Use when creating a new skill, editing an existing skill, or verifying a skill works before deployment.
Read-only nomination brief for a named GitHub contributor on <upstream>. Aggregates GitHub activity across all contribution tracks plus maintainer-supplied off-GitHub signal, and…
Compile and build the SkyWalking BanyanDB project. Use when the user asks to compile, build, or generate code for this project.
Open one or more `<tracker>` tracking issues from a markdown file containing a batch of security findings (typically the output of an AI security review or a third-party scanner).
For a single `<issue-tracker>` issue identifying a code-level bug, extract the reporter's example code from the issue body, adapt it to run on the current `<default-branch>`,…
Commit + push the user's shared Claude config to the `~/.claude-config` private dotfile-style sync repo (per `secure-agent-setup.md` → Syncing user-scope config across machines).
Verify that the `apache-steward` framework is correctly integrated into the user's adopter tracker repository — `.apache-steward/` directory at the tracker root, the framework…
Walk a security team member through allocating a CVE for an <tracker> tracking issue. Prints the ASF Vulnogram allocation URL and a CVE-ready title (the issue title stripped of…
Walk an adopter through promoting a local `.apache-steward-overrides/<skill>.md` file into a PR against `apache/airflow-steward`.
Scan <security-list> for reports that have not yet been copied into <tracker> as tracking issues, present the proposed imports to the user, and — defaulting to *import unless the…
Generate a CVE 5.x JSON document from an <tracker> tracking issue, ready to paste into the Vulnogram `#source` tab of the ASF CVE tool at…
Read-only dashboard over a directory of `verdict.json` files produced by `issue-reassess` campaigns. Surfaces a health rating, classification distribution, partial-fix surfaces,…
Diagnoses Kafka consumer group lag using the Kafka AdminClient API and JMX metrics exposed via the Confluent Metrics API.
Walk a security team member through allocating a CVE for an <tracker> tracking issue. Prints the ASF Vulnogram allocation URL and a CVE-ready title (the issue title stripped of…
Draft a teaching-register comment on a single GitHub issue or PR thread on the configured `<upstream>` repo (default: read from `<project-config>/project.md → upstream_repo`),…
Processes real-time event streams using KafkaJS consumer groups and transforms messages with configurable schemas.
Sweep a configured pool of resolved or end-of-life `<issue-tracker>` issues and re-assess each against the current `<default-branch>`.
Close an `<tracker>` tracking issue as invalid: apply the `invalid` label, remove the scope label, post a short closing comment, archive the item from the project board, and — for…
For each open `<tracker>` issue carrying the `needs triage` label, read body + comments and classify the candidate disposition into one of five classes: VALID / DEFENSE-IN-DEPTH /…
For a single triaged `<issue-tracker>` issue confirmed as a bug or feature, draft a fix against `<upstream>` on `<default-branch>`.
Produce maintainer-facing statistics about open pull requests on the configured `<upstream>` repo (default: read from `<project-config>/project.md → upstream_repo`).
Synchronize a security issue in <tracker> with the state of its GitHub discussion, the <security-list> mailing thread, and any <upstream> PRs that fix it.
Attempt to fix a security issue tracked in <tracker> by implementing the change in a public <upstream> PR.
Open a tracking issue in <tracker> for a security-relevant fix that has already been opened (or merged) as a public PR in <upstream>, in the case where there is no inbound…
Print a human-readable index of every skill in this repository, grouped by family prefix (`pr-management`, `security`, `setup`, …) with each skill's name and the first sentence of…
Guide an adopter through the first-time install of the framework's secure agent setup — pinned system tools (`bubblewrap`, `socat`, `claude-code`), the project-scope…
Surface drift between the user's installed secure agent setup and the framework's latest. Reports framework-checkout updates (`git pull` on `airflow-steward`), pinned-tool upgrade…
Merge two <tracker> tracking issues that describe the same root-cause vulnerability (typically discovered independently by two reporters, arriving via different channels),…
Walk the verification checklist documented in `secure-agent-setup.md` and report ✓ done / ✗ missing / ⚠ partial for each piece of the secure agent setup — project + user-scope…
Adopt and maintain the apache-steward framework in a project repo using the snapshot-based adoption mechanism.