples\nConfidence: high\nScope-risk: narrow\nReversibility: clean\nDirective: Keep carrier doc examples limited to normalized summary fields; do not dump raw tracking payloads without privacy review\nTested: node --test scripts/skill-docs.test.js; npx --yes skills add . --list; npm run ci; CJ official curl+cookie+_csrf verification for 1234567890; 우체국 curl --http1.1 --tls-max 1.2 verification for 1234567890123; lsp_diagnostics scripts/skill-docs.test.js\nNot-tested: Live carrier responses beyond the documented smoke-test invoice numbers	2026-03-27 01:29:32 +09:00
Jeffrey (Dongkyu) Kim	e257ab39a0	Avoid leaking CJ contact details in published tracking examples ... The first delivery-tracking draft exposed too much of the raw CJ event payload in the public examples. This follow-up keeps the examples useful for status checks while normalizing them to non-PII fields only, and locks that expectation in the docs regression suite so the raw field is not reintroduced. Constraint: Must preserve the verified official CJ flow while removing avoidable personal-contact leakage from the shipped examples Constraint: Follow-up had to stay docs-first and scoped to the existing feature/#4 PR branch Rejected: Keep raw CJ payload output and rely on users to ignore | published examples should not leak names/phone numbers unnecessarily Rejected: Drop CJ example detail entirely | loses practical verification value for the main carrier path Confidence: high Scope-risk: narrow Reversibility: clean Directive: Any future CJ example update must continue to avoid printing raw or other contact-bearing fields in public docs Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: python3 normalized CJ official endpoint verification for 1234567890 Tested: python3 우체국 follow-up verification for 1234567890123 Not-tested: Real non-placeholder customer waybills with different event shapes	2026-03-27 00:48:02 +09:00
Jeffrey (Dongkyu) Kim	3c6a7d2e51	Keep parcel-tracking guidance aligned with the verified carrier flows ... The delivery-tracking skill already existed on feature/#4, but the CJ example still documented a naive Python HTTP path. This follow-up switches the documented CJ flow to the verified curl+cookie+_csrf sequence, then tightens the surrounding docs so the shipped scope and future carrier-extension story stay consistent. Constraint: CJ tracking-detail rejects naive direct HTTP calls without preserved session state Constraint: Must keep the existing feature/#4 PR against dev accurate without widening scope Rejected: Keep the urllib-only CJ example | live smoke test returned 403 and contradicted the docs Confidence: high Scope-risk: narrow Directive: Re-run live carrier smoke tests before changing documented transport steps for CJ or 우체국 Tested: npm run ci; live CJ curl+cookie+_csrf verification for 1234567890; live 우체국 curl verification for 1234567890123 Not-tested: Real non-placeholder customer waybills	2026-03-27 00:35:54 +09:00
Jeffrey (Dongkyu) Kim	4a4ab95541	Make official parcel tracking available without aggregator services ... Issue #4 asks for a first-class way to check Korean parcel status from invoice numbers. This change adds a delivery-tracking skill covering CJ대한통운 and 우체국 through their official surfaces, wires it into the repo docs, and locks the carrier-specific endpoint rules with the root regression suite. Constraint: Must stay docs-first with no new dependencies or bundled carrier client code Constraint: Official carrier surfaces use different transport shapes (CJ JSON with _csrf, 우체국 HTML/form flow) so the skill must document adapter-specific rules explicitly Rejected: Use a third-party aggregate tracking site | violates official-surface requirement and weakens long-term maintainability Rejected: Collapse both carriers into one generic parsing recipe | carrier-specific transport and parsing rules differ too much Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep future carrier additions as explicit carrier adapters with official URLs, length rules, and parsing guidance instead of broadening the current CJ/우체국 snippets into a catch-all flow Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: npx --yes skills add . --list Tested: python3 CJ official endpoint verification for 1234567890 and 000000000000 Tested: python3 requests verification of the 우체국 landing page plus trace.RetrieveDomRigiTraceList.comm follow-up for 1234567890123 Not-tested: Real customer shipment numbers across more carriers or edge-case invoice formats	2026-03-27 00:30:09 +09:00
Jeffrey (Dongkyu) Kim	ca490a5e6e	Harden postcode lookup guidance for flaky shell/runtime conditions ... The zipcode-search docs were directionally correct, but they left a few practical failure modes underexplained for real operator use. This update makes the retry order explicit, adds guidance for temp-file based parsing in wrapped shells, and documents the benign curl (23) case when downstream readers close early. Constraint: Keep the change docs-first without adding runtime code or dependencies Constraint: The official ePost endpoint remains intermittently flaky, so guidance must focus on stable operator behavior rather than pretending transport is deterministic Rejected: Replace the docs example with a larger shell wrapper script | too heavy for a small skill-doc improvement Rejected: Ignore curl (23) and here-doc issues as user error | repeated operator confusion is worth documenting Confidence: high Scope-risk: narrow Reversibility: clean Directive: If the zipcode-search example changes again, keep the retry order and shell-wrapper caveats aligned between the skill doc, feature doc, and regression test Tested: node --check scripts/skill-docs.test.js Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: npx --yes skills add . --list Not-tested: Live ePost requests for this doc-only follow-up	2026-03-26 23:58:01 +09:00
Jeffrey (Dongkyu) Kim	2053bca68f	Keep postcode docs executable in modern clients ... Broaden the root regression suite to cover the roadmap/source/feature-doc surface and replace the fragile urllib example with a curl-backed, timeout-bounded snippet that matches the verified live query path. Constraint: The ePost endpoint resets the shipped urllib transport on current local python3 toolchains Constraint: Must keep the fix doc-only with no new dependencies Rejected: Keep urllib and add a warning only | the published example would still fail as written Confidence: high Scope-risk: narrow Directive: If the ePost markup or transport requirements change, update both docs and scripts/skill-docs.test.js together Tested: node --test scripts/skill-docs.test.js Tested: npx --yes skills add . --list Tested: python3 /tmp/zipcode_live_check.py Tested: npm run ci Not-tested: Alternative HTTP clients beyond the curl-backed path	2026-03-26 23:17:45 +09:00
Jeffrey (Dongkyu) Kim	c4f9a32c51	Make postcode lookup available as a first-class k-skill ... Issue #3 asks for a low-friction way to turn a known Korean address into a postal code. This change adds a dedicated zipcode-search skill, wires it into repo docs, and protects the new discovery/documentation surface with a root-level regression test that now runs under npm test/ci. Constraint: Must use the official ePost postal search page and avoid new dependencies Rejected: Data.go.kr key-based postal API | unnecessary setup for a simple lookup skill Confidence: high Scope-risk: narrow Directive: Keep the zipcode-search extraction logic aligned with the official ePost HTML fields unless a more stable public API replaces it Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: npx --yes skills add . --list Tested: python3 live query against the ePost endpoint for 세종대로 209 Not-tested: Broader address variants beyond the verified ePost query example	2026-03-26 23:15:54 +09:00
Jeffrey (Dongkyu) Kim	fbc44b795b	Document safe macOS KakaoTalk skill usage ... Add the new kakaotalk-mac skill as a docs-first capability with regression coverage, repository discoverability, and clear macOS permission/install guidance built around kakaocli. The change keeps the repo docs-only while making the feature installable and reviewable through existing skill validation paths. Constraint: This repo ships skill definitions and docs, not KakaoTalk automation binaries Constraint: Guidance must stay macOS-specific and require explicit confirmation before sending to other people Rejected: Add executable integration code in this repo | issue scope is docs-only skill packaging Rejected: Document unofficial non-macOS workarounds | upstream tool is macOS-only and issue explicitly targets Mac Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep future updates aligned with upstream kakaocli commands and macOS permission requirements before broadening this skill Tested: node --test scripts/skill-docs.test.js Tested: npm run ci Tested: npx --yes skills add . --list Tested: Architect review approval on working tree Not-tested: Live kakaocli execution against a local KakaoTalk installation on macOS	2026-03-26 23:12:42 +09:00
Jeffrey (Dongkyu) Kim	48b8d8153e	Clarify HWP markdown verification in the feature guide ... The feature guide already documented `--include-images`, but it did not spell out the verification rule as clearly as the skill doc. Add a feature-level verification checklist and tighten the regression test so repo docs stay aligned with the actual `hwpjs` inline-image behavior. Constraint: `hwpjs to-markdown --include-images` embeds images as base64 data URIs instead of writing sidecar files Rejected: Leave verification guidance only in `hwp/SKILL.md` | feature docs could drift without their own regression coverage Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep the feature-guide verification text aligned with `npx --yes @ohah/hwpjs to-markdown --help` if the CLI flag behavior changes Tested: node --test scripts/skill-docs.test.js; npx --yes @ohah/hwpjs to-markdown --help; npm test; npm run ci; npx --yes skills add . --list Not-tested: End-to-end conversion against a real `.hwp` fixture	2026-03-26 12:34:34 +09:00
Jeffrey (Dongkyu) Kim	b864be65e0	Keep HWP markdown verification aligned with actual inline-image behavior ... The follow-up review found that the HWP skill docs described `hwpjs to-markdown --include-images` as if it generated image paths/files, while the actual CLI help says the flag embeds images as base64 data URIs. This update corrects the verification wording in the skill docs, mirrors the same note in the feature guide, and adds regression coverage so the docs stay aligned with the verified CLI behavior. Constraint: Follow-up must stay on PR #5 / branch `feature/#1` and keep the existing HWP feature wiring intact Constraint: Root regression coverage should lock the reviewed documentation behavior before future edits Rejected: Switch the docs to `--images-dir` examples instead | would change the documented workflow instead of fixing the reviewed mismatch Confidence: high Scope-risk: narrow Reversibility: clean Directive: If `hwpjs` changes `--include-images` semantics, update both `hwp/SKILL.md` and `docs/features/hwp.md` and keep `scripts/skill-docs.test.js` in sync Tested: `node --test scripts/skill-docs.test.js` Tested: `npx --yes @ohah/hwpjs to-markdown --help` Tested: `npm test` Tested: `npm run ci` Tested: `npx --yes skills add . --list` Not-tested: End-to-end HWP conversion with a fixture document in this repository (no sample `.hwp` fixture was added)	2026-03-26 11:49:26 +09:00
Jeffrey (Dongkyu) Kim	50175f1596	Document an environment-aware HWP workflow for Korean document tasks ... Issue #1 adds a new hwp skill that routes routine conversion work to @ohah/hwpjs and reserves hwp-mcp for Windows environments with Hangul installed and direct-control needs. The repo docs and root verification now cover the new skill so it remains visible in listings and regressions catch missing documentation. Constraint: The repository is documentation-first for skills, so the change needed tested docs rather than a new runtime package Constraint: No new dependencies were allowed for the repo implementation Rejected: Adding a bundled HWP runtime wrapper package | issue scope only required the installable skill and guidance Rejected: Defaulting to hwp-mcp on Windows without explicit Hangul availability | too risky for unsupported environments Confidence: high Scope-risk: narrow Directive: Keep conversion/extraction guidance biased toward @ohah/hwpjs unless direct Hangul automation is explicitly available Tested: npm test Tested: npm run ci Tested: npx --yes skills add . --list Not-tested: Live conversion against a sample .hwp file using @ohah/hwpjs Not-tested: Windows-only hwp-mcp control against a locally installed Hangul application	2026-03-26 11:00:57 +09:00
Jeffrey (Dongkyu) Kim	b6c353c172	Clarify the supported setup flow for installed skills ... Document the intended post-install path around k-skill-setup, add opt-in guidance for update checks and GitHub starring, and mark KTX booking as currently unavailable so users do not assume it is production-ready. Constraint: Setup guidance must avoid automatic persistent changes or GitHub side effects without explicit user consent Constraint: Repository docs should steer users toward the actual skills install surface rather than `.codex` Rejected: Keep per-skill install branching as the default path | it obscures the intended full-bundle install flow Rejected: Auto-star the repository from the setup skill | violates explicit-consent expectations Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep install docs, setup docs, and k-skill-setup instructions aligned whenever the installer workflow changes Tested: npm run ci; rg verification of README KTX availability notice Not-tested: Manual execution of cron/schtasks examples and `gh repo star` flow	2026-03-26 00:50:23 +09:00
Jeffrey (Dongkyu) Kim	720964cf49	Prepare k-skill for packaged releases and broader skill discovery ... This snapshots the current repository updates as a coherent release-prep baseline: workspace/package scaffolding, release automation docs and workflows, refreshed skill/setup documentation, roadmap expansion, and the README thumbnail polish. Constraint: Node packages in this repo must use npm workspaces and Changesets for releases Constraint: Python release automation stays scaffold-only until a real package exists Rejected: Split the current work into multiple commits | user asked to commit the current changes together Confidence: medium Scope-risk: moderate Reversibility: clean Directive: Keep release docs, workflows, and package metadata aligned when adding future packages Tested: npm run ci Not-tested: GitHub Actions execution on remote after push	2026-03-25 23:57:53 +09:00
Jeffrey (Dongkyu) Kim	ec41ff08dc	Correct the documented kbo-game call pattern ... The published kbo-game package does not match the README example, so the KBO skill docs now show the API shape that actually works in practice. The examples use the exported getGame function and convert YYYY-MM-DD inputs into Date objects before calling it. Constraint: Must document the currently published kbo-game@0.0.2 behavior without adding new dependencies Rejected: Keep the upstream README example | local reproduction shows it throws at runtime Confidence: high Scope-risk: narrow Reversibility: clean Directive: Re-verify the package exports before changing these examples if kbo-game releases a new version Tested: Local npm install of kbo-game; reproduced getGameInfo failure; verified getGame(new Date(...)) success; npm run ci Not-tested: Future kbo-game releases with different exports or argument contracts	2026-03-25 22:54:55 +09:00
Jeffrey (Dongkyu) Kim	346b68fd0e	Make repository capabilities scannable from the first screen ... The README previously listed skill package names without making the actual user-facing capabilities obvious, and several linked docs used local absolute paths instead of repository-relative links. This change reframes the entry point around tasks users can accomplish, adds real feature pages for each supported workflow, and connects the install and security docs to those pages with working relative links. Constraint: Keep the change documentation-only and avoid introducing new dependencies Rejected: Link directly to each SKILL.md | too implementation-centric for a README first impression Rejected: Keep one short README and defer detail to package names | does not make capabilities obvious enough Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep README organized by user-facing jobs rather than internal skill identifiers unless the product positioning changes Tested: Local markdown link validation across all .md files Not-tested: GitHub web rendering preview after push	2026-03-25 22:13:36 +09:00
Jeffrey (Dongkyu) Kim	ddafb1ec8d	Point the two train skills at the libraries that are actually proven in production ... The train skills no longer share a generic wrapper. SRT now documents the dedicated SRTrain surface, and KTX now documents korail2 directly, which makes the install path, imports, and reservation examples match the libraries the user explicitly validated. Constraint: SRT and KTX should stay separate skills with their own native library surfaces Rejected: Keep the shared koreantrain abstraction | it hides the real backend and weakens trust in the examples Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep future train-skill examples aligned with the concrete upstream library each skill depends on Tested: bash scripts/validate-skills.sh Tested: Import and signature inspection for SRTrain and korail2 from temporary installs Not-tested: Live login and booking against SRT and Korail services	2026-03-25 02:05:01 +09:00
Jeffrey (Dongkyu) Kim	fe704ac084	Keep the README minimal and move install guidance into its own doc ... The top-level page now acts as a short landing page instead of a long manual. Installation steps, agent copy-paste text, and package-runner fallback guidance live in a dedicated install document so first-time users can find them without bloating the README. Constraint: The README should stay extremely short while still pointing new users to the right next step Rejected: Keep detailed install prose in README | it makes the landing page noisy and harder to scan Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep README short; move future onboarding detail into focused docs unless it is essential at first glance Tested: Manual review of README and docs/install.md links Not-tested: Render verification on GitHub after push	2026-03-25 01:37:30 +09:00
Jeffrey (Dongkyu) Kim	363a739b18	Remove the account requirement from k-skill secret handling ... Credential-bearing skills now point to a shared cross-platform setup based on sops plus age instead of a hosted password manager. The repo also gains a default setup skill and a small verification script so users can bring one encrypted secrets file to every relevant skill. Constraint: The secret workflow must work on macOS, Linux, and Windows without mandatory vendor signup Rejected: Keep 1Password CLI as the default | it requires account creation and sign-in Rejected: Plaintext .env as the default | too easy to leak in a repo and too easy for tools to read at rest Confidence: high Scope-risk: moderate Reversibility: clean Directive: If a future skill needs stronger isolation than exec-env provides, expose a capability wrapper instead of injecting the raw secret Tested: bash scripts/validate-skills.sh Tested: npx --yes skills add . --list Tested: bash scripts/check-setup.sh (expected failure without sops/age installed) Not-tested: End-to-end sops encryption and exec-env flow on a machine with sops and age installed	2026-03-25 00:55:26 +09:00
Jeffrey (Dongkyu) Kim	dbc091d3d4	Frame k-skill as an installable Korean skills package ... The repo starts as a markdown-first multi-skill package with one shared security policy, one validation script, and lightweight install docs. This keeps v1 easy to publish and easy to review before any skill-specific automation grows deeper. Constraint: Skills must stay compatible with the skills CLI package layout Rejected: Add a repo-level manifest or build system | the package spec only requires per-skill SKILL.md Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep credential-bearing skills on 1Password CLI runtime injection, not plaintext env files Tested: bash scripts/validate-skills.sh Not-tested: Fresh-machine install via npx skills add	2026-03-25 00:16:11 +09:00